To visually verify RS256-signed tokens


On the Auth0 documentation page ‘Validate JSON Web Tokens’ (, it would have saved me a few hours of time if the instruction steps in the section ‘Verify RS256-signed tokens’ had been more clear.

The instructed download step of the certificate returns a cert.pem file (BEGIN/END CERTIFICATE). This needs to be turned into a pubkey.pem file (BEGIN/END PUBLIC KEY), before proceeding.

Command: openssl x509 -pubkey -noout -in cert.pem > pubkey.pem

1 Like

Hi @martin617,

Thanks for letting us know that the instructions in our documentation are unclear. I will pass this information back to our docs team.

Also, thank you for sharing the command that helped you convert the cert to a public key.

I would also add that you can get the public key from your tenant’s JWKS:

On that page, you can copy one of the objects in the keys array and include them in your public key signature. This should produce a verified signature.

I hope that helps!


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.