- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Is it possible to configure certificate renewal tasks, with target to an internal Microsoft CA?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi My Friend,
Yes, this is possible, but it isn’t something ServiceNow supports out of the box with a simple setting. Renewal tasks can be created automatically, but integrating them with an internal Microsoft CA (AD CS) requires some form of automation or integration.
Typically, the approach is:
ServiceNow generates the renewal task when a certificate is nearing expiration.
A workflow or integration submits the CSR to the internal Microsoft CA.
The CA issues the renewed certificate.
ServiceNow retrieves and updates the certificate record.
This is usually done through a MID Server with PowerShell, Microsoft CA enrollment web services, or SCEP/NDES, depending on how your AD CS environment is set up.
If renewal today is manual, you can still route tasks to the PKI team without integration. Full automation though, requires connecting ServiceNow to the internal CA.
@lzamp - If help you answer, Please mark Solution Accepted and Thumbs Up
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi My Friend,
Yes, this is possible, but it isn’t something ServiceNow supports out of the box with a simple setting. Renewal tasks can be created automatically, but integrating them with an internal Microsoft CA (AD CS) requires some form of automation or integration.
Typically, the approach is:
ServiceNow generates the renewal task when a certificate is nearing expiration.
A workflow or integration submits the CSR to the internal Microsoft CA.
The CA issues the renewed certificate.
ServiceNow retrieves and updates the certificate record.
This is usually done through a MID Server with PowerShell, Microsoft CA enrollment web services, or SCEP/NDES, depending on how your AD CS environment is set up.
If renewal today is manual, you can still route tasks to the PKI team without integration. Full automation though, requires connecting ServiceNow to the internal CA.
@lzamp - If help you answer, Please mark Solution Accepted and Thumbs Up
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
Hi Matthew
Thanks for the great answer!
In some cases the CSR needs to be "freshly" generated at the application side. Can this step be somehow integrated?
Thanks
Leandro
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
Yes — that behavior is happening because of the Cert Renewals & Security configuration and the values you appended. That setup is whats driving the filtering/logic you’re seeing so once those parameters are in place the results will scope correctly.
And yes, you can save that logic to a widget — but dont hard-code it directly in the UI. The better pattern is:
Put the logic in a data source / server script or Script Include.
Have the widget call that logic and pass any needed parameters.
Return the filtered results to the widget for display.
That way:
it’s reusable across pages/workspaces
easier to maintain
avoids duplicating filtering logic in multiple widgets
If this is staying in Workspace/UI Builder, the equivalent approach is to embed the filter in the data resource behind the component rather than the visual widget itself.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
@lzamp - hello my friend let me know if I help you solution. Thanks Kindly
