ITOM Import Certificate - Discovery

Nisha30 · 3 weeks ago

Hello Experts,

Can anyone please suggest what is the pre-requisites for certificate discovery via 'Import Certificate'

We are discovering certificates via horizontal but there are certain certs which needs to be sorted out hence,

Customer is suggesting that they keep all certificates in a local store in a Server.

I have created The schedule for " Import Certificate" BUT not aware

1. where should our team should keep the certificates in a local server ? Any specific Path the certs to be kept?

2. Any specific extensions for those files mandatory?

3. Do we need to create the schedule under scope= Certificate Inventory Management ??

Discovery Pattern-Import certificate - is ACTIVE in our instance.

Please if anyone knows

Thanks

Teja R · 2 weeks ago

Hi @Nisha30 ,
temp_certificates_folder : this is the temporary folder we need to create inside "C:\MIDServerInstall\agent" create the "temp" folder in the given path.And add the complete path there like "C:\MIDServerInstall\agent\temp".
This will copy the certificate to this folder.And that path is used in the pattern.If it is remote.

TLS Keep Original Certificate is the true/false.
Setting "TLS Keep Original Certificate" to False allows your server to dynamically update, replace, or present a new, valid certificate during the TLS handshake.

As shown Below:

If my response helped, mark it as helpful and accept the solution.
Regards,
Teja.

View solution in original post

Nisha30 · 2 weeks ago

Can anyone please suggest how to proceed. Thanks

BharatC · 2 weeks ago

Hello @Nisha30 ,

For Certificate Discovery via **"Import Certificate"**, below are the common prerequisites and considerations:

1. **Certificate Location / Path**

* Certificates should be placed on a server accessible by the MID Server.
* There is no strict mandatory default path, but the path configured in the Import Certificate schedule/pattern must be reachable by the MID Server account.
* Common practice is to keep them in a dedicated folder like:

* Linux: `/opt/certs/`
* Windows: `C:\g\`
* Ensure MID Server has read permissions on that location.

2. **Supported Certificate File Extensions**
Commonly supported formats:

* `.cer`
* `.crt`
* `.pem`
* `.p7b`
* `.pfx` / `.p12` (if password handling is configured)

PEM/Base64 encoded certificates are most commonly used.

3. **Schedule Scope**
Yes, typically the schedule should be created under scope:

* **Certificate Inventory Management**

Also ensure:

* Pattern **"Discovery Pattern - Import Certificate"** is active.
* Appropriate MID Server is selected and validated.
* Credentials (if needed for access) are configured properly.
* The server containing certificates is reachable from MID Server.

Additionally, "Import Certificate" is generally used for importing certificates from file locations/manual repositories, whereas Horizontal Discovery discovers certificates directly from hosts/services.

If the provided solution is useful/working, please Accept as Solution and hit the Helpful.

Thanks & Regards,
Bharat Chavan

Nisha30 · 2 weeks ago

Hello @BharatC

Thanks for explanation.

For point 1) Path ....so we have OOB pattern only, so to understand clearly.

Wherever the certs are kept (Any Path ) that path should have access to read permissions by Midserver ? Will Midserver pick that Path automatically?

Thanks

BharatC · 2 weeks ago

Hi @Nisha30

The MID Server does not automatically scan all paths on a server for certificates.

With the OOB “Discovery Pattern - Import Certificate”, the certificate location/path must be explicitly configured in the discovery schedule or pattern input.

You need to specify the certificate path
MID Server accesses that exact path
MID Server reads/imports certificates from there

If the provided solution is useful/working, please Accept as Solution and hit the Helpful.

Thanks & Regards,
Bharat Chavan