Using my own certificate to generate JWT?

We have a Keycloak server setup to generate JWT Token to authenticate with an app. Tested the tokens generated on jwt.io and they look OK. However our target system isn’t happy, requiring a signature length of 512 instead of 256. We are using RS256.

I did a test with a “homegrown” JWT using RS256 with keys I generated with ssh-keygen and it worked like a charm. The generation sequence was:

ssh-keygen -t rsa -b 4096 -m PEM -f private.key
openssl rsa -in private.key -pubout -outform PEM -out public.key.pub

My question:

  • should I provide my own keys - how?
  • can I configure the automatic key generation to use a longer signature?

Under Realm Settings You find a tab named keys. You can configure Keys there. and You can then swith to tokens tab and can select the desired key for signing. this screenshot is with version 9

1 Like

Perfect, thank you very much!