I'm looking for a way to generate the x5t thumbprint that is part of the JWT header set.
=> The "x5t" (x.509 certificate thumbprint) header parameter provides a base64url encoded SHA-256 thumbprint (a.k.a. digest) of the DER encoding of an X.509 certificate that can be used to match a certificate.
The manual process I'm using is
- Use OpenSSL to convert a PKCS12 key to DER formatted cert.
- Use OpenSSL to generate the fingerprint
- Use a bash script to base64url encode it
Any thoughts on how this could be automated in Policy Manager?