Certificate Management Question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2024 07:04 AM
We are currently using certificate management in our ServiceNow instance. We are coming across an issue where we are discovering certificates that are associated with port numbers but are not able to see the certificates that are stored on the server.
For example:
I run discovery on a particular server.
Discovery shows there are no certificates on the server
I use the Powershell command of dir Cert:\LocalMachine\My on the server and get a return of 30+ certificates.
Is there a way for certificate discovery to pull in the certificates that are just stored on a servewr?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2024 11:23 PM
Hi,
Sounds to me that you could leverage the Discovery by Import Certificate functionality. Have a look at this old post https://www.servicenow.com/community/itom-forum/discovery-of-local-certificates-on-a-specific-folder...
Regards,
Niklas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-21-2024 05:06 AM
Certificate discovery will discover the certificate if:
- The server is listening on a port and will accept remote connections (i.e. webserver listening on port 443)
- A connection from the MID Server can connect to the listening port and be presented with a certificate
Try the following PowerShell command from your MID Server for your server and port name.
Test-NetConnection -Port 443 -ComputerName "192.168.1.1" -InformationLevel "Detailed"
It sounds like you may be runing an internal Microsoft CA (PKI)? If so you'll want to look at Microsoft Certificate Authority discovery - https://docs.servicenow.com/csh?topicname=microsoft-ca-discovery.html&version=latest
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2024 06:22 AM
The certificates are not associate with Microsoft CA. They're just locally stored certificates that are not connected to any ports.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2024 04:21 AM
You would need to create a custom discovery pattern that runs a PowerShell command to fetch all certificates located on your local machine (Cert:\LocalMachine\My).