Automating Incident Creation Based on Certificate Expiry in ITOM Visibility

Hari S1 · ‎02-27-2025

Hi,

We've installed the Certificate Inventory and Management ITOM Visibility plugin and need to set up automatic incident creation 20 days before a certificate expires. How can I configure incident tickets to be created based on certificate expiry? Additionally, how can I identify where all the certificates are stored?

Thanks

Carlos Petrucio · ‎02-27-2025

Hi @Hari S1 ,

To configure automatic incident creation 20 days before a certificate expires in ServiceNow with the Certificate Inventory and Management (ITOM Visibility) plugin, follow these steps:

1. Identify Where Certificates Are Stored

Certificates are typically stored in the Certificate Inventory (cmdb_ci_certificate) table. You can check:

Navigate to CMDB > Certificate Inventory (cmdb_ci_certificate).
Use a filter like sys_class_name=cmdb_ci_certificate to view all certificates.
You can also use the Certificate Dashboard to get insights into certificate statuses.

2. Create a Scheduled Job to Check for Expiring Certificates

You'll need to create a Scheduled Job that runs daily to identify certificates expiring in 20 days and create incidents automatically.

Steps:

Go to: System Definition > Scheduled Jobs > New
Set the following parameters:
- Name: Create Incident for Expiring Certificates
- Run: Daily
- Time: Choose a time that works best for your process
- Script: Add the following script:

var daysBeforeExpiry = 20; 
var expiringCertificates = new GlideRecord('cmdb_ci_certificate');
var today = new GlideDateTime();
today.addDaysLocalTime(daysBeforeExpiry);

expiringCertificates.addQuery('valid_to', '<=', today); // Find certificates expiring within 20 days
expiringCertificates.query();

while (expiringCertificates.next()) {
    // Check if an incident already exists for this certificate
    var incidentCheck = new GlideRecord('incident');
    incidentCheck.addQuery('cmdb_ci', expiringCertificates.sys_id);
    incidentCheck.addQuery('short_description', 'CONTAINS', 'Certificate Expiry Warning');
    incidentCheck.query();

    if (!incidentCheck.hasNext()) { // If no existing incident, create one
        var incident = new GlideRecord('incident');
        incident.initialize();
        incident.short_description = 'Certificate Expiry Warning: ' + expiringCertificates.name;
        incident.description = 'The certificate ' + expiringCertificates.name + ' is expiring on ' + expiringCertificates.valid_to + '. Please take necessary action.';
        incident.cmdb_ci = expiringCertificates.sys_id; // Link to the certificate
        incident.impact = 2; // Medium impact
        incident.urgency = 2; // Medium urgency
        incident.priority = 3; // Adjust priority as needed
        incident.insert();
    }
}

Save and activate the scheduled job.

3. Alternative: Create a Flow Using Flow Designer

If you prefer a no-code approach, you can achieve the same result using Flow Designer:

Navigate to: Flow Designer (All > Process Automation > Flow Designer).
Create a new Flow:
- Trigger: Scheduled Execution (Daily)
- Action 1: Query Records (Table: cmdb_ci_certificate)
  - Filter: valid_to is on Today + 20 days
- Action 2: Create Record (Table: incident)
  - Short Description: Certificate Expiry Warning: ${name}
  - Description: The certificate ${name} is expiring on ${valid_to}.
  - CMDB CI: ${sys_id}
  - Priority: 3 (Medium)
Save and activate the flow.

4. Verify & Test

Manually adjust the valid_to date of a test certificate and run the scheduled job or flow to confirm incidents are created.
Monitor the incident table (incident) for generated tickets.

If my answer helped you, remember to mark it as the correct answer!

- Carlos Petrucio

Hari S1 · ‎02-27-2025

Hi @Carlos Petrucio ,

I created a scheduled job and attempted to execute it, but it is not creating any incidents, and I can see errors in the system logs. I have reviewed the scheduled job configuration and tried re-executing it, but the issue persists. Could you please help me?

Carlos Petrucio · ‎02-27-2025

Hi @Hari S1 ,You're right!

The while loop is restricted in the ServiceNow scheduled script execution sandbox. Instead, we should use GlideRecordIterator to process the results safely. Here's an updated version of the scheduled job script using GlideQuery:

var daysBeforeExpiry = 20;
var today = new GlideDateTime();
today.addDaysLocalTime(daysBeforeExpiry);

var expiringCertificates = new GlideRecord('cmdb_ci_certificate');
expiringCertificates.addQuery('valid_to', '<=', today); // Find certificates expiring within 20 days
expiringCertificates.query();

for (var cert in expiringCertificates) { // Using GlideRecord iterator
    // Check if an incident already exists for this certificate
    var incidentCheck = new GlideRecord('incident');
    incidentCheck.addQuery('cmdb_ci', expiringCertificates.sys_id);
    incidentCheck.addQuery('short_description', 'CONTAINS', 'Certificate Expiry Warning');
    incidentCheck.query();

    if (!incidentCheck.hasNext()) { // If no existing incident, create one
        var incident = new GlideRecord('incident');
        incident.initialize();
        incident.short_description = 'Certificate Expiry Warning: ' + expiringCertificates.name;
        incident.description = 'The certificate ' + expiringCertificates.name + ' is expiring on ' + expiringCertificates.valid_to + '. Please take necessary action.';
        incident.cmdb_ci = expiringCertificates.sys_id; // Link to the certificate
        incident.impact = 2; // Medium impact
        incident.urgency = 2; // Medium urgency
        incident.priority = 3; // Adjust priority as needed
        incident.insert();
    }
}

If my answer helped you, remember to mark it as the correct answer!

- Carlos Petrucio

Hari S1 · ‎02-27-2025

Hi @Carlos Petrucio ,

I tried executing the job with the updated code, but I'm still getting the same error.