recommendations for dealing with instance specific certificates when cloning
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sunday
Hi,
We're doing more mutual authentication and looking for recommendations to ensure production usage certificates do not make it into non-prod.
Have seen some comments about clone exclusion on the sys_certificate table, but uncertain if there are ServiceNow provided certificates that should be cloned down. I suspect there are some and this would cause an issue.
Appreciate if you would advise how you are managing clone activities with regards to certificates in the following tables
- Certificate [sys_certificate]
- User Client Certificate [sys_user_certificate]
I wish ServiceNow provided OoTB fields to identify records that should be excluded from clone where a full table exclusion cannot be done. Would be easier to target them in a clone clean-up script
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sunday
Hi @stevemac ,
You will need to preserve the data for both of these two tables before cloning.
The certificate imported into the MID Server install needs to match the certificate imported to the instance table "User Client Certificates" [sys_user_certificate] for the MID Server to authenticate with the instance.
Those records and their attachments need to be preserved and excluded in clones if different users and certificates are being used between the clone source and target.
Similarly, for Certificate [sys_certificate] you need to create Data Preserver .
Sandeep Dutta
Please mark the answer correct & Helpful, if i could help you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sunday
@SANDEEP DUTTA - thanks for replying. I understand the need for clone data preserver records. More after what conditions you are using (e.g. naming convention) and how you deal with the equivalent records in prod (that may have different names or sys_ids).
My understanding is
- Clone exclusion - after restore the entire table will be truncated on the target system
- Clone Data Preserver - records will be preserved as clone starts and restored at end of clone / before the instance is available
- Need both clone exclude and data preservers in place for the target system to remain the same as it was pre-clone.
I am concerned about clone exclusion on the table sys_certificate. I am OK (at this stage) with exclusion on sys_user_certificate.
Appreciate any further information you can provide to ensure instance specific certificate records are not in non-prods after a clone
thanks
Steve
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
Hi @stevemac ,
Your Understanding is going to the correct direction.
Sandeep Dutta
Please mark the answer correct & Helpful, if i could help you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
good
