How is sn_disco_certmgmt_certificate_extension (Certificate Extensions) supposed to be populated?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2024 01:49 PM
We are running Certificate Inventory and Management v.3.3.0. We are running Certificate discovery schedules against DigiCert (external CA) and Microsoft (internal CA). We can see that DigiCert discovery appears to be populating rows in the Certificate Extensions table, but cannot figure out why our Microsoft discovery is not.
Processing "New Certificate Tasks" appears to be populating them for Microsoft, but why would the discovery not?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2024 12:03 AM
Hi @Steve Gyure ,
Discovery related issues are always hard debug, you might want to check these in your case:
1. Verify Discovery Schedule Configuration
Ensure the discovery schedules for the Microsoft CA are correctly configured, including the appropriate discovery patterns.
2. Check for Errors in Discovery Logs
Examine the logs for errors or warnings that might indicate why the Microsoft discovery is not populating the Certificate Extensions table.
3. Compare DigiCert and Microsoft Discovery Patterns
Review and compare the discovery patterns used for DigiCert and Microsoft to identify any discrepancies.
4. Verify Certificate Extensions Table Configuration
Confirm that the Certificate Extensions table is set up to accept data from both DigiCert and Microsoft discoveries.
5. Ensure Correct Processing of New Certificate Tasks
Check the process flow for "New Certificate Tasks" and ensure it aligns with the discovery process, especially for Microsoft certificates.
6. Review Permissions and Access Controls
Ensure the discovery process has the necessary permissions to populate the Certificate Extensions table.
Thanks,
Hope this helps.
If my response proves helpful please mark it helpful and accept it as solution to close this thread.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-08-2024 07:11 AM
Hi Hrishabh,
I had also opened a case with SN concerning this and they have acknowledged that the Microsoft CA discovery does not populate the extensions table. Unfortunately, their proposed solution simply indicated that it was functioning as designed and my concern would be a good suggestion for the Idea Portal. I went ahead with submitting an Idea Portal suggestion, but also continued to push on Support to fix the issue. Because of this "design issue", other portions of the Certificate Inventory and Management plugin actually fail for Microsoft certificates. So, I am continuing to push on that front to get them to fix it.
Thanks,
Steve
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2024 07:49 AM
Hi Steve,
Was there any support from ServiceNow HI team to populate certificate extension table for Microsoft CA discovery? I am facing similar issue.
Regards,
Soudamini.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-06-2025 07:52 PM
We have raised a Case with ServiceNow and they have confirmed that they don't support Renewal of certificates that are discovered through Microsoft CA discovery at this point . Though Renewal works for the certificates which are issued using Request New certificate catalog.