I’m looking to setup an integration between GitHub and Service Now and I can use OAuth2 using JWT Tokens, the steps to take can be found here.
There is a specific step that states:
Create a CA signed certificate using the GitHub App private key
From what I can understand this certificate is used in the process of signing the JWT tokens that are generated by Service Now and sent to GitHub for authentication. What I’m unsure of is if using a 3rd party CA Signed Certificate will have any benefit over a self-signed certificate?
I don’t see any benefit given the private key is initially generated by GitHub and I believe it uses that to ensure it’s been signed correctly from Service Now, not sure certificate revocation checks with a 3rd party CA would be part of that process.