HomeProduct documentationGitHubCyberArk developer community

Verifying a Signature

Suggest Edits

To validate or verify a signature, download the public key from your CyberArk Identity tenant.

Getting the Public Key via the Admin Portal

To get the public key via the Admin Portal, first download the certificate file:

  1. Navigate to the Admin Portal.
  2. Navigate to Settings > Authentication > Signing Certificates.
  3. Click the box next to the certificate of interest in the list so that is has a checkmark beside it.
  4. Select download from the menu to download the certificate (.cer) file.

Extract the public key from the certificate obtained above using openssl as shown in the following example:

openssl x509 -in "downloads\Idaptive SHA256 Tenant Signing Certificate.cer" -pubkey -noout


-----BEGIN PUBLIC KEY-----
MIIDZXCVW ... ASDF8J1i
-----END PUBLIC KEY-----

Getting the Public Key Programmatically

To generate a public key programmatically, first invoke the /Core/GetCertificateInfos endpoint to get the list of certificates:

POST https://mytenant.idaptive.app/core/GetCertificateInfos?type=Application

The Results field in the response contains the list of certificates and the Thumbprint subfield in each element contains the certificate's ID:

{  
   "success":true,
   "Result":{  
      "IsAggregate":false,
      "Count":4,
      "Columns":[  
         {  
            "Name":"Thumbprint",
            "IsHidden":false,
            "DDName":null,
            "Title":"Thumbprint",
            "DDTitle":null,
            "Description":null,
            "Type":12,
            "Format":null,
            "Width":0,
            "TableKey":null,
            "ForeignKey":null,
            "TableName":null
         },
         ...
      ],
      "FullCount":4,
      "Results":[  
         {  
            "Entities":[  
               {  
                  "Type":"CertificateInfo",
                  "Key":"25CDD1...",
                  "IsForeignKey":false
               }
            ],
            "Row":{  
               "SignatureAlgorithm":"sha1RSA",
               "Subject":"CN=idp1234.idaptive.app, OU=dev, O=Idaptive, L=SC, S=CA, C=US",
               "Name":"idp1234.idaptive.app",
               "Issuer":"CN=idp1234.idaptive.app, OU=dev, O=Idaptive, L=SC, S=CA, C=US",
               "ValidTo":"\/Date(2043530478000)\/",
               "CustomerUploaded":true,
               "IsDefault":true,
               "Type":"Application",
               "Thumbprint":"25CDD1.."
            }
         }
         ...
      ],
      "ReturnID":""
   },
   "Message":null,
   "MessageID":null,
   "Exception":null,
   "ErrorID":null,
   "ErrorCode":null,
   "InnerExceptions":null
}

Invoke the /Core/DownloadCertificate endpoint passing the certificate ID from the previous call via the thumbprint query parameter:

GET https://mytenant.idaptive.app/core/DownloadCertificate?thumbprint=25CDD...&filename=idp1234.idaptive.app

The response contains the certificate information:

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
...
Date: Wed, 11 Apr 2018 16:45:58 GMT
Content-Length: 1220

-----BEGIN CERTIFICATE-----
MIIDZXCVW ... ASDF8J1i
-----END CERTIFICATE-----

Updated about 1 year ago