Hi Hari,

Renew Certificate Using Automated Certificate Management (Yokohama Release)

The Renew Certificate – Automated Flow in Certificate Inventory and Management allows users to request certificate renewals and automatically retrieve certificates to maintain secure and uninterrupted services. Below is a summary of the process and how to locate the relevant workflow in Flow Designer.

Key Details About the Renewal Process

1. Pre-requisites:
   • Ensure the Certificate Management catalog is enabled.
   • A Routing Policy must be created.
   • Required roles: PKI Admin, Admin, Certificate Owner, or users in the Certificate Owner Group (which includes the Certificate Requester role).
2. Important Notes:
   • Entrust CA Gateway and Microsoft CA certificates cannot be renewed directly. Instead, request a new certificate with the same details as the original.
   • A CSR (Certificate Signing Request) is mandatory for renewal. You can use an existing CSR or generate a new one using vault and Java APIs.
3. Procedure:
   • Navigate to All > Service Catalog > Certificate Management.
   • Select Renew Certificate – Automated Flow.
   • Provide mandatory details such as the CSR and Validity Period.
   • Submit the form to proceed with the order.
   • The system uses the Routing Policy [sn_disco_certmgmt_routing_policy] table to fetch the CA routing policy ID and trigger the flow.
4. Result:
   • If the routing policy matches, the system automatically requests the renewal certificate from the CA.
   • If additional details (e.g., Certificate Authority, Order ID, or thumbprint) are missing in the Certificate Extension [sn_disco_certmgmt_certificate_extension] table, the system logs a message and suggests running Certificate Discovery to populate the required details.

How to Find the Renew Certificate Workflow in Flow Designer

The Renew Certificate – Automated Flow is implemented using Flow Designer. To locate the workflow:

1. Navigate to Flow Designer:
   • Go to All > Flow Designer in your ServiceNow instance.
2. Search for the Flow:
   • Use the search bar to look for the flow named "Renew Certificate – Automated Flow" or similar.
   • Alternatively, search for flows related to the Certificate Management application.
3. Direct Access via Workflow Studio:
   • Use the following URL to directly access the subflow in Workflow Studio:

     https://<your_instance_name>/now/workflow-studio/builder?builderId=subflow&sysId=46712e0f6743330022646c706785ef8a&tableName=sys_hub_flow  
     

   • Replace <your_instance_name> with your ServiceNow instance name.

1. Flow Details:
   • The flow includes steps to:
     • Validate the CSR and routing policy.
     • Check for missing details in the Certificate Extension table.
     • Trigger the renewal request to the CA.
     • Store the Order ID in the Certificate Task [sn_disco_certmgmt_certificate_task] and Certificate Extension [sn_disco_certmgmt_certificate_extension] tables.
2. Scheduled Jobs:
   • The DigiCert – Track Certificate Order Status scheduled job runs every 30 minutes to check the status of the renewal request.

Additional Notes

• If the Certificate Authority, Order ID, or thumbprint is missing, the system logs a message and suggests running Certificate Discovery via a CA query to populate the missing details in the Certificate Extension table.
• For more information, refer to the Run Certificate Discovery via Certificate Authority query documentation.

By following these steps, you can locate and understand the Renew Certificate workflow in Flow Designer for Certificate Inventory and Management

If you believe the solution provided has adequately addressed your query, could you please **mark it as 'Helpful'** and **'Accept it as a Solution'**? This will help other community members who might have the same question find the answer more easily.

Thank you for your consideration.

 Selva Arun