πŸ” Set Up Mutual Authentication for ServiceNow Instance-to-Instance Integrations Using REST Messages

Venkat Damodara
ServiceNow Employee
ServiceNow Employee
β€Ž07-24-2025 11:31 PM

🧭 Overview

In secure enterprise environments, mutual TLS authentication is essential for trusted communication between systems. This guide walks through configuring mutual authentication between two ServiceNow instances using REST Messages, ensuring both client and server validate each other’s identity.

πŸ› οΈ Step-by-Step Setup

 

1. πŸ”‘ Generate a Keystore (JKS)

keytool -genkeypair -dname "cn=<instance>.service-now.com, ou=<OU>, o=<Org>, c=<Country>" \
-alias <instance> -keyalg rsa -keypass '<Password>' -keystore <Keystore>.jks -storepass '<StorePassword>'

 

2. πŸ“„ Generate a Certificate Signing Request (CSR)

keytool -certreq -alias <instance>.service-now.com -keystore <Keystore>.jks -file <Cert>.csr
Submit the CSR to your internal CA or ServiceNow’s certificate request catalog to obtain a full-chain PEM certificate.

3. πŸ” Extract Private Key and Create PKCS12 Certificate

openssl pkcs12 -export -in <fullchain.pem> -inkey <privatekey.pem> -out <cert>.p12 -passout pass:<Password>

4. πŸ”„ Configure Mutual Authentication in ServiceNow

4.A. πŸ–₯️ Server-Side Configuration

1. Enable Certificate-Based Authentication

  • Install the com.glide.auth.mutual plugin.
  • Navigate to Certificate Based Authentication > Properties.
  • Enable certificate-based authentication.

2. Upload CA Certificates

  • Go to CA Certificate Chain and upload:
    • Root CA (e.g., ServiceNowRootCA-G2.pem)
    • Intermediate CA (e.g., ServiceNow Issuing CA - L1A.pem)
    • Instance certificate (e.g., <instance>.service-now.com.pem)

3. Map Certificates to Users

  • Navigate to Users to Certificates Mapping.
  • Upload the instance certificate and map it to a ServiceNow user.

4.B. 🌐 Client-Side Configuration

1. Upload PKCS12 Certificate

  • Navigate to System Definition > Certificates.
  • Upload the .p12 file and provide the keystore password.

2. Create Protocol Profile

  • Go to System Security > Protocol Profiles.
  • Create a new profile and associate it with the uploaded certificate.

5. πŸ” Test the Integration

5.1. βœ… Using REST Message in ServiceNow

  1. Navigate to System Web Services > Outbound > REST Message.
  2. Create a new REST Message and add the API endpoint.
  3. Under HTTP Methods:
    • Set Authentication Type to No Authentication.
    • Enable Use Mutual Authentication.
    • Select the created Protocol Profile.
  4. Test the message and verify a 200 OK response.

5.2. πŸ§ͺ Using Postman

  1. Add the .p12 file under Settings > Certificates.
  2. Disable SSL verification for self-signed certs.
  3. Send a GET request to the target instance and verify the response.

βœ… Final Thoughts

Mutual authentication ensures secure, trusted communication between ServiceNow instances. By following this guide, you can confidently set up and test mutual TLS using REST Messages, enhancing your integration security posture.

  • 656 Views
Popular Blog Posts