kim_purcell
Kilo Explorer
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
11-05-2015
11:41 AM
To continue to ensure the security and privacy for our customers, ServiceNow has recently upgraded our SSL/TLS encryption. The SSL certificate used by ServiceNow, https://*.service-now.com was upgraded to a SHA-2 certificate beginning in October 2015. If you're scratching your head trying to figure out what this all means and determining if your instance has been affected, here are a few commonly asked questions and answers to help you out.
SSL Certificate Q&A
What's changed?
- ServiceNow has updated the SSL certificate that supports your instance in our data centers.
- SSL certificate updates will be increasing in frequency to support higher levels of security for your instance.
- ServiceNow SSL certificate changes will now be routine changes, with advance notification no longer being sent for SSL certificate updates. These routine changes may include:
- replacing the certificate with a new expiration date
- revoking outdated certificates
- adding a feature such as an additional server name
Why this change?
ServiceNow previously provided an interim SHA-1 SSL certificate, which expires in December 2015. As a lead up to this change, the SSL certificate used by ServiceNow, https://*.service-now.com has been upgraded to a "SHA-2." This will be phased in across data centers.
How does it impact us?
This change affects your ability to connect to your instance only if you have hard-coded our SSL certificate into your infrastructure. Some cases where hard-coded SSL certificates are found include:
- A proxy server is used to access your ServiceNow instance. The proxy may have the current SSL certificate hard-coded into the proxy software.
- Inbound integrations that connect to your ServiceNow instance. For examples, see List of Available Integrations.
Customers who have integrations, caching or proxy servers that have hard-coded the current ServiceNow SSL certificate may need to do a manual update to trust the new SSL certificate.
What if a manual upgrade is needed?
If you have determined that your instance is impacted by the SSL certificate change and a manual update is required, use the current SSL certificate information located in product documentation. Please note that hard-coded certificates are not recommended since ServiceNow will no longer be providing notification for certificate updates.
For detailed information about the SSL Certificate, see:
6 Comments
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
