Certificate management - External vs Self signed

ashi2
Tera Contributor

hey Experts - 

This is regarding Certificate Inventory management. I am trying to create an Incident through Event management - however when i am getting events there is no distinguishing filter to determine if that certificate is Self signed or External. The consultants are suggesting to do scripting to get the self signed or external. However i am wondering this information should be there in the certificates that discovery should discover in first place. Please suggest a best way to avoid this scripting.. Thank you!!! (the concealed part is alpha numeric fingerprint)find_real_file.png

find_real_file.png

1 ACCEPTED SOLUTION

Hi Ashi,

This should do the trick - copied the ootb Create Incident flow, and added a "Look Up Records" action to find a certificate which matches the sysid of the CI on the alert and is self-signed. 

The if condition on the next step checks if the Count returned by the Look Up Records action is greater than 0. If yes, then it means the certificate was found and it is a self-signed cert, so the flow is stopped. 

find_real_file.png

View solution in original post

8 REPLIES 8

Sree32
ServiceNow Employee
ServiceNow Employee

 

You can use the Renewal Tracking field to effectively govern the policies for TLS Cert. If you set the field to "Do no create renewal tasks", automated lifecycle tracking workflows will ignore the renewal notifications. 

 

find_real_file.png

 

 

In the cmdb_ci_certificate table, you will see is_self_signed and is_ca attributes. you can use them for Business rule creation. 

ashi2
Tera Contributor
Thanks Shree but my problem is distinguishing whether it’s self signed or not.

Adz1
Mega Guru

Hi Ashi,

When you discover the certificate, the certificate CI record created has a flag to indicate whether it's self-signed or not. When the event is created, the out-of-the-box event rules will trigger an alert, and that alert will be bound to the certificate CI. 

So, if the target is to trigger some logic based on whether it's an external or self-signed certificate, it can be achieved without scripting if you use flows and alert management rules. 

  1. Create an alert management rule which handles the certificate expired alert
  2. Create a subflow which creates an incident from an alert (copy and modify the out of the box flow)
  3. Customise the flow to read the "Is Self Signed" field on the CI associated to the alert and perform any logic required (e.g. adding "External" or "Self-signed" to the incident description)
  4. Save and activate the alert management rule with the linked subflow. 

 

Screenshots

 

find_real_file.png

 

 

 

find_real_file.png

 

find_real_file.png

ashi2
Tera Contributor

Adz - i got your point until alert rule but when i go to flow designer then i get stuck on which table should i pick to get the filters out plus i am trying to create a incident for NOt self signed expired certificate. Can you please help me with the table and input for unique certificates. I was wondering why would we even need event management in first place.