Use case:
The procedure for managing the life cycle of certificates within the ServiceNow ecosystem. Understanding and advancing in certificate life cycle management.
Solution:
In the context of CMDB CI, Certificate Management plays a crucial role in the business environment. The management of the certificate life cycle outlines the processes for purchasing, revoking, discovering, and maintaining the end-of-life status of each business certificate.
To enable Certificate Management in ServiceNow, it is necessary to activate the following plugin: Certificate Inventory Management (sn_disco_certmgmt).
After activating the plugin, the following components will be enabled in the system:
1. Certificate Management > Under 'Workspace' Menu.
2. Access the portal (SP (Service Portal) or ESC (Employee Center)).
Once verified and successfully activated, it is essential to comprehend the End-to-End architecture. In the architecture below, I have included two systems: a. Microsoft b. DigiCert.
Microsoft - This system does not have a connector. You should utilize the out-of-the-box (OOB) capabilities to develop the solution.
DigiCert - A connector is available; you can install it and proceed with a plug-and-play approach.
In the architecture diagram below, the initial step involves initiating the request, renewal, and revocation actions from the ServiceNow portal. For the Microsoft system, a custom solution should be developed using IntegrationHub and PowerShell scripts to integrate Microsoft and execute the request, renewal, and revocation operations. The DigiCert connector can simply be purchased from the ServiceNow Store and installed. Once installation is complete, you must configure the 'API Key' from ServiceNow, which will establish a connection between ServiceNow and DigiCert.
When you perform the aforementioned activity phase-1, it supports the request, revocation, and renewal activities. Subsequently, we must populate the certificate details into the ServiceNow CMDB tables. To accomplish this task, it is necessary to enable Certificate Discovery within the instance. The following steps are required to enable Certificate Discovery.
Step-1: Install the Mid Server, which serves as a connection between ServiceNow and the Microsoft or DigiCert System.
Step-2: Configure Certificate Discovery in ServiceNow. To do this, navigate to the left menu > type 'Discovery Schedule' > Click 'New'
You select the Certificate Discovery type in the configuration.
a. URL‑based discovery - “Go to this URL or IP, perform a TLS handshake, and record the certificate that the server presents.”
b. CA Trust discovery - “Scan this machine or device and list all certificates it trusts or stores.”
Once it has been successfully configured within the discovery schedules, it will execute according to the time set in the schedule. After the discovery process is complete, you should verify the 'cmdb_ci_certificate' table. This table will present the pertinent certificates resulting from the discovery.
Regards,
Suresh.
