- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-26-2022 06:51 AM
I have followed a variety of guides and knowledge articles and have created lots of different .jks and .keystore files. However, I always receive the below error when a attempting to create a JWT Key based off of the certificate that I upload.
The end goal is to authenticate via JWT to another system. This guide indicates that should be possible. Set up OAuth provider with JWT Bearer grant type | ServiceNow Docs
This KB shows it is as easy as just creating a generic keystore file but I need to incorporate the third party RSA key: oAuth JWT Bearer Grant Type Integration Setup - Support and Troubleshooting (servicenow.com)
I was provided an RSA private key by the other system and have to jump through hoops with openssl and keytool to incorporate the RSA key I was provided into the keystore/jks file. I am nearly certain that the hoops I am jumping through have something to do with the error I am seeing in ServiceNow on JWT Key creation.
The general method I am following is:
1. Create keystore file to be overwritten:
keytool -keystore lmskeystore.keystore -genkey -alias lmsalias -keyalg RSA
2. Generate a public certificate from the key you have:
openssl req -new -x509 -key lmsKey.pem -out publicCert.cer -days 365
3. Generate a pkcs12 key from the public and private certs
openssl pkcs12 -export -out publicprivate.p12 -inkey lmsKey.pem -in publicCert.cer
4. Import the pkcs12 certificate into the dumby keystore file from step 1
keytool -importkeystore -deststorepass <keystorepass> -destkeystore lmskeystore.keystore -srckeystore publicprivate.p12 -srcstoretype PKCS12 -srcstorepass <p12pass>
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-01-2022 11:56 AM
I fixed it by generating my jks file using the 3 commands listed in this blog post: Running a GitHub bot from SN (servicenow.com)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-26-2022 02:30 PM
I disabled all the validation business rules on the JWT Provider table and I'm trying to force it to work currently. I plan to update this depending on how it goes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-01-2022 11:56 AM
I fixed it by generating my jks file using the 3 commands listed in this blog post: Running a GitHub bot from SN (servicenow.com)