- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2016 10:06 AM
Hi everybody.
I have some issue with decoding csr file content in ServiceNow.
CSR file content is for example
"
-----BEGIN CERTIFICATE REQUEST-----
MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w
HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v
Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV
IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr
WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J
cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl
4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH
Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D
6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn
-----END CERTIFICATE REQUEST-----
".
Is it possible to decode this content using some ServiceNow API to get some information about certificate?
Thanks for response.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2016 09:01 PM
The only way I'm aware of handling and Certificate Signing Request would be to use something like OpenSSL on a midserver. You could send the data down to the mid and return what you are trying to get out of it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2016 09:01 PM
The only way I'm aware of handling and Certificate Signing Request would be to use something like OpenSSL on a midserver. You could send the data down to the mid and return what you are trying to get out of it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2017 01:20 AM
Hi Michal,
I am also having the same requirements. Did you get any solution for your issue?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
This data is generated on a server in the infrastructure. I would always integrate the midserver in the process, like jace would do.
Option 1: Developer/Admins generate the csr and transfer it to a share. Flow/Subflow/Action instruct the midserver to look for new requests. If there is a new request the midserver can do a pre check (key size, no wildcard, etc.) and upload the request with additional information in clear text in a new request form. Then you got the attachment and all information you got.
The midserver is later also used to send the request to the ca, after approval.
Option 2: If a admin creates the request form and upload the attachment manually i would trigger the midserver client script to download the file and send the informational data back to the form.
ui policy should at the beginning hide all the fields and display them after midserver processing. The user should never fill out fields as the typed in data could differ from the real data in the request.
I always use powershell to do this. Dumping can be done via certutil -dump. The important fields like client, username and so on can be excerpt with select-string or something else.
You have to provide parameters all the time for the form sys id in order to find/upload/download the attachment.
