Certificate Monitoring Self Hosted CA Discovery

Konner Lester · ‎01-17-2025

I’m currently setting up Certificate Discovery in our ServiceNow instance and plan to use a combination of Port-based and CA-based discovery. However, after reviewing the documentation, it seems that only a few Certificate Authorities (Entrust, DigiCert, Sectigo, GoDaddy) are officially supported for CA-based discovery.

Our organization uses a self-hosted CA for internal sites, and I was wondering if anyone has successfully configured CA-based discovery to work with a self-hosted CA. The documentation doesn’t outline a method for adding or integrating a custom CA, so I’d appreciate any insights or experiences from the community.

Specifically, I’d like to know:

Is there a way to integrate a self-hosted CA into the CA discovery process?
If not natively supported, are there any workarounds or customization approaches that have worked for others?
Any potential limitations or gotchas to consider when using self-hosted CAs with Certificate Discovery?

Thanks in advance for the help!

Community Alums · ‎01-17-2025

Hi @Konner Lester ,

Unfortunately, it won't be supported as of now apart from Entrust, DigiCert, Sectigo, GoDaddy.

Ram Devanathan1 · ‎01-18-2025

hi Konner, we support additional Cert Authorities through ACME (automated cert management environment) protocol. if your self-hosted CA supports ACME this should be easy.

otherwise, this will take custom services effort.

Hope this helps.

Ram