Certificate Inventory Management multiple teams, same certificate.

Luiz Lucena
Mega Sage

‎04-30-2024 05:12 PM

Hello everyone,

 

We have various certificates the span across multiple teams, for example, we have the certificate file *.domain.com which is handled by Infrastructure teams, they will renew and setup the certificate in the server.

 

The same certificate is used in many applications which are handled by different teams and they are responsible for binding the certificate in the application.

 

I'm trying to create two or more tasks, the first one when the certificate is about to expire, a task will be generated to the infrastructure to renew the file in the server.

 

Once completed, other tasks will be generated for the application owners to work on the application.

 

Anyone already did something like that?

0 Helpfuls
  • 470 Views
3 REPLIES 3

Mark Manders
Mega Patron

‎04-30-2024 10:45 PM

Do you have the overview of which certificates are used on which applications? Because if you can just add that into ServiceNow (if it's not already there), you can easily create a flow with those tasks. You trigger it on the certificate that's about to expire, create the task for the infra team and when they close their task, you create the tasks for the other teams (by a look up to all applications using that certificate and assign it to the responsible team(s).


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Luiz Lucena
Mega Sage
In response to Mark Manders

‎05-01-2024 06:39 AM

Thanks, @Mark Manders ,

 

Yes, the certificates were imported through Discovery (URL).

Do you happen to know what are the OOTB flows for Automated renewal tasks?
So far, the only thing I know for sure is that the former developer created a Record Producer for manual renewal requests.
Trying to find the OOTB flows to see if is possible to modify it to include the additional tasks needed.

 

Thanks, 

0 Helpfuls

Mark Manders
Mega Patron

‎05-02-2024 01:21 AM

Part of Certificate management are the renewal flows, but I don't know if you have that application. 
I would get rid of that record producer and if no flow is yet available on the instance (search for certificate or renewal), just create it yourself. It's an easy one: run it daily, look up certificates that are going to expire within X days, check if a task already exists and if not, create one. And another (sub)flow to control the tasks -> after creation of the first task (server), wait until it's closed and open the one for the application team.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark