Cloud Native Certificate Management with cert-manager and ServiceNow Certificate Management

ServiceNow Certificate Management allows customers to effectively manage X.509 certificates by providing workflows powered by the ServiceNow data platform. ServiceNow Discovery solution can discover the certificates deployed in the infrastructure and builds dependency relationships with the discovered configuration items.

 cert-manager is the CNCF-approved Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources, for cloud-native Kubernetes or OpenShift environments. Cert-manager will continuously ensure that certificates are valid and up-to-date, and attempt to renew certificates appropriately before expiry.

With Aug 2023 store release, the ITOM product team shipped a brand new workspace experience for PKI teams and introduced the new cert-manager – ServiceNow integration.  You can upgrade the store application to get the latest features. Customers will be able to get comprehensive visibility to deployed Kubernetes estate and will be able to provide end-to-end certificate management powered by cert-manager.

Download the docker recipe and build a docker image. Deploy the docker image to k8s cluster. Certificate Request can be submitted to external issuers by creating a cert-manager Certificate object with issuerRef name as "clusterissuer-servicenow" and issuerRef group as "servicenow-issuer.servicenow.com".

Sample certificate file is available in ~/sn-external-issuer-kubernetes-yaml/samples/certificate_clusterissuer.yaml

Routing policy in ServiceNow certificate management will decide how to route the certificate request and will interact with the nominated certificate authority to fulfill the certificate request/renew operations. Once the workflow completes the job, cert manager will download the certificate from ServiceNow and will create a certificate object and Kubernetes secret.

Integrating ServiceNow with the cert-manager allows the PKI team to democratize the cert request fulfillment flows and get comprehensive visibility with change control process flows to the deployed k8s estate with certificates.