JWT and TLS/SSL certificates

,

Hi All,

Am new to JWT. As per the documentation, to generate JWT token with HSA algorithms, X.509 certificates to be used. X.509 certificates are used for TLS as well. Could we use the TLS X.509 certificates for JWT generation and verification. Apologies if the question is too basic.

Thanks,
Kalpana

Hi, could anybody please help

On your tenant, the certificates used for browser TLS and JWT signing are separate–it’s not possible to use the same certificate for both (and in general you wouldn’t want to). You can see your public key for JWT verification at:

https://tenant.region.auth0.com/.well-known/jwks.json

The “x5c” value is an X.509 certificate, and the public key contained therein is used for verifying JWTs.