Azure Key Vault certificate discovery

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 3 minutes de lecture

    • Cloud Discovery uses Patterns to discover Azure Key Vault certificates. Discovering this data requires installing and updating Discovery and Service Mapping Patterns and Certificate Inventory and Management.

    Request apps on the Store

    Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Prerequisites

    Verify the configuration of an Azure account
    For more information, see Discovery for cloud environment
    Verify the installation of the plugins
    Certificate Inventory and Management (sn_disco_certmgmt), at least 3.4.0
    Discovery and Service Mapping Patterns (sn_itom_pattern), at least 1.12.0
    Verify the configuration of the system property
    Verify that the sn_itom_pattern.issuer_certificate_search_by_idn set to True to configure Discovery to search issuers by issuer distinguished name only. Discovery can't calculate fingerprint for each certificate in the chain because Key Value Certificates PFX records don't contain certificate chains.
    Verify the MID Server requirements
    The MID Server must have either ALL capability or Azure capability.
    Verify the configuration of Cloud Discovery schedule
    For more information, see Create a discovery schedule in Cloud Discovery Workspace

    Verify the REST API Permissions

    Download the Cloud Discovery patterns spreadsheet so you can grant user permissions required for running the Discovery patterns. In addition to permissions, the spreadsheet also includes useful information such as pattern names, types, CI Classes, and links to vendor documentation. New patterns are available quarterly, so check periodically to be sure you have the latest version of the spreadsheet.

    Data collected by Discovery during horizontal discovery

    The Azure – Key Vault Certificates pattern support the discovery of the following table and fields.
    Field Description
    Unique Certificates [cmdb_ci_certificate] ​
    Name

    The host name/domain associated with the certificate.

    For example, *.service-now.com
    Serial Number The serial number of the certificate. For example, 70 d8 c9 52 77 1c 2d 54 97 00 0e 21 05 84 dd 76 b5 e8 c1 73
    Subject common name

    The host name/domain associated with the certificate. For example, *.service-now.com
    Subject distinguished name

    The distinguished name of the entity that the certificate is issued to.​

    The subject distinguished name consists of the following
    • Common name (CN).
    • Organization (O)- The organization that owns the domain that the certificate is issued to.
    • organizational unit (OU)- The organizational unit that owns the domain that the certificate is issued to.
    Issuer common name

    The common name of the certificate issuer. For example, Entrust Certification Authority.
    Issuer distinguished name

    The distinguished name of the certificate issuer.

    The issuer distinguished name consists of the following
    • Common Name (CN)- the authority that issued the certificate. For example, Entrust Certification Authority.
    • Organization (O)- The organization that issued the certificate. For example, "Entrust", Inc.
    • Organizational Unit (OU)- The unit that has the legal rights to issue the certificate.
    Renewal tracking

    Indicates whether to create any priority 1 or priority 3 tasks for the expiring certificates.

    Discovery sets Renewal tracking to priority3 when the system property glide.discovery.certs.enable_renewal_task_creation_for_discovered_certificates is set to true.
    Valid From The certificate is valid from this date (UTC). For example, 2023-09-25 10:43:03
    Valid To

    The expiry date of the certificate (UTC). For example, 2024-09-24 10:43:03
    Subject organization

    The organization (O) that the certificate is issued to.
    Subject organizational unit The organizational unit (OU) that the certificate is issued to.
    Subject country The country (C) of the organization that the certificate is issued to. Populated in a two-letter country code.
    Subject state The region, state (ST), or province of the organization that the certificate is issued to. Populated with two-letter code.
    Subject locality The city, location (L) of the organization that the certificate is issued to.
    Subject email The email address of the organization that the certificate is issued to.
    Issuer A reference to the entity that signed and issued the certificate. The reference is available if the issued certificate is a part of the same payload.
    Root Issuer A reference to the root certificate. The reference is available if the issued certificate is a part of the same payload.
    Subject alternative name The name of the certificate domain record.

    CI relationships

    The Azure – Key Vault Certificates pattern support the discovery of the following relationships:

    CI Relationship CI
    Unique Certificate​ [cmdb_ci_certificate] Hosts::Hosted on Azure Datacenter​ [cmdb_ci_azure_datacenter]​
    Unique Certificate ​[cmdb_ci_certificate]​ Hosts::Hosted on Cloud Service Account​ [cmdb_ci_cloud_service_account]​
    Key Value​ [cmdb_key_value]​ Reference​ Unique Certificate​ [cmdb_ci_certificate]​