Certificate Inventory Management - Microsoft CA revocation

Rashid8 · ‎09-15-2023

Hi,

I am implementing certificate inventory management using the automated request flows. We have a couple of routing policies that route to the Microsoft CA and I have managed to get the request and renewal flow to work. However, I have run into some problems trying to revoke certificates. The created revoke certificate task is missing value in certificate id field:

I found the following snippets of information in the ServiceNow docs:

"If CA approves the certificate request, Order id and Certificate Id are fetched for the newly requested certificate. If CA does not approve, only the Order Id is fetched."

"Certificates cannot be revoked if Certificate Authority or Certificate Id details are missing in the Certificate Extension [sn_disco_certmgmt_certificate_extension] table."

Looking in the sn_disco_certmgmt_certificate_extension table, I can see that all of the requested certificates are missing Certificate id.

I have talked to the internal team that handles the windows servers configuration, ADCS included. The service account used to request/renew/revoke certificates should have all the authorization required so I am not sure why the Certificate id is not getting populated.

Have anyone run in to this issue before or has an idea what the issue could be?

Kind Regards,
Rashid

Rashid8 · ‎09-18-2023

Closing this post because I found the issue, was not related to certificate id. Think it's misleading that ServiceNow docs writes "Certificates cannot be revoked if Certificate Authority or Certificate Id details are missing in the Certificate Extension [sn_disco_certmgmt_certificate_extension] table." This is not true, at least in the case of Microsoft CA

View solution in original post

Rashid8 · ‎09-18-2023

Closing this post because I found the issue, was not related to certificate id. Think it's misleading that ServiceNow docs writes "Certificates cannot be revoked if Certificate Authority or Certificate Id details are missing in the Certificate Extension [sn_disco_certmgmt_certificate_extension] table." This is not true, at least in the case of Microsoft CA

mvarshney9 · ‎10-21-2023

Hi Rashid,

I am having a similar issue with entrust certificates, would you please share what was the issue and how to fixed / correct it ?

Sanaya1 · ‎03-06-2025

Hello @Rashid8 & @mvarshney9

I am trying to renew the Microsoft certificate and getting the error :

"Certificate cannot be renewed as Certificate Authority and Order id or thumbprint details are missing for the certificate in the Certificate Extension (sn_disco_certmgmt_certificate_extension) table. Discover the certificate via CA discovery to populate the required details in the Certificate Extension table. After discovery, select the routing policy and approve the task."

The thing here is that for all the discovered certificates extension table is not getting populated. Could you help me to know how you got this table updated or were able to fix this issue?

Any help will be highly appreciated.

Warm Regards

Santvana Vaid