The CreatorCon Call for Content is officially open! Get started here.

Creating a Certificate Signing Request (CSR) to integrate with another application

Go to solution
derekifdsgroup
Giga Contributor

‎10-17-2017 01:37 PM

My understanding is when creating a CSR, it will have to be created on the server that the certificate will be used on.
I looked at ServiceNow's documentation on creating a CSR and it says to do so in a command line interface.
I'm unable to find the command line interface on my ServiceNow instance.

Where on my ServiceNow instance can I create the CSR? Or can the CSR be created on my local machine?

Labels:
0 Helpfuls
  • 6,713 Views
1 ACCEPTED SOLUTION

Go to solution
derekifdsgroup
Giga Contributor

‎10-19-2017 11:40 AM

I have spoken to a representative on the HI Portal.


The keystore should be generated on your local, along with the CSR.


Once the certificate is received and imported into the keystore, the keystore can then be uploaded into your ServiceNow instance with the option Certificates on the side menu. The type of record to be created would be Java Key Store, if you used the keytool that the ServiceNow document site mentioned.



Edit: After being provided the certificate, It also has to be uploaded as a trusted certificate on ServiceNow to be used as a mutual authentication.


View solution in original post

0 Helpfuls
7 REPLIES 7

Go to solution
Dave Smith1
ServiceNow Employee
ServiceNow Employee
In response to derekifdsgroup

‎10-19-2017 10:13 AM 

Does ServiceNow provide its clients Linux admin to their instances?

No. The datacentres are maintained by SN staff; generally you'll get access to your instance through the web front-end, but underlying shell access isn't permitted (AFAIK).


That is why I'm not sure if the CRT has to be requested through the HI portal or I'm able to generate it myself on my local and upload it to my ServiceNow instance.

The latter is an option - hence asking if you had any Linux boxes in your infrastructure or know of an admin that could do it.   I've generated keys quite frequently; any Linux nerd will be able to dash off a few lines pretty quickly.


I do not have the CA cert. Is that not provided after submitting the CRT to the server that I want my ServiceNow instance to connect to?

No. The Certifying Authority need to certify your keys.   If you look back at the documentation you linked to, you'll see that step 3 uses Thawte as a CA - you generate a CSR, they verify and sign it, then you'll be good to go.   If you do a self-signed cert, browsers will pop that ominous warning triangle claiming it's untrusted (not been signed by a verified signatory).



- that's my understanding, based on getting HTTPS and FTP-ES connections working to my servers (SSH/SFTP keys don't need third-party verification).   I'll happily admit I've never done it under SN, so don't know the full process myself.


0 Helpfuls

Go to solution
sayalimore
Kilo Expert
In response to Dave Smith1

‎11-28-2017 03:38 AM

Hi Dave,



Im also generating a self signed certificate.


For Dev & Test environment i have self signed the certificate.


But I have query here, for production who needs to sign the certificate?


Who will be the CA?


Any help will be appreciated


Thanks in advance


0 Helpfuls

Go to solution
derekifdsgroup
Giga Contributor

‎10-19-2017 11:40 AM

I have spoken to a representative on the HI Portal.


The keystore should be generated on your local, along with the CSR.


Once the certificate is received and imported into the keystore, the keystore can then be uploaded into your ServiceNow instance with the option Certificates on the side menu. The type of record to be created would be Java Key Store, if you used the keytool that the ServiceNow document site mentioned.



Edit: After being provided the certificate, It also has to be uploaded as a trusted certificate on ServiceNow to be used as a mutual authentication.


0 Helpfuls