How is sn_disco_certmgmt_certificate_extension (Certificate Extensions) supposed to be populated?

Steve Gyure
Tera Contributor

We are running Certificate Inventory and Management v.3.3.0.  We are running Certificate discovery schedules against DigiCert (external CA) and Microsoft (internal CA).  We can see that DigiCert discovery appears to be populating rows in the Certificate Extensions table, but cannot figure out why our Microsoft discovery is not.

 

Processing "New Certificate Tasks" appears to be populating them for Microsoft, but why would the discovery not?

8 REPLIES 8

HrishabhKumar
Kilo Sage

Hi @Steve Gyure ,

Discovery related issues are always hard debug, you might want to check these in your case:

1. Verify Discovery Schedule Configuration

Ensure the discovery schedules for the Microsoft CA are correctly configured, including the appropriate discovery patterns.

2. Check for Errors in Discovery Logs

Examine the logs for errors or warnings that might indicate why the Microsoft discovery is not populating the Certificate Extensions table.

3. Compare DigiCert and Microsoft Discovery Patterns

Review and compare the discovery patterns used for DigiCert and Microsoft to identify any discrepancies.

4. Verify Certificate Extensions Table Configuration

Confirm that the Certificate Extensions table is set up to accept data from both DigiCert and Microsoft discoveries.

5. Ensure Correct Processing of New Certificate Tasks

Check the process flow for "New Certificate Tasks" and ensure it aligns with the discovery process, especially for Microsoft certificates.

6. Review Permissions and Access Controls

Ensure the discovery process has the necessary permissions to populate the Certificate Extensions table.

 

Thanks,

Hope this helps.

If my response proves helpful please mark it helpful and accept it as solution to close this thread.

Hi Hrishabh,

I had also opened a case with SN concerning this and they have acknowledged that the Microsoft CA discovery does not populate the extensions table.  Unfortunately, their proposed solution simply indicated that it was functioning as designed and my concern would be a good suggestion for the Idea Portal.  I went ahead with submitting an Idea Portal suggestion, but also continued to push on Support to fix the issue.  Because of this "design issue", other portions of the Certificate Inventory and Management plugin actually fail for Microsoft certificates.  So, I am continuing to push on that front to get them to fix it.

Thanks,

Steve

Hi Steve, 
Was there any support from ServiceNow HI team to populate certificate extension table for Microsoft CA discovery? I am facing similar issue.

Regards,

Soudamini.

We have raised a Case with ServiceNow and they have confirmed that they don't support Renewal of certificates that are discovered through Microsoft CA discovery at this point . Though Renewal works for the certificates which are issued using Request New certificate catalog.