The CreatorCon Call for Content is officially open! Get started here.

Not all certificates are discovered for GoDaddy and DigiCert

thiyagu_j
ServiceNow Employee
ServiceNow Employee

on ‎10-05-2020 11:56 PM

Issues for CA trust Certificate discovery of Godaddy and Digicert in 1.1.7 version of Certificate Inventory And Management :

1. Godaddy certificate discovery discovers only 50 certificates.

      Solution: i.PRB(PRB1398225) which is captured and fixed on the same. It contains an updated set.

                   ii. Upgrade version from 1.1.7 to 1.2.2, the issue will get addressed and fixed the same.

2. Godaddy and Digicert are discovering only Issued Certificates.

     Note: In the 1.1.7 version of Certificate Inventory And Management discovers only Issued certificate. To discover other Certificate status upgrade to 1.2.2 of Certificate Inventory And Management.

3.How to upgrade 1.1.7 to 1.2.2

    Solution: Upgrade instance to Paris, will get the 1.2.2 version for upgrading the Certificate Inventory And Management plugin.

4. How to discover More than 1500 CA trust Certificate discovery(Godaddy, Digicert, Sectigo, Entrust).

     Note: Limit is Optional and it will take by default 1500.

     Solution: Create a schedule and add a serverless pattern for every 1500 certificates.

                   Ex: Consider a total of 8000certificates for Digicert. 

                         How to create a different serverless pattern for created Schedule:

                         1. Create New serverless pattern for the created schedule and add DigiCert Pattern and fill the input parameters to the pattern. In that set offset as 0. This will discover certificates up to 1500.

                         2. Create a New Serverless pattern for the same schedule and DigiCert pattern and fill the input parameters. In that set offset as 1500. This will discover from 1500 to 3000 certificates.

                         3. Create a New Serverless pattern for the same schedule and DigiCert pattern and fill the input parameters. In that set offset as 3000. This will discover from 3000 to 4500 certificates.

These steps will continue up to 8000k certificates.find_real_file.png

 

5. Here are the Default Certificate status is discovered and mapped accordingly in the cmdb_ci_certificate CI.

     a. ISSUED : ('issued', 'valid', 'expired', 'canceled', 'active' ) , that is, these status are mapped as ISSUED.
     b. REVOKED,
     c. INSTALLED,
     d. RETIRED

6.How to discover other than these default cert status?

   Solution: Using the "other_cert_status" pattern input parameter, the user can able to give the other cert status and can able to discover the same.

Labels:
  • 1,181 Views
Version history
Last update:
‎10-05-2020 11:56 PM
Updated by:
ServiceNow Employee