Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Dat Thanh Diep (DatThanhDiep)
CIBC

CIBC
CA
DatThanhDiep Member since 2016 19 posts
CIBC
Posted: Sep 5, 2021
Last activity: Sep 5, 2021
Posted: 5 Sep 2021 1:46 EDT
Last activity: 5 Sep 2021 2:04 EDT
Closed

How to generate truststore.jks from keystore.jks for pxProcessJWT

Hi Team,

I am doing some work around processing JWT token in Pega. In my test app, I create a keystore.jks and use it to generate an JWT token by calling pxGenerateJWT. Then I call pxProcessJWT to process the token with my truststore.jks (generated by the keystore.jks). However, I got this error in the log:

Show More

Hi Team,

I am doing some work around processing JWT token in Pega. In my test app, I create a keystore.jks and use it to generate an JWT token by calling pxGenerateJWT. Then I call pxProcessJWT to process the token with my truststore.jks (generated by the keystore.jks). However, I got this error in the log:

2021-09-05 01:43:11,634 [http-nio-8080-exec-4] [  STANDARD] [                    ] [    TestApp:01.01.01] (ta_Admin_Security_Token.Action) ERROR localhost| Proprietary information hidden diepd - Unable to process the Json Web Token 
com.pega.pegarules.pub.PRRuntimeException: Unable to retrieve JWK public key 
	at com.pega.platform.securitycore.internal.jwt.JWTSignatureVerifier.getJWSKeySelectorFromPubKey(JWTSignatureVerifier.java:280) ~[security-core.jar:?] 
	at com.pega.platform.securitycore.internal.jwt.JWTSignatureVerifier.getJWSKeySelector(JWTSignatureVerifier.java:211) ~[security-core.jar:?] 
	at com.pega.platform.securitycore.internal.jwt.JWTSignatureVerifier.validateSignature(JWTSignatureVerifier.java:191) ~[security-core.jar:?] 
	at com.pega.platform.securitycore.internal.jwt.JWTProcessorImpl.processGeneratedJsonWebToken(JWTProcessorImpl.java:172) ~[security-core.jar:?] 
	at com.pega.pegarules.integration.engine.internal.security.jwt.JWTUtilsImpl.processJSONWebToken(JWTUtilsImpl.java:244) ~[printegrint.jar:?] 
	at com.pegarules.generated.activity.ra_action_pxprocessjwt_99e447b231b02066bcf63faa704cca68.step3_circum0(ra_action_pxprocessjwt_99e447b231b02066bcf63faa704cca68.java:378) ~[?:?] 
	at com.pegarules.generated.activity.ra_action_pxprocessjwt_99e447b231b02066bcf63faa704cca68.perform(ra_action_pxprocessjwt_99e447b231b02066bcf63faa704cca68.java:114) ~[?:?] 

If I use keystore.jks directly when calling pxProcessJWT, everything is ok. So I guess my issue is about the way I generate my truststore.jks. Could you tell me how to generate a truststore.jks from keystore.jks (or from a certification.crt file) ?

This is how I generate my truststore.jks from keystore.jks.:

1/ keytool -export -alias dattest -file dattest.der -keystore keystore.jks  

2/ openssl x509 -inform der -in dattest.der -out dattest.pem     

3/ keytool -importcert -file dattest.pem -keystore truststore.jks -alias dattest  

Thank you,

Dat

Show Less
To see attachments, please log in.
Pega Platform 8.5.1
Security

  • Mukesh Agrawal

Related content:

Question

keystore.jks and truststore.jks for Pega Deployment Manager 5.4

Question Solved

Creating the Truststore and JKS Keystore or Create the keystore and generate a certificate

Question

Are Keystore rules for pxProcessJWT and pxGenerateJWT must be the same?

Question

How to use Keystore, truststore without mention in connect-rest rule? how to create truststore in pega?

Question

Can I use a jks file to support BYOK and store the jks file in the cloud or as a keystore rule?

Discussion

How to create a WS-Security Profile using Signature and Keystore JKS ? (Explained)

Question

Connect FTP with KeyStore/truststore

Question Solved

How to use Keystore (Truststore) in the Connect REST wizard

Question

WebSphere container level keystores and truststores

Question Solved

How to Extract Certificates from JKS Files Using Keytool Commands

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice