Need Help: Certificate Management project ( Azure, Java, & Internal CAs)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 hours ago
Hi All,
Hope you all doing great 🙂
Below are few question related to certificate inventory and management module:
Can ServiceNow easily find certificates hidden in these two specific areas out-of-the-box/ has integration possible ?
Azure Key Vault: Can the system scan Azure and pull a list of certificates stored inside a Key Vault?
Java KeyStores: Can the discovery tool look inside a server's folders to find hidden Java certificate files (.jks)?
- How does ServiceNow Certificate Management handle Internal Certificate Authorities (such as Microsoft-based or local PKI systems) for automated tasks like creating, renewing, or canceling certificates? What is the standard way to set up this type of internal automation?
- How does ServiceNow handle certificates and secrets that live inside Azure App Registrations? Does the system automatically find these assets and track their expiration dates so we can see them on our dashboard?
Any advice, tips, or links to the official setup guides for these scenarios would be incredibly helpful.
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Hi @ajayjoshi ,
ServiceNow Certificate Management does not natively scan Azure Key Vaults, Java KeyStores, or Azure App Registrations out‑of‑the‑box. These scenarios require integrations or custom discovery patterns. Internal Certificate Authorities (like Microsoft AD CS or local PKI) can be automated through ServiceNow workflows, but setup involves connectors or APIs rather than built‑in discovery.
- Azure Key Vault: No direct OOTB support. You can integrate via REST APIs or IntegrationHub to pull certificate metadata (names, expiration dates) into the CMDB.
- Java KeyStores (.jks): Discovery does not parse `.jks` files by default. A common approach is to use custom probes/scripts (e.g., `keytool` commands) to extract certificate details and feed them into ServiceNow.
- Internal CAs (Microsoft AD CS, local PKI): ServiceNow can automate request/renew/revoke workflows by connecting to the CA through APIs or PowerShell scripts. Certificates are then tracked in the CMDB.
- Azure App Registrations: Certificates and secrets here are not automatically discovered. Integration with Microsoft Graph API is needed to pull expiration data and display it on dashboards.
Use IntegrationHub + REST APIs for Azure scenarios.
Build custom discovery probes for Java KeyStores.
Configure orchestration workflows for internal PKI automation.
References:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Hi @pavani_paluri ,
Thanks for your prompt response.
Based on below links:
- Azure key vault - servicenow - reference link <https://www.servicenow.com/docs/r/it-operations-management/discovery/azure-certificate-discovery-pat...> and there are few pre-requisite.
- Java Certificate stores reference <https://www.servicenow.com/docs/r/it-operations-management/discovery/x509-certificates-discovery.htm... >
I am thinking ServiceNow’s Certificate Inventory and Management module supports both. It natively integrates with Azure Key Vault via API-based patterns and discovers hidden certificates residing inside file-based Java Certificate Stores (Java KeyStores / JKS) across infrastructure, is my understanding correct?
Thanks
