Certificate Module with Discovery to Sectigo CA

Adam Peterson · ‎09-22-2022

We are exploring the Certificate Inventory module and they have a section where you can connect to your Sectigo CA. I am having a hard time getting that setup. Has anyone had experience with that?

Thanks in advance!

-Adam

Marcio Olivieri · ‎12-16-2022

Hi Adam, did you manage to get this done? We are also having issues to connect to our Sectigo CA. While ServiceNow credentials form requires "authentication key", "password" and "customerUri", (details here), Sectigo says (details here) any API call must be executed using "logon", "password" and "customerUri".

Our discovery then fails, as credentials are not right. I was wondering if the Discovery Pattern for Sectigo needs updates, so the connection could finally work.

sethhumphrey · ‎12-16-2022

I'm in the same boat. I was wondering if we have to set the base url property for the Sectigo certificate authority. But I can't get any combination to work either.

Adam Peterson · ‎12-20-2022

I actually did get this to work! @sethhumphrey @Marcio Olivieri I will try to add a couple points which might help you guys.
1. I had to change the URL. Our API is https://hard.cert-manager.com/api/ssl. Not sure if yours will be the same. (I changed this in the Sectigo Pattern.)
2. I had to get with our Sectigo admin and he had to add an exception of some sort so our Mid Server could talk to Sectigo.
3. The credential. I am 95% sure the Authentication Key is the username. I set it up a few months ago and now it is all masked. But I am pretty confident that it was just the username.
4. It does need an Alias tied to it. You will use this Alias when you set up the Serverless Execution Pattern in the credentialsAlias field. The left the rest of the fields empty.

I believe that is everything. Keep me posted if it worked for you guys!

Marcio Olivieri · ‎12-20-2022

Thanks @Adam Peterson for sharing more details. We already changed the URL API (just like yours). I just tried same steps you did (also made sure that our MID is talking to Sectigo), but when I run the discovery with everything empty (except credential), I get this:

Here you have our Serverless Execution Pattern:

I also ran some tests using "Curl" and "Postman", it works:

I will have another Zoom session with ServiceNow tomorrow, let's see how that goes. Thanks again!