- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-14-2024 02:40 PM
Google has made an announcement that they will stop supporting the Entrust CA in a few months: https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html
Our certificate guy was poking around at some things today and noticed our ServiceNow instance uses an Entrust certificate. This KB confirms that ServiceNow uses Entrust for a lot of their certs, but I did not see anything about them changing CAs.
Is there a plan for how to deal with this?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2025 12:19 PM
Alongside with the KB @Joe1 mentioned, I'm sure all clients have received the communication below:
Entrust certificates expiration follow up notification
Review • Take Action by April 2025
Per Google’s recent announcement, ServiceNow is preparing for the replacement of Entrust certificates with DigiCert certificates by the end of April 2025.
In advance of the certificate replacement, any customers using MID servers need to ensure their firewalls allow communication to the DigiCert end points. Also, any hard dependencies on Entrust public certificates will impact your instance and/or integrations, and therefore customers with hard-coded dependencies must take action.
What you need to know and do
Action required before April 30, 2025
- Enable Firewalls – All customers must verify that their firewalls will allow for MID server communication to the DigiCert OCSP (http://ocsp.digicert.com) and CRL (http://crl3.digicert.com) end points.
- Instructions to verify and allow (if necessary) can be found in KB1709661.
- Failure to apply this change before the end of April will result in MID server outages.
- Hard coded certificates - If you currently have Entrust certificates hard coded to explicitly trust Entrust certificates only, you will need to take the necessary measures to ensure DigiCert certificates are trusted within your environment.
- Instructions for replacing certificates can be found in KB1702083.
Note: Additional communications/reminders will be provided closer to the certificate transition deadline.
Questions?
We are here to help. For details, please reference the following resources:
- KB1648707 – [Security Advisory] Entrust Certificate Distrust (Google, Chrome and Firefox)
- KB1702083 – Replacing Entrust Certificate Authority (CA)
- KB0563633 – SSL/TLS Encryption on Instances which also contains the new DigiCert certificate.
For additional assistance, please create a Case in Now Support using the subject: “Entrust Replacement”. Or you can visit the Customer Support - Contact Us knowledge article for contact information in your region.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2025 11:00 AM
That's not good!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2025 12:19 PM
Alongside with the KB @Joe1 mentioned, I'm sure all clients have received the communication below:
Entrust certificates expiration follow up notification
Review • Take Action by April 2025
Per Google’s recent announcement, ServiceNow is preparing for the replacement of Entrust certificates with DigiCert certificates by the end of April 2025.
In advance of the certificate replacement, any customers using MID servers need to ensure their firewalls allow communication to the DigiCert end points. Also, any hard dependencies on Entrust public certificates will impact your instance and/or integrations, and therefore customers with hard-coded dependencies must take action.
What you need to know and do
Action required before April 30, 2025
- Enable Firewalls – All customers must verify that their firewalls will allow for MID server communication to the DigiCert OCSP (http://ocsp.digicert.com) and CRL (http://crl3.digicert.com) end points.
- Instructions to verify and allow (if necessary) can be found in KB1709661.
- Failure to apply this change before the end of April will result in MID server outages.
- Hard coded certificates - If you currently have Entrust certificates hard coded to explicitly trust Entrust certificates only, you will need to take the necessary measures to ensure DigiCert certificates are trusted within your environment.
- Instructions for replacing certificates can be found in KB1702083.
Note: Additional communications/reminders will be provided closer to the certificate transition deadline.
Questions?
We are here to help. For details, please reference the following resources:
- KB1648707 – [Security Advisory] Entrust Certificate Distrust (Google, Chrome and Firefox)
- KB1702083 – Replacing Entrust Certificate Authority (CA)
- KB0563633 – SSL/TLS Encryption on Instances which also contains the new DigiCert certificate.
For additional assistance, please create a Case in Now Support using the subject: “Entrust Replacement”. Or you can visit the Customer Support - Contact Us knowledge article for contact information in your region.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2025 12:22 PM
Thanks! I am not the person that receives these emails for my organization so I appreciate you sharing!
