F5 certificate discovery
The ServiceNow® Discovery application uses The F5-SSH-SSL Certification pattern extension to find all associated certificates on F5 load balancers that use IPv4 addresses, IPv6 addresses, or both.
Request apps on the Store
Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
IPv6 support limitations
- F5 SNMP is not supported.
- MID Server cannot run REST APIs with IPv6.
To run discovery with F5 REST, see KB0864769.
Prerequisites
- Verify the applications are up to date
-
- Discovery and Service Mapping Patterns
- CMDB CI Class Models
- Verify the configuration of F5 load balancer
-
- Ensure that F5 load balancer instances are up and running.
- Make sure the host (that has the F5 instance running on it) can discover successfully with the Discovery user credentials.
- Verify the configuration of Discovery
- Ensure that the Discovery user added in the ServiceNow AI Platform instance can run the following commands:
Command Description modify Modifies the TMSH components. You can modify one or more property settings in multiple components. The modify command uses the following option: display-threshold pager
display_threshold Allows you to re-enable a display-threshold in your script. list Displays components that you have permission to view or are passed as arguments. The list command looks for the following arguments:- ssl-cert
- certificate-key-size
- checksum
- create-time
- expiration-string
- issuer
- subject
- version
- fingerprint
- serial-number
- subject-alternative-name
- size
- Verify the configuration of the patterns
-
Make sure that the F5-SSH-SSL Certification shared library is added to the extension section of the F5 Load Balancer and F5 Load Balancer SSH patterns, in order to collect the certification attributes.
F5 certificate discovery class model
Data collected by Discovery during horizontal discovery
The discovered data includes the following tables and fields.
| Table and field | Description |
|---|---|
| Base Configuration Item Cluster [cmdb] | |
| Serial number | Serial Number associated with the CI. |
| Configuration Item [cmdb_ci] | |
| operational_status | Operational status of the cluster node. |
| Unique Certificate [cmdb_ci_unique_certificate] | |
| fingerprint | Hash value of the certificate. |
| fingerprint algorithm | Algorithm used to hash the certificate. |
| subject common name | Identifies the hostname/domain associated with the certificate. |
| subject distinguished name | Identifying information of the subject. |
| issuer distinguished name | Distinguished name of the issuer. |
| comments | |
| renewal tracking | Indicates whether to create any priority 1 or priority 3 tasks for the expiring certificates. |
| issuer common name | Common name of the issuer. |
| valid From | Validity start period of the certificate. |
| serial Number | Serial Number associated with the CI. |
| subject country | The subject's two letter country code. |
| subject organization | Subject’s organization. |
| Version | X.509 version of the certificate. |
| Issuer | Entity that signed and issued the certificate. |
| subject organizational unit | Subject's organizational unit. |
| subject alternative name | List of fully qualified domain names secured by the certificate. |
| valid to | Validity end period of the certificate. |
| name | |
| State | Lifecycle states of the certificate. |
| root issuer | Root entity that signed and issued the immediate certificate. |
| key size | Size of the key used by the signing algorithm. |
| subject locality | Subject's locality. |
| subject state | Subject's state. |
CI relationships
The The F5-SSH-SSL Certification pattern extension does not create any CI relationships.