How to implement JEA v2 profile with company PKI

Go to solution
Marek Meres
Tera Expert

‎07-01-2022 03:32 AM

Hello Community,

We want to use JEA for windows discovery following KB0965705 (Microsoft JEAv2 Profiles for Discovery) but instead of using self-signed certificates we need to use company PKI (to be built).

Our PKI SME told us we will need to create .csr from the MID server (so the subject CN=<name_of_MID_server>) which will be then used to issue a certificate by the PKI (so the Issuer will be the Issuing CA of the PKI).

I understand we will need to change the "retrieveSigningCert" function in the "JEAUtils.psm1" script on the MID server and also "initJEASession" in the "init1.ps1" script being part of the JEA profile to reflect these changed but...

The whole concept requires the public key to be distributed to the target windows servers while our PKI SME told us this should not happen as all Windows servers will trust MID server automatically.

I would appreciate some guidelines / help / experience on implementing the above KB with company PKI.

Thanks in advance!

Labels:
  • 2,234 Views
1 ACCEPTED SOLUTION

Go to solution
ServiceNow Tec2
Mega Sage

‎07-25-2022 11:37 PM

This has been resolved by ServiceNow Technical Support. Please refer to KB0965705 (HI login required) for more information.

View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Dan11
Kilo Contributor

‎07-13-2022 02:16 PM

Why does this thread appear in the search results as "Solved Discussion" when there is obviously no "solution" offered?

0 Helpfuls

Go to solution
Christian Prob2
Tera Guru

‎07-13-2022 04:17 PM

Hi @Marek Meres ,

I may have a similar issue - please compare here - https://community.servicenow.com/community?id=community_question&sys_id=00ca8eafdba8d550be625ac2ca96... - did you make any progress?

Thanks,

Christian

 

0 Helpfuls

Go to solution
Marek Meres
Tera Expert
In response to Christian Prob2

‎07-13-2022 11:24 PM

Hi @Christian Probst,

The post was converted to case and currently the ServiceNow engineer is working on it but we are on very early stage - only yesterday we had a call to clarify what the issue is. You are far ahead of us and we cannot even test the solution that the engineer will provide. I would raise a support case if I was you (and please share the results).

Best regards,

Marek

0 Helpfuls

Go to solution
ServiceNow Tec2
Mega Sage

‎07-25-2022 11:37 PM

This has been resolved by ServiceNow Technical Support. Please refer to KB0965705 (HI login required) for more information.
0 Helpfuls