How we can Procure the SSL/TLS certificates for ServiceNow Mid Server.

aritra11 · ‎08-15-2018

Hi All,

As per our Client requirement it is asked to increase Mid Server Security.
We have gone through the Link carefully-->https://docs.servicenow.com/bundle/london-servicenow-platform/page/product/mid-server/concept/mid-server-security-encryption.html.

But Security team is asking for implementing TLS(Transport Layer Security) in stead of SSL(Secure Socket Layer)protocal.
with respect to this can you please help us with below query here?

1>Can we add TLS Certificates in stead of SSL Certificates for ServiceNow Mid Server ?
The objective is the connection from MidServer will happen via TLS in stead of SSL

2>How we can Procure the SSL/TLS certificates for ServiceNow Mid Server.

Jamsta1912 · ‎08-15-2018

Hi Aritra,

TLS and SSL are different protocols but the certificates are the same thing. Here's a useful short article:

https://www.globalsign.com/en/blog/ssl-vs-tls-difference/

There are a large number of certificate authorities, from which you can purchase a certificate. Prices vary depending on how they verify your authenticity, and other factors. This wikipedia article contains a list of top certificate authorities:

https://en.wikipedia.org/wiki/Certificate_authority

Jamie

Sandeep Kumar6 · ‎08-23-2018

Hi Aritra,

I understood your requirement that you want to use TSL instead of SSL.

Disable SSL for outbound web services. ServiceNow uses TLS connections when SSL is disabled.

To disable SSL for outbound web services, set the system property glide.outbound.sslv3.disabled to true. Refer to the system property documentation for details. This property is available with the Eureka Patch 8 release.

When using a MID Server to send outbound web service requests, you must also set this property for the MID Server. You must restart the MID Server after changing the value of a property. Refer to the MID Server property documenation for details.

FYI:

Changes to SSL certifications

The following changes occur when we upgrade our SSL/TLS encryption:

The SSL certificate used by ServiceNow, https://*.service-now.com, was upgraded to a “SHA-2” certificate in October 2015. This change was phased in across datacenters. As a lead up to this change, ServiceNow provided an interim SHA-1 SSL certificate that expired in December 2015. The interim certificate gave customers additional time to plan for the transition.
ServiceNow will increase the cadence at which our SSL certificate is rotated (currently every 6 months), and will continue to provide 14-day notification of this activity. This is an industry best practice, enables ServiceNow to provide improved security for our customers, and allows us to react more quickly to the changing threat landscape. A routine change includes, but is not limited to, any change not materially affecting the technical nature or performance of the certificate. Examples are:
- replacing the certificate with a new expiration date
- revoking outdated certificates
- adding a feature such as an additional server name or supported ciphersuite
- Note: Events that may trigger a notification include, but are not limited to, a change in Root CA providers or disabling a feature or supported algorithm.
ServiceNow will no longer provide advance copies of our SSL certificate to customers. Customers should trust the Root Certificate provided by our certificate vendor, Entrust.

A small number of users may be affected by the change to a new certificate and rotation process. ServiceNow is making every effort to identify and work with customers who have been affected by this type of change in the past. We will continue to provide information and tools to assist with this transition.

Please mark complete or helpful if this resolved your issue.

Regards Sandeep