Entrust, Digicert CA credentials - required permissions for access to pull certificate data?

Kelly Logan
Kilo Sage

‎02-14-2024 01:26 PM

The ServiceNow documentation mentions a credential needs to be created to connect to the Entrust and Digicert systems and I would like to make sure the credential used only has the required permissions granted for access, but I don't see what those are.

KellyLogan_0-1707945934113.png

 

Does anyone know what the required permissions to be granted are for the Entrust or Digicert accounts to be used for pulling certificate data?

0 Helpfuls
  • 1,183 Views
3 REPLIES 3

MattSN
Mega Sage
Mega Sage

‎02-15-2024 04:26 AM

Visibility to TLS certificates

There is a table that shows the permissions required for each CA type.

0 Helpfuls

Kelly Logan
Kilo Sage
In response to MattSN

‎04-03-2024 07:40 AM

The question is, What DigiCert permissions are to be granted to the accounts (API) to run CA pulls?

Not what permissions are needed for port scan. 

There is a similar unanswered question from 2023 here: https://www.servicenow.com/community/itom-forum/digicert-certificate-discovery-issue/m-p/2570189

0 Helpfuls

MattSN
Mega Sage
Mega Sage
In response to Kelly Logan

‎04-03-2024 12:41 PM

It looks like they removed that table in current version of the documentation. It's here in the Vancouver version.

https://docs.servicenow.com/bundle/vancouver-it-operations-management/page/product/discovery/concept...

The user that was added to the credentials in the instance must have permissions to send these queries.

CA API element
GoDaddy
  • * /v1/certificates
  • * /v1/certificates/{certificate_id}/download
DigiCert
  • * /services/v2/order/certificate
  • * /services/v2/certificate/{certificate_id}/chain
Entrust
  • * / v2/certificates
  • * / v2/certificates/{certificate_id}
Sectigo
  • * /cert-manager/api/ssl/v1
  • * /cert-manager/api/ssl/v1/collect/{certificate_id}/pem