Expiring codesigning certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2023 08:13 AM
Greetings everyone. I have a problem that I cannot seem to find a solution for. I have a certificate (code_signing_key_rome_publiccodedesignver) that is expiring soon. We are on San Diego and there is a code_signing_key for SanDiego as well. I am not sure I need to renew the Rome cert. Also, there is no renewal option and it is expiring in both my prod and dev environments. Do I just request a new cert or will it auto renew. I have searched through the community and the docs and can't seem to find anyting on the code signing certs. Theres plenty of info on SSO, LDAP, etc, but nothing about renewing of this certificate. Can anyone assist me with learning this?
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2023 08:01 AM
I'm getting alerted of the same thing. If no one here knows, I might have to open up a support ticket to ask.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2023 06:30 AM
We have the same scenario. Anyone get an official answer yet?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2023 07:24 AM
Not yet but I did open a support case just now. I'll post when I find out something.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2023 07:52 AM
Below is the response I got back from the ServiceNow Technical Support Engineer. Based on this, I'm just going to disable the notification option on this mentioned certificate so that we don't continue to get notified.
Hello Chris ,
We are placing this issue in Solution Proposed.
Reason: The information provided below should answer the questions presented in this case.
Issue: ServiceNow X.509 Certificate is about to expire
Solution Proposed:
Please be assured the x.509 email is just an awareness notification and the renewal of the SSL certificate is automated by our development team.
This certificate is used in the Key Management Framework (KMF) code signing feature if com.snc.kmf.signature.validation.flag is set to true in the instance:
Some FAQs regarding this certificate and code signing:
1) Why is the 'code_signing_key_rome_publiccodesignver' certificate notification not important and can be ignored?
The "com.snc.kmf.signature.validation.flag" property is marked as false in the instances mentioned, therefore the business has not opted in to use the functionality.
2) Why did this notification appear if the business does not use this functionality?
The notification comes from backend logic that applies to all certificates on the instance, whether it is enabled or disabled.
3) How & when would the certificates be renewed if applicable?
The certificates are related to the release, therefore, with each upgrade a new certificate is generated & directly correlates with the version of the instance. For example, if you decides to upgrade to Vancouver, the instance will receive a Vancouver certificate.
4) What is code signing functionality exactly?
This can be explained in :
In summary, You don't need to take any action at this time. The certificate renewal is handled by ServiceNow internally with each version release. Please ignore this expiry notification for it will not impact code signing or validation of signatures.
Next Steps:
Moving your case to Solution Proposed state and Feel free to accept to move this case to the closed state.
