Certificate Inventory and Management on the ServiceNow Platform now connects directly with CyberArk Certificate Manager SaaS—turning certificate lifecycle management work into a self-service experience your teams want to use.
Expired certificates don't announce themselves. They take down a checkout page, break an API, or fail an audit usually at the worst possible moment and now when the renewal timelines are getting shorter to just 47 days this makes it even more difficult or an approaching nightmare in the PKI world. The fix has always existed in security consoles your application teams never open. So, the work stalls, the risk lingers, and the outage finds you first.
We built the integration between ServiceNow Certificate Inventory and Management and CyberArk Certificate Manager SaaS to close that gap. Security keeps its rigor. Everyone else gets a simple place to act.
Your teams request. CyberArk does the back-end lifting. ServiceNow keeps everyone in sync.
Here's what changes day to day.
Your people order certificates from the same self-service catalogue they already use for everything else. Request a new TLS/SSL certificate. Renew one that's aging out. Revoke one that shouldn't be live. No new tool to learn, no security interface to master—just a catalogue item and a form.
Behind that request, you choose how the certificate signing request gets created—generate it right inside ServiceNow, or hand it to CyberArk Certificate Manager SaaS, the path that provisions your TLS/SSL certificates. Once you pick the CSR method, the request flows through a secure, purpose-built engine that automatically applies the certificate routing policies you've set up for CyberArk Certificate Manager SaaS. That's what opens the door to a far wider set of certificate authorities—CyberArk's built-in CA plus the external CAs your organization already trusts. More reach than ServiceNow certificate management alone, and your teams get it without ever leaving ServiceNow.
One setup note: when you configure a certificate routing policy for CyberArk Certificate Manager SaaS, you'll select an issuing template—and it maps to the same template you've already configured on the CyberArk side. Set it once, keep both ends aligned.
From there the flow runs itself. The request moves from ServiceNow to CyberArk, where the CSR is generated and sent to the CA. The signed certificate returns to CyberArk, flows back into ServiceNow, and lands in your CMDB—tied to the right application, host, and owner, with a change request capturing every step.
How to get started-
1. Setup your CyberArk SaaS credentials.
2. Create and configure the routing policies for CyberArk Certificate Manager SaaS credentials.
3. While configuring routing policy, in the Issuing Template Alias field enter the value that you have selected in your CyberArk Certificate Manager SaaS setup.
4. Once the setup is completed, you can test it by requesting a certificate from the self-service catalogue in the employee centre.
Why this matters to you
Self-service that sticks. When requesting a certificate is as easy as ordering a laptop, people stop working around the process and start working through it. Adoption climbs because friction drops. Also once you have requested it, you can opt for automated renewal in ServiceNow Certificate Management.
Stronger security, fewer hands on keys. CyberArk handles the cryptographic work and CSR generation if CSR generation in Cyber-Ark option is selected. Private keys stay protected and out of end-user hands. Secure automation replaces the manual steps that used to create gaps.
More choice in certificate authorities. Provision TLS/SSL certificates across CyberArk's built-in CA and the external CAs you depend on—broader coverage than going it alone.
A single source of truth. Every certificate maps to its application and owner in the CMDB. Renewals flow through standard change workflows. When something nears expiration, it's not a buried alert—it's a tracked, owned, actionable record.
One pane of glass for the people who answer to auditors. Expiration calendars, audit trails, and ownership records live where your business already runs. Compliance stops being a fire drill.
The bigger picture
Machine identities are multiplying faster than any team can track by hand. The answer isn't another console—it's putting certificate management where work already happens, backed by an automation engine your security team's trust.
That's what this integration delivers. CyberArk Certificate Manager SaaS brings the secure execution. ServiceNow Certificate Inventory and Management brings the experience, the service context, and the workflows that connect every stakeholder. Together, they turn certificate sprawl into something your PKI team can see, own, and act on—before it becomes a problem.
Reactive certificate management was then. This is ServiceNow.
Link to the cyber-ark blog-> https://www.cyberark.com/resources/product-insights-blog/scaling-machine-identity-the-power-of-cyber...
