The steps below are for generating a JWT from a ServiceNow instance. You need a computer on which you have admin rights in order to generate the JKS file. The steps below describe doing this on a Windows computer.
The below steps on done on a local computer
- Download OpenSSL for Windows https://slproweb.com/products/Win32OpenSSL.html
- Download Java SDK https://www.oracle.com/java/technologies/downloads/#java21
- Open up a command shell as Administrator
- Generate the X.509 keypair https://docs.servicenow.com/bundle/tokyo-application-development/page/administer/integrationhub-store-spokes/task/configure-jwt-authentication.html
- Generate a Java KeyStore file https://docs.servicenow.com/bundle/tokyo-application-development/page/administer/integrationhub-store-spokes/task/generate-a-java-keystore-file.html
The below steps are done in ServiceNow
- Upload the Java KeyStore certificate to ServiceNow instance https://docs.servicenow.com/bundle/tokyo-application-development/page/administer/integrationhub-store-spokes/task/upload-java-keystore-certificate-to-servicenow-instance.html
- Setup JWT Key and Provider (Step 5 of this blog post) https://developer.servicenow.com/blog.do?p=/post/jwt-github/
- Generate the token using a script (Step 6 of this blog post) https://developer.servicenow.com/blog.do?p=/post/jwt-github/
//from https://developer.servicenow.com/blog.do?p=/post/jwt-github/ with some slight modifications
var jwtAPI = new sn_auth.GlideJWTAPI();
var headerJSON = { typ: "JWT", alg: "RSA256"};
var header = JSON.stringify(headerJSON);
var gdt = new GlideDateTime();
gdt.addSeconds(6000);
//iss in line below needs to be changed if app id changes
var payloadJSON = { "iat": gs.now(), "iss": 'test', "exp": gdt };
var payload = JSON.stringify(payloadJSON);
//put the sys_id of the JWT provider below
var jwtProviderSysId = "REPLACEWITHSYS_IDOFPROVIDER";
var jwt = jwtAPI.generateJWT(jwtProviderSysId, header, payload);
gs.info("JWT:" + jwt);