Java KeyStore and Windows Certificate Store discovery

Discovery uses the Collect Certificates extension section of the Linux Server and Windows OS – Servers patterns to discover certificates stored in the Java KeyStore or Windows Certificate Store. Discovering the certificate information requires installing and updating Discovery and Service Mapping Patterns and Certificate Inventory and Management.

Request apps on the Store

Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

Prerequisites

Verify that the following plugins are up to date
  • Discovery and Service Mapping Patterns (sn_itom_pattern), at least 1.12.0
  • Certificate Inventory and Management (sn_disco_certmgmt), at least 3.4.0
Verify that the pattern is enabled
The Collect Certificates pattern extension is disabled by default. On the Discovery Patterns list, verify that the Collect Certificates pattern extension has the Active field set to true.
Verify the configuration of the Java KeyStore credentials
In the Discovery Credentials module, select jks credentials. Make sure you configured the Discovery IP Affinity. In the Type field, insert java_keystore. For more information, see Getting started with credentials
Verify the configuration of the Discovery schedule
For more information, see Running discoveries in your network

Data collected by Discovery during horizontal discovery

The Collect Certificates extension section of the Linux Server and Windows OS – Servers patterns support the discovery of the following table and fields.
Field Description
Unique Certificates [cmdb_ci_certificate] ​
Fingerprint [fingerprint] The certificate fingerprint number.
Serial Number [serial_number] The serial number of the certificate.
Signature Algorithm [signature_algorithm] The signature algorithm of the certificate.
Fingerprint Algorithm [fingerprint_algorithm] The fingerprint algorithm of the certificate.
Issuer distinguished name [issuer_distinguished_name]

The distinguished name of the certificate issuer.

The issuer distinguished name consists of the following
  • Common Name (CN)- the authority that issued the certificate. For example, Entrust Certification Authority.
  • Organization (O)- The organization that issued the certificate. For example, "Entrust", Inc.
  • Organizational Unit (OU)- The unit that has the legal rights to issue the certificate.
Subject distinguished name [subject_distinguished_name]

The distinguished name of the entity that the certificate is issued to.​

The subject distinguished name consists of the following
  • Common name (CN).
  • Organization (O)- The organization that owns the domain that the certificate is issued to.
  • organizational unit (OU)- The organizational unit that owns the domain that the certificate is issued to.
Subject common name [subject_common_name]

The host name or domain associated with the certificate.
Subject country [subject_country] The country (C) of the organization that the certificate is issued to. Populated in a two-letter country code.
Subject State [subject_state] The region, state (ST), or province of the organization that the certificate is issued for. This data is populated with two-letter code.
Subject locality [subject_locality] The city, location (L) of the organization that the certificate is issued for.
Subject organizational unit [subject_organizational_unit] The organizational unit (OU) that the certificate is issued for.
Subject organization [subject_organization] The organization (O) that the certificate is issued for.
Subject email [subject_email] The email address of the organization that the certificate is issued for.
Valid From [valid_from] The certificate is valid from this date (Displayed in your time zone.). For example, 2023-09-25 10:43:03
Valid To [valid_to]

The expiry date of the certificate (Displayed in your time zone.). For example, 2024-09-24 10:43:03
State [state] When Discovery collects the certificate the field indicates installed
Subject Alternative Name [subject_alternative_name] A list of references to alternative host names used by the server.
Issuer [issuer] In this field, there’s a reference to the certificate record. The issuer is the entity that signed and issued the certificate. The reference is available if the issued certificate is a part of the same payload.
Installed Certificate [sn_disco_certmgmt_cmdb_installed_certificate]
Discovery Method [discovery_method] If a pattern discovered this installed certificate, the field indicates Pattern.
Source [source] The IP address of the host server on which discovery is run.
Server [server]

The Java-based web server or Windows based web server that store the certificate in java KeyStores on the host machine.
Root Issuer [root_issuer] A reference to the root certificate record. The reference is available if the issued certificate is a part of the same payload.