How to implement JEA v2 profile with company PKI

Marek Meres
Tera Expert

Hello Community,

We want to use JEA for windows discovery following KB0965705 (Microsoft JEAv2 Profiles for Discovery) but instead of using self-signed certificates we need to use company PKI (to be built).

Our PKI SME told us we will need to create .csr from the MID server (so the subject CN=<name_of_MID_server>) which will be then used to issue a certificate by the PKI (so the Issuer will be the Issuing CA of the PKI).

I understand we will need to change the "retrieveSigningCert" function in the "JEAUtils.psm1" script on the MID server and also "initJEASession" in the "init1.ps1" script being part of the JEA profile to reflect these changed but...

The whole concept requires the public key to be distributed to the target windows servers while our PKI SME told us this should not happen as all Windows servers will trust MID server automatically.

I would appreciate some guidelines / help / experience on implementing the above KB with company PKI.

Thanks in advance!

1 ACCEPTED SOLUTION

ServiceNow Tec2
Mega Sage
This has been resolved by ServiceNow Technical Support. Please refer to KB0965705 (HI login required) for more information.

View solution in original post

6 REPLIES 6

Dan11
Kilo Contributor

Why does this thread appear in the search results as "Solved Discussion" when there is obviously no "solution" offered?

Christian Prob2
Tera Guru

Hi @Marek Meres ,

I may have a similar issue - please compare here - https://community.servicenow.com/community?id=community_question&sys_id=00ca8eafdba8d550be625ac2ca96... - did you make any progress?

Thanks,

Christian

 

Hi @Christian Probst,

The post was converted to case and currently the ServiceNow engineer is working on it but we are on very early stage - only yesterday we had a call to clarify what the issue is. You are far ahead of us and we cannot even test the solution that the engineer will provide. I would raise a support case if I was you (and please share the results).

Best regards,

Marek

ServiceNow Tec2
Mega Sage
This has been resolved by ServiceNow Technical Support. Please refer to KB0965705 (HI login required) for more information.