Using the Unique Certificate (cmdb_ci_certificate) CI Class manually?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-16-2020 07:21 AM
Hi all,
I hope this question is addressed to the right forum.
Many ServiceNow customers would like to manage their (TLS) Certificates in the CMDB. I noticed that the CMDB CI Class Models plugin now (since version 1.4.0) includes a CI class called "Unique Certificate" (cmdb_ci_certificate) with a description "a public key certificate in X.509 standard format".
What the release notes also say about this class is that: "The list view for that class does not have a New button and you can no longer add new records to the table".
So, the question is: can this OOB Unique Certificate CI Class be used for manually maintaining Certificates? Or should we create a custom CI class for this purpose and leave this one for the Discovery product?
Also, regardless of using this or a custom alternative, what is the recommended data model around these certificates?
Cheers,
--Mikko
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-12-2025 07:50 AM
Hi, we ended up creating a new Certifcate class, extending from "Unique certificate" and adding create & write ACLs for itil and asset roles.
We also had to create the form & list views and a set of modules (active certificates, expired certificates, expiring certificates.)
In addition we also created a flow generating tasks for certificates getting close to expiration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-25-2020 09:36 PM
Hi Mikko,
The new button is disabled by design for the reason that often certificates need to be decoded before extracting the attributes that can be inserted into cmdb_ci_certificate table. And also, there are fields like "is_ca" in cmdb_ci_certificate that are present as binary attributes in the encoded certificate. These binary attributes have to be parsed to get the actual values. Since some processing has to be performed to obtain the attributes from encoded certificates, manual insertion of certificate records into cmdb_ci_certificate table is disabled.
It is recommended to use the TLS certificate management application that has all the capabilities to decode, parse and extract the attributes from the encoded X.509 certificates.
Best,
Durga
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-10-2020 04:50 AM
To add a bit of clarification to this as I was asking the very same question, the TLS Certificate Management application appears to be new in Orlando, so not yet available in my instance as we are just getting upgraded to New York, won't be on Orlando until later this summer. But it is good to know about this application, look it up, I would plan on utilizing this functionality rather than patching something together.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-25-2020 06:03 AM
Hi Durga,
Could you onboard Cert date through transform maps rather as the 'New' button is unavailable and in the absence of Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-25-2020 06:58 AM
In the 1.2.0 version of Certificate Inventory and Management, a new feature has been added to bulk upload the certificates using excel file.
Could you please check the section "Use bulk certificate upload" in this document to know more about this feature.
-Durga
