Token certificates are used for signing and validating tokens. The certificates essentially a key pair comprised of a private key and root certificate: the private.key
is used to sign access tokens and the root.crt
is the matching public key, used to verify the token's signatures.
The JFrog Platform enables users to use token certificates, also called custom certificate keys. This section details how to create custom token certificates, and how to load them via bootstrapping files.
Prerequisites
The custom token certificate must meet the following prerequisites.
The certificate must match the provided private key.
The certificate must be valid for the next 7 days at least.