DigiCert certificate Discovery issue

AbdulRahim Shai
Tera Expert

‎05-24-2023 03:44 AM

Hello Community,

 

I have set up DigiCert discovery to scan for certificates but it's giving below error. 

 

"status" : "GRACEFUL_TERMINATION",
"message" : "Certificate List is Empty - Please check Credentials and Configurations (ca_api_url, ca_api_version, include_cert_status) Failed Condition(s): [(${certificate} : value=) IS NOT EMPTY ]",
"log" :

 

When I tried to debug it looks like I am not able to make a query to   "/services/v2/order/certificate" As a result it's returning empty results and failing 

 

Does anyone experience a similar issue? is this happening because of a restriction to the API key? Currently, its view only ie only get request is allowed.  requesting some help. 

 

Thanks,

AbdulRahim

 

 

 

 

 

0 Helpfuls
  • 3,211 Views
21 REPLIES 21

sacebedomoore
Tera Contributor

‎05-26-2023 01:48 PM

Also having this issue. I decided to mess around a little in the Identification section of Pattern Designer. The Certificate List is Empty value bugs me because the condition says IS NOT EMPTY then spit out error. But we want the list to NOT BE EMPTY. Im expecting a list of certificates.

So I changed the value to "is Empty" and now its going through but saying the discovery failed: 

Identification Engine: Discovery status is FAILURE, Required attribute fingerprint is missing for CI Type cmdb_ci_certificate

This attribute is in the CI Type from what I can tell and in the list of tables for a Unique Certificate. Need to understand more of how this is structured but glad to see I am not the only one. Unfortunately I can't find any other recent article of someone fixing this issue and the only reference of a KB article is internal only:  KB1002668

AbdulRahim Shai
Tera Expert
In response to sacebedomoore

‎05-29-2023 02:03 AM

Thanks for your inputs , what you tried it also clicked me but i didnt tested it. 

I will try that and see what happens, anyways I have logged the Hi ticket I will surely update here once I resolve the problem.

Thanks

0 Helpfuls

Europa_9988
Tera Contributor
In response to AbdulRahim Shai

‎06-06-2023 03:02 AM

hi @AbdulRahim Shai , Did you happen to get any response on your HI ticket.

 

I had once had this solution working in Tokyo where I was able to pull the Certs from DigiCert CA, earlier month we upgraded to Utah....since then we are getting the same error message as yours.

0 Helpfuls

AbdulRahim Shai
Tera Expert
In response to Europa_9988

‎06-06-2023 04:01 AM

For me it doesn't work in Tokyo as well, it seems to  be a known issue. 

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303406 . now we are planning to have a call with Hi support for further investigation since kb article doesnt fix the problem for me.   please let me know if you get it to work  .

Thanks,
AbdulRahim

0 Helpfuls

MattSN
Mega Sage
Mega Sage

‎06-06-2023 06:03 AM

If you're getting "Certificate List is Empty", double check your credentials with this sample background script

var cred = new sn_cc.StandardCredentialsProvider().getAuthCredentialByID("98f887f5479da9908eb28973636d4367"); //sys_id of key in the sn_disco_certmgmt_certificate_ca_credentials table
var key = cred.getAttribute("api_key");
r = new sn_ws.RESTMessageV2();
r.setEndpoint("https://www.digicert.com/services/v2/order/certificate");
r.setHttpMethod("GET");
r.setRequestHeader("X-DC-DEVKEY",key);
r.setMIDServer("MIDSERVER001");//MID Server Name
r.setEccParameter("skip_sensor", "true");
var resp = r.executeAsync();
r.waitForResponse(10);

gs.info("Status code is " + resp.getStatusCode());

gs.info("Response is " + resp.getBody());

There is a known issue with recent patches covered in https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303406. Apply the update set in the article to fix that issue.