AmarnathC.36888 (Customer) asked a question.
Generate Authorization server key with x5c
Hi Team,
I would like to see how we can generate a new JWKS key for Authorization server which contains x5c public certificate details as my resource server needs the x509 public cert to validate the access token, since there is no x5c in Auth server keys, I am not able to share it with my resource server team.
Can anyone help me how to create a new auth server or update existing auth server with a key that should have x5c in it ?
Thanks,
Amar
Hi Amarnath,
You can generate the public certificate from the modulus and exponent values that are available on the /keys endpoint of the authorization server used. The JWT verifier library used should do this automatically, however, if not, you can use the example available here to create your own method.
Dragos Gaftoneanu
Developer Support Engineer
Okta Global Customer Care
@dragos.gaftoneanu1.5193128389903699E12 (Okta, Inc.) You are referring to "generating an RSA Public key", which is not same as the X509 certificate. I am looking for a method to generate the X509 certificate from the Okta key, and I noticed it is only possible if the x5c param is populated on the JWKS keys json.
-----BEGIN PUBLIC KEY----- (format of RSA Public key)
-----BEGIN PUBLIC CERTIFICATE----- (format of RSA Public certifcate in X509 format)
were you able to figure out solution for this? I do have same need to create an authorization server with x5c in keys.
No, I couldn't find any feature in Okta to download the x5c from the auth server as per their documentation, i had to do a customization which works with RSA Public key.
Amar, Thank you very much! Did you customize your resource server or you did some customization in okta? unfortunately my resource server doesn't allow any customization.
I did customization on resource server.