Certificate Management Question

Community Alums · ‎01-19-2024

We are currently using certificate management in our ServiceNow instance. We are coming across an issue where we are discovering certificates that are associated with port numbers but are not able to see the certificates that are stored on the server.

For example:

I run discovery on a particular server.

Discovery shows there are no certificates on the server

I use the Powershell command of dir Cert:\LocalMachine\My on the server and get a return of 30+ certificates.

Is there a way for certificate discovery to pull in the certificates that are just stored on a servewr?

Niklas Peterson · ‎01-20-2024

Hi,

Sounds to me that you could leverage the Discovery by Import Certificate functionality. Have a look at this old post https://www.servicenow.com/community/itom-forum/discovery-of-local-certificates-on-a-specific-folder...

Regards,
Niklas

MattSN · ‎01-21-2024

Certificate discovery will discover the certificate if:

The server is listening on a port and will accept remote connections (i.e. webserver listening on port 443)
A connection from the MID Server can connect to the listening port and be presented with a certificate

Try the following PowerShell command from your MID Server for your server and port name.

Test-NetConnection -Port 443 -ComputerName "192.168.1.1" -InformationLevel "Detailed"

It sounds like you may be runing an internal Microsoft CA (PKI)? If so you'll want to look at Microsoft Certificate Authority discovery - https://docs.servicenow.com/csh?topicname=microsoft-ca-discovery.html&version=latest

Community Alums · ‎01-22-2024

The certificates are not associate with Microsoft CA. They're just locally stored certificates that are not connected to any ports.

hjac98 · ‎03-20-2024

You would need to create a custom discovery pattern that runs a PowerShell command to fetch all certificates located on your local machine (Cert:\LocalMachine\My).