X.509 certificate expiry/renewal

Dubz
Mega Sage

‎10-15-2018 05:40 AM

Hi All,

Our X.509 certificate for our integration with Azure AD expired yesterday which meant that noone could login until i had gone into the Azure portal, generated a new certificate, copied it and manually added it into ServiceNow. Is this standard procedure for integrations like this?

We have a number of other SaaS applications integrated with Azure for SSO and they never need the certificates to be manually renewed. The ServiceNow docs here seem to indicate that once the cert expires ServiceNow will go off and acquire a new one automatically. Has this integration just been set up wrong or does ServiceNow not operate in this way? Must i check back in 3 years to manually add a new certificate?

Cheers

Dave

Labels:
0 Helpfuls
  • 2,487 Views
2 REPLIES 2

Michael Fry1
Kilo Patron

‎10-15-2018 09:15 AM

Just went through the same thing and also had to load manually. Not sure about automatic download but would be nice. Luckily Servicenow support the loading of multiple certificates which means you can load the new one sooner, than later. You can open the certificate up and add users to be notified of expirying cert and how many days to warn. Then you can get it done sooner, than later:

 

find_real_file.png

Preview file
6 KB
Preview file
36 KB
0 Helpfuls

Dubz
Mega Sage
In response to Michael Fry1

‎10-16-2018 03:59 AM

Thanks for that Michael. Seems a bit odd that the docs say that ServiceNow will poll the idp for a new certificate. I'm going to dig a little deeper, there must be a way to automate it.