Appendix C: Extract a public key from a JWS certificate

The JWS certificates of other DFSPs or the Hub downloaded from Connection Wizard are certificate chains, the public keys have to be extracted.

This section provides instructions about how to extract the public key from a DFSP’s or the Hub’s JWS certificate using the KeyStore Explorer tool.

Perform the following steps:

  1. Open a keystore.

  2. Import the other DFSP’s or the Hub’s JWS certificate using the Tools > Import Trusted Certificate menu. The Trusted Certificate Entry Alias window pops up.
    keystore explorer import trusted certificate

  3. Leave the alias value as is. Click OK.
    keystore explorer trusted certificate entry alias

  4. In KeyStore Explorer, right-click the certificate.

  5. Select Export > Export Public Key. The Export Public Key as OpenSSL window pops up.
    keystore explorer export public key

  6. Ensure that the PEM checkbox is selected.
    keystore explorer export public key popup

  7. Specify where you want to download the public key. The name of the key must remain the fspId name of the other DFSP as previously assigned by the Hub. Ensure that the file extension is .pem.

  8. Click Export. You have successfully exported the public key.
    keystore explorer export certificate successful