Certificate management - External vs Self signed

Go to solution
ashi2
Tera Contributor

‎02-13-2022 05:56 PM

hey Experts - 

This is regarding Certificate Inventory management. I am trying to create an Incident through Event management - however when i am getting events there is no distinguishing filter to determine if that certificate is Self signed or External. The consultants are suggesting to do scripting to get the self signed or external. However i am wondering this information should be there in the certificates that discovery should discover in first place. Please suggest a best way to avoid this scripting.. Thank you!!! (the concealed part is alpha numeric fingerprint)find_real_file.png

find_real_file.png

Labels:
Preview file
160 KB
Preview file
262 KB
0 Helpfuls
  • 2,430 Views
1 ACCEPTED SOLUTION

Go to solution
Adz1
Mega Guru
In response to ashi2

‎02-15-2022 11:42 PM

Hi Ashi,

This should do the trick - copied the ootb Create Incident flow, and added a "Look Up Records" action to find a certificate which matches the sysid of the CI on the alert and is self-signed. 

The if condition on the next step checks if the Count returned by the Look Up Records action is greater than 0. If yes, then it means the certificate was found and it is a self-signed cert, so the flow is stopped. 

find_real_file.png

View solution in original post

Preview file
86 KB
0 Helpfuls
8 REPLIES 8

Go to solution
Sree32
ServiceNow Employee
ServiceNow Employee

‎02-14-2022 09:51 AM

 

You can use the Renewal Tracking field to effectively govern the policies for TLS Cert. If you set the field to "Do no create renewal tasks", automated lifecycle tracking workflows will ignore the renewal notifications. 

 

find_real_file.png

 

 

In the cmdb_ci_certificate table, you will see is_self_signed and is_ca attributes. you can use them for Business rule creation. 

Preview file
26 KB
0 Helpfuls

Go to solution
ashi2
Tera Contributor
In response to Sree32

‎02-15-2022 05:05 AM

Thanks Shree but my problem is distinguishing whether it’s self signed or not.
0 Helpfuls

Go to solution
Adz1
Mega Guru

‎02-15-2022 04:52 AM

Hi Ashi,

When you discover the certificate, the certificate CI record created has a flag to indicate whether it's self-signed or not. When the event is created, the out-of-the-box event rules will trigger an alert, and that alert will be bound to the certificate CI. 

So, if the target is to trigger some logic based on whether it's an external or self-signed certificate, it can be achieved without scripting if you use flows and alert management rules. 

  1. Create an alert management rule which handles the certificate expired alert
  2. Create a subflow which creates an incident from an alert (copy and modify the out of the box flow)
  3. Customise the flow to read the "Is Self Signed" field on the CI associated to the alert and perform any logic required (e.g. adding "External" or "Self-signed" to the incident description)
  4. Save and activate the alert management rule with the linked subflow. 

 

Screenshots

 

find_real_file.png

 

 

 

find_real_file.png

 

find_real_file.png

Preview file
78 KB
Preview file
56 KB
Preview file
39 KB

Go to solution
ashi2
Tera Contributor
In response to Adz1

‎02-15-2022 03:22 PM

Adz - i got your point until alert rule but when i go to flow designer then i get stuck on which table should i pick to get the filters out plus i am trying to create a incident for NOt self signed expired certificate. Can you please help me with the table and input for unique certificates. I was wondering why would we even need event management in first place.

0 Helpfuls