Transport Layer Security (TLS) extension classes
The CMDB CI Class Models app adds or updates a class for TLS certificates.
CMDB CI Class Models is a ServiceNow Store app that adds class models that extend the CMDB class hierarchy. The new or updated classes include class descriptions, identification rules, identifier entries, and, if applicable, dependent relationships. You can use the added classes just like any other CMDB class. Applications such as Discovery and Service Mapping Patterns can use the class extensions to populate CIs and discover technologies and software.
See the release notes for all CMDB CI class models.
Request apps on the Store
Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Transport Layer Security (TLS)
TLS is a cryptographic protocol provide communications security over a computer network. The TLS protocol provides privacy and data integrity between communicating computer applications. Once the client and the server have agreed to use TLS, they negotiate a stateful connection by using a handshaking procedure. The server usually provides identification in the form of a digital certificate. The certificate contains the server name, the trusted certificate authority (CA) that vouches for the authenticity of the certificate, and the server's public encryption key. The client confirms the validity of the certificate before proceeding. When the handshake is completed, a secured connection is established.
Scoped apps certification class
The scoped apps certification class supports TLS certificates. With this class you can proactively manage certificates by keeping stakeholders informed about any impending expiries. Use this extension class to promote that certificates are monitored and renewed before they expire, to help prevent severe outage of production systems.
Classes
This section lists the classes that the CMDB CI Class Models app adds or updates. See the class columns table for further details about the columns added for each class.
| Class | Extends | Description |
|---|---|---|
| Unique Certificate [cmdb_ci_certificate] | Configuration Item [cmdb_ci] | A public key certificate in X.509 standard format. |
- The assigned_to attribute now depends on the assignment_group attribute so that users in the assigned_to attribute are filtered based on the specified assignment_group.
- The Certificate Inventory and Management app populates the Unique Certificate [cmdb_ci_certificate] table. The list view for that class does not have a New button and you can no longer add new records to the table. This is because there are certain fields that are extracted from binary encoded parameters in the certificate which users may not be able to provide. Also, certificates have to be discovered rather uploaded.
- You can no longer add or delete attachments in the Certificate file attribute.
| Class | Extends | Description |
|---|---|---|
| Unique Certificate [cmdb_ci_certificate] | Configuration Item [cmdb_ci] | N/A |
| Certificate Domain [certificate_domain] | N/A | Fully qualified domain name. |
Class columns
CMDB CI Class Models: Release 1.4.0 adds the following columns to the respective classes.
| Added columns | Description |
|---|---|
| Certificate file | Certificate in an encoded form. |
| Fingerprint | Hash value of the certificate. |
| Fingerprint algorithm | Algorithm used to hash the certificate. |
| Is certificate authority | Indicates whether a certificate is a Certificate Authority (CA) or not. |
| Is selfsigned | Indicates whether the certificate is self-signed or not. |
| Issuer | Entity that has signed and issued the certificate. Reference: Unique Certificate [cmdb_ci_certificate] |
| Issuer common name | Common name of the issuer. |
| Issuer distinguished name | Distinguished name of the issuer. |
| Key size | Size of the key used by the signing algorithm. Choices:
|
| Renewal tracking | Indicates whether to create any priority 1 or priority 3 tasks for the expiring certificates. |
| Root issuer | Root entity that has signed and issued the intermediate certificate. Choices:
Reference: Unique Certificate [cmdb_ci_certificate] |
| Service type | Indicates whether the certificate is used for external or internal services. |
| Signature algorithm | The cryptographic algorithm used to sign the certificate. Choices:
|
| State | Life cycle states of the certificate. |
| Subject alternative name | List of fully qualified domain names secured by the certificate. Reference: Certificate Domain [certificate_domain] |
| Subject common name | Identifies the hostname/domain associated with the certificate. |
| Subject country | Subject's two letter country code. |
| Subject distinguished name | Identifying information of the subject. |
| Subject email | Subject's email. |
| Subject locality | Subject's locality. |
| Subject organization | Subject's organization. |
| Subject organizational unit | Subject's organizational unit. |
| Subject state | Subject's state. |
| Valid from | Validity start period of the certificate. |
| Valid to | Validity end period of the certificate. |
| Version | X.509 version of the certificate. |
| Added columns | Description |
|---|---|
| Domain | Fully qualified domain name. |
CMDB CI Class Models: Release 1.3.0 adds no columns.