Transport Layer Security (TLS) extension classes

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 4 minutes to read

    • The CMDB CI Class Models store app adds or updates a class for TLS certificates.

    The app adds class models that extend the CMDB class hierarchy. You can use the added classes as any other CMDB class. Applications such as Discovery and Service Mapping patterns can use these class extensions to populate CIs and discover various technologies and software.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Transport Layer Security (TLS)

    TLS is a cryptographic protocol designed to provide communications security over a computer network. The TLS protocol provides privacy and data integrity between communicating computer applications. Once the client and the server have agreed to use TLS, they negotiate a stateful connection by using a handshaking procedure. The server usually provides identification in the form of a digital certificate. The certificate contains the server name, the trusted certificate authority (CA) that vouches for the authenticity of the certificate, and the server's public encryption key. The client confirms the validity of the certificate before proceeding. When the handshake is completed, a secured connection is established.

    Figure 1. TLS certificate classes integrated with the CMDB class hierarchy

    TLS certificate classes integrated with the CMDB class hierarchy.

    Scoped apps certification class

    The scoped apps certification class supports TLS certificates. With this class you can proactively manage certificates by keeping stakeholders informed about any impending expiries. Use this extension class to ensure that certificates are monitored and renewed before they expire, to prevent severe outage of production systems.

    Classes

    This section lists the relevant classes that the CMDB CI Class Models store app adds or updates. See the class columns table for further details about the columns added for each class.

    The CMDB CI Class Models: Release 1.4.0 updates the following class:
    Class Extends Description
    Unique Certificate [cmdb_ci_certificate] Configuration Item [cmdb_ci] A public key certificate in X.509 standard format.
    The CMDB CI Class Models store app changes the Unique Certificate [cmdb_ci_certificate] class as follows:
    • The assigned_to attribute now depends on the assignment_group attribute so that users in the assigned_to attribute are filtered based on the specified assignment_group.
    • The Certificate Inventory and Management store app populates the Unique Certificate [cmdb_ci_certificate] table. The list view for that class does not have a New button and you can no longer add new records to the table. This is because there are certain fields that are extracted from binary encoded parameters in the certificate which users may not be able to provide. Also, certificates have to be discovered rather uploaded.
    • You can no longer add or delete attachments in the Certificate file attribute.
    The CMDB CI Class Models: Release 1.3.0 adds the following classes. For the list of CMDB classes in a base system, including ones that this store app might be extending, see CMDB tables descriptions.
    Class Extends Description
    Unique Certificate [cmdb_ci_certificate] Configuration Item [cmdb_ci] N/A
    Certificate Domain [certificate_domain] N/A Fully qualified domain name.

    Class columns

    CMDB CI Class Models: Release 1.4.0 adds the following columns to the respective classes.

    Table 1. Unique Certificate [cmdb_ci_certificate] class
    Added columns Description
    Certificate file Certificate in an encoded form.
    Fingerprint Hash value of the certificate.
    Fingerprint algorithm Algorithm used to hash the certificate.
    Is certificate authority Indicates whether a certificate is a Certificate Authority (CA) or not.
    Is selfsigned Indicates whether the certificate is self-signed or not.
    Issuer Entity that has signed and issued the certificate.

    Reference: Unique Certificate [cmdb_ci_certificate]
    Issuer common name Common name of the issuer.
    Issuer distinguished name Distinguished name of the issuer.
    Key size Size of the key used by the signing algorithm.
    Choices:
    • Create priority 1 tasks
    • Create priority 3 tasks
    • Do not create renewal tasks
    Renewal tracking Indicates whether to create any priority 1 or priority 3 tasks for the expiring certificates.
    Root issuer Root entity that has signed and issued the intermediate certificate.
    Choices:
    • External
    • Internal

    Reference: Unique Certificate [cmdb_ci_certificate]
    Service type Indicates whether the certificate is used for external or internal services.
    Signature algorithm The cryptographic algorithm used to sign the certificate.
    Choices:
    • Issued
    • Installed
    • Revoked
    • Retired
    State Lifecycle states of the certificate.
    Subject alternative name

    List of fully qualified domain names secured by the certificate.

    Reference: Certificate Domain [certificate_domain]
    Subject common name Identifies the hostname/domain associated with the certificate.
    Subject country Subject's two letter country code.
    Subject distinguished name Identifying information of the subject.
    Subject email Subject's email.
    Subject locality Subject's locality.
    Subject organization Subject's organization.
    Subject organizational unit Subject's organizational unit.
    Subject state Subject's state.
    Valid from Validity start period of the certificate.
    Valid to Validity end period of the certificate.
    Version X.509 version of the certificate.
    Table 2. Certificate Domain [certificate_domain] class
    Added columns Description
    Domain Fully qualified domain name.

    CMDB CI Class Models: Release 1.3.0 adds no columns.