Understanding the "Archive Unique Certificates" Table in ServiceNow Certificate Management

Issue Description

While reviewing certificate data in ServiceNow Certificate Inventory and Management, I discovered certificates appearing in an "Archive Unique Certificates" table with timestamps from June 2025. This raised questions about:

• What this table represents
• How certificates end up there
• Whether this was expected behavior
• The source and purpose of this archived data

 

Environment

• Application: Certificate Inventory and Management
• Table Observed: Archive Unique Certificates
• ServiceNow Version: Xanadu

Root Cause Analysis

After investigation, I found that ServiceNow has two different certificate archiving rules that can cause confusion:

1. Certificate Task Archive Rule

• Table: sn_disco_certmgmt_certificate_task
• Status: Inactive by default
• Conditions: Archives certificate tasks that are "Closed Complete" and >12 months old
• Navigation: System Definition > Archive Rules > Certificate Task Archive

2. Archive Unique Certificates Rule ⭐ (The Actual Cause)

 

• Table: cmdb_ci_certificate
• Status: Active (runs hourly)
• Conditions: Archives certificates where:
  • State ≠ "installed" (expired, revoked, etc.)
  • Valid_to < 6 months ago
• Navigation: System Definition > Archive Rules > Archive Unique Certificates

How to Investigate Archive Rules

Step 1: Locate the Archive Rules

Navigate to: System Definition > Archive Rules
Search for: "Certificate" or "Archive"

Step 2: Check Rule Status and Conditions

For each rule, examine:

• Active: true/false status
• Table: Which table is being archived
• Conditions: Criteria for archiving
• Last Run Date: When it last executed
• Record Estimate: How many records processed

Step 3: View Archive Rule Details (XML Export Method)

If you need detailed rule configuration:

1. Export the archive rule to XML
2. Review the <condition> section for exact criteria
3. Check <last_run_date> and <total> fields

Solution Explanation

What I Found: The "Archive Unique Certificates" table contains certificates that were automatically archived by ServiceNow's Data Archiver plugin because they:

1. Were no longer in "installed" state (expired, revoked, etc.)
2. Had expired more than 6 months ago

Why June 2025 Timestamps:

• The archive rule became active in January 2025
• In June 2025, there was likely a bulk processing of certificates that met the 6-month expiration criteria
• The rule runs hourly, continuously archiving eligible certificates

Data Volume: In my case, 6,938 certificates had been processed and archived since the rule activation.

Key Takeaways

1. Multiple Archive Rules: Certificate management has separate rules for certificate tasks vs. actual certificates
2. Default Behavior: The "Archive Unique Certificates" rule is active by default and working as designed
3. Data Lifecycle: This is normal data lifecycle management to maintain system performance
4. Retention Policy: Expired certificates are retained in archive for 6+ months for compliance purposes

Verification Steps

To verify this in your own environment:

1. Check Active Rules:

   System Definition > Archive Rules
   Filter: Name CONTAINS "certificate"
   

2. Verify Plugin Status:

   System Definition > Plugins
   Search: com.glide.auxdb (Data Archiver)
   Status: Should be "Active"
   

3. Review Archive Conditions:

   • Open the "Archive Unique Certificates" rule
   • Examine the condition logic
   • Check last run dates and record counts

Best Practices

• Regular Monitoring: Periodically review archive rules to understand data retention
• Documentation: Document your organization's certificate lifecycle policies
• Alerting: Consider creating reports on certificate expiration before archiving occurs
• Compliance: Ensure archived data meets your organization's retention requirements

Additional Resources

• ServiceNow Documentation: Certificate Inventory and Management https://www.servicenow.com/docs/bundle/zurich-it-operations-management/page/product/discovery/concep...
• ServiceNow Documentation: Data Archiver Plugin: https://www.servicenow.com/docs/bundle/xanadu-platform-administration/page/administer/database-rotat...
• System Definition > Archive Rules (for hands-on exploration) https://www.servicenow.com/docs/bundle/zurich-platform-administration/page/administer/managing-data/...

Disclaimer

Intent: This article is shared to help community members who might encounter similar confusion about certificate archiving in ServiceNow. My intention is not to duplicate existing work, but to provide a real-world investigation example that others can follow.

Community Collaboration: If you believe I've missed any important details, have additional insights, or know of related resources that would benefit readers, please feel free to comment below. Community knowledge grows through collaboration! 🤝

Feedback Welcome: If you have suggestions for improving this article or have encountered similar scenarios with different outcomes, your input would be valuable for making this resource more comprehensive.

---

Conclusion

The "Archive Unique Certificates" table is a normal part of ServiceNow's certificate lifecycle management. Understanding the difference between certificate task archiving and certificate record archiving helps prevent confusion when investigating certificate data.

If you believe the solution provided has adequately addressed your query, could you please mark it as 'Helpful'? This will help other community members who might have the same question find the answer more easily.

 

Thank you for your consideration.

 

Selva Arun