AnsweredAssumed Answered

JWT x5t Header Thumbprint generation

Question asked by conpa05 Employee on Dec 5, 2018
Latest reply on Dec 6, 2018 by Stephen_Hughes

I'm looking for a way to generate the x5t thumbprint that is part of the JWT header set.


=> The "x5t" (x.509 certificate thumbprint) header parameter provides a base64url encoded SHA-256 thumbprint (a.k.a. digest) of the DER encoding of an X.509 certificate that can be used to match a certificate.


The manual process I'm using is

- Use OpenSSL to convert a PKCS12 key to DER formatted cert.

- Use OpenSSL to generate the fingerprint

- Use a bash script to base64url encode it


Any thoughts on how this could be automated in Policy Manager?