Mid Servers - oscp.entrust.net by pass

Jason Stuart
Tera Expert

‎09-24-2020 04:00 AM

Has anyone been able to use a mid server that absolutely can't access the ocsp.entrust.net url for ocsp checking in Orlando?  

We have a mid server that can not access OCSP, and due to some things in play - we can not configure it to do so.  Is there any way around this?

 

---- Editing to add additional information --

 

We followed KB article https://hi.service-now.com/kb_view.do?sysparm_article=KB0854165 indicating OCSP checking could be disabled.

In MID Server Properties "com.glide.communications.httpclient.verify_revoked_certificate"
and
set value to false mid.security.validation.endpoints" and clear the value so it is empty.

MID Server still received the same error. Per documentation this is a requirement for MID Connectivity.

Thanks in Advance,

Jason

Labels:
  • 4,244 Views
9 REPLIES 9

BhupeshG
Tera Guru
In response to mpmacconnell

‎02-16-2021 06:48 AM

go to

 

https://<instance_Name>.service-now.com/nav_to.do?uri=%2Fmid_cert_check_policy_list.do

 

for the entry 


*.servicenow.com set the revocation column value to false

Jason Stuart
Tera Expert
In response to BhupeshG

‎03-10-2021 04:21 AM

Unfortunately we were not able to do it.  We had to bring our midserver outside the DMZ.  In essence we had a work around.

0 Helpfuls

Kemp
Kilo Contributor
In response to mpmacconnell

‎04-22-2021 04:21 AM

after Orlando, they changed certificate provider - you need to open TCP 80 (http) to FQDN ocsp.entrust.net from your MID server ip address x.x.x.x
0 Helpfuls

Bhargav
ServiceNow Employee
ServiceNow Employee

‎04-22-2021 04:27 PM

For Orlando and Paris,

please refer:
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0813636

In some cases,

additionally remove the cached entry for the property(mid.security.validation.endpoints) from the /agent/work/remote.properties file and restart the MID.

 

For Quebec,

please refer(mid server security checks):
https://docs.servicenow.com/bundle/quebec-servicenow-platform/page/product/mid-server/concept/mid-security-checks.html
each security policy can be edited to chose the certificate checks needed (we donot recommend turning off any cert validation checks)

glenn_pinto
ServiceNow Employee
ServiceNow Employee

‎04-23-2021 07:20 AM

Also be aware that there is a free MID Server Fundamentals training on Now Learning that covers installation, upgrade, and performance tuning. In the installation lesson, there is a section on troubleshooting that covers this issue. 

https://nowlearning.service-now.com/lxp?id=overview&sys_id=dcfdb5b5dbf5acd030c91fdc1396199a&type=course

 

 

 
0 Helpfuls