Hi @Hanumant Madan1 ,

ServiceNow Discovery (via Certificate Management plugin + Discovery Patterns) can discover certificates in two primary ways

1. From Microsoft CA (Certificate Authority) server
* ServiceNow uses the Microsoft CA Certificate pattern (via WMI/WinRM or PowerShell depending on your setup).
* This discovery retrieves the CA’s database of issued certificates, meaning it lists all unique certificates issued by that CA.
* It does not check whether each discovered cert is actually installed on individual endpoints.

2. From individual servers/endpoints (Installed Certificates)
* Separate patterns/scripts (for Windows via WMI/WinRM, for Linux via OpenSSL, etc.) query the local certificate store.
* This returns all certificates installed on that machine (could include self-signed, 3rd-party, or Microsoft CA–issued certs).
* These are then reconciled into cmdb_ci_certificate CIs in CMDB.

Recommendation-

Enable Microsoft CA Certificate Discovery → captures issued unique certs.
Enable Windows/Linux Certificate Discovery → captures installed certs.
Reconcile via CMDB Identification rules → match on certificate Serial Number, Thumbprint, and Issuer.
Use Certificate Management Dashboard → to track expiration, usage, and duplicates.

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
 

Thank You
AJ - TechTrek with AJ - ITOM Trainer
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
Topmate:- https://topmate.io/aj_techtrekwithaj (Connect for 1-1 Session)
ServiceNow Community MVP 2025