SSL Certificates as Configuration Items

djquinones · ‎02-21-2020

I have a request to create a CI CLASS for SSL Certificates. I am told we will have "a ton" of them. Different types, covering different Servers and applications.

My thought is to of course ensure we gather the default CI Attributes such as CI Name (common name), Support group, owner, etc. certificate vendor... install date, expiration date...

Then of course the CI Attributes that would be unique to SSL Certificates:

- What are common attributes? I was thinking at least the type of certificate

Extended Validation Certificates (EV SSL)
Organization Validated Certificates (OV SSL)
Domain Validated Certificates (DV SSL)
Wildcard SSL Certificate.
Multi-Domain SSL Certificate (MDC)
Unified Communications Certificate (UCC),

- What the certificate secures (Application, Server, etc)

any other unique attributes needed?

Then there is the relationship types. (installed on:)

I am also told that in some cases a certificate maybe installed on one server but may support many, many others.

Any one have any advice to help me make it through the day 🙂

Andrew Westerv4 · ‎02-21-2020

Before you go off and build your own custom solution, you might want to start with what ServiceNow has provided us: https://store.servicenow.com/sn_appstore_store.do#!/store/application/5644310553c63300704dddeeff7b12...

Deepak Kumar5 · ‎02-21-2020

1) Extend cmdb_ci table to create a new table(1) to store certificate data.

2) All all new required fields, attributes fields in certificate table.

3) Create one more table (2) which holds records of Certificate (reference to table1) and installed servers.

4) Add install date, expiration date in table2 and make your report in this table so that you will get idea about to be expired certificate

5) You can create a Job and Service Request which will help you to open request to renew your certificate in well advance period of time.