Microsoft Certificate Authority (CA) certificates discovery
The ServiceNow Discovery application can discover Microsoft Certificate Authority (CA) certificates using the Microsoft CA - Certificate Management pattern. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.
Request apps on the Store
Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Starting with version 1.27.0, Discovery and Service Mapping Patterns supports discovering the subject alternative name (SAN) for both the all request IDs and the template ID discovery methods.
Prerequisites
- Verify the following applications are up to date
-
- Discovery and Service Mapping Patterns
- CMDB CI Class Models
- Verify the certificate Authority process
- Ensure that the CA process is up and running on the host machine.
- Verify previous Windows discovery
- Verify a Windows host was discovered during a previous horizontal discovery. For more information, see Windows discovery.
- Create a serverless discovery schedule
Create a discovery schedule to perform targeted discovery of Microsoft CA certificates using the host on which the CA process is running. For more information, see Create a serverless schedule for Microsoft Certificate Authority (CA) discovery.
Data collected by Discovery during horizontal discovery
Discovery populates the data in the CMDB when running the Microsoft CA - Certificate Management pattern.
| Field | Description |
|---|---|
| Fingerprint [fingerprint] | Hash value of the certificate. |
| Fingerprint algorithm [fingerprint_algorithm] | Algorithm used to hash the certificate. |
| Subject common name [subject_common_name] | Identifies the host name/domain associated with the certificate, listed in the certificate's Subject field. |
| Subject distinguished name [subject_distinguished_name] | Identifying information of the subject listed in the certificate's Subject field. |
| Issuer distinguished name [issuer_distinguished_name] | Distinguished name of the issuer. |
| Comments [comments] | Includes a readable description for users. |
| Renewal tracking [renewal_tracking] | Indicates whether to create any priority 1 or priority 3 tasks for the expiring certificates. |
| Certificate Template [cert_template] | Certificate template that defines the policies and rules that a CA uses when a request for a certificate is received. |
| Certificate ThumbPrint [thumb_print] | Unique identifier for certificates in applications when making trust decisions, in configuration files, and when displayed in interfaces. |
| Issuer common name [issuer_common_name] | Common name of the issuer. |
| Valid from [valid_from] | Validity start period of the certificate. |
| Serial Number [serial_number] | Serial number of the certificate. |
| Subject country [subject_country] | Two-letter country code in the certificate's Subject field. |
| Subject organization [subject_organization] | Organization listed in the certificate's Subject field. |
| Issuer [issuer] | Entity that signed and issued the certificate. |
| Subject organizational unit [subject_organizational_unit] | Organizational unit listed in the certificate's Subject field.. |
| Subject alternative name [subject_alternative_name] | List of fully qualified domain names secured by the certificate, listed in the certificate's Subject field. |
| Valid to [valid_to] | Validity end period of the certificate. |
| Name [name] | Name of the CI. |
| State [state] | Life-cycle state of the certificate. For example: Installed, Issued, or Revoked. |
| Root issuer [root_issuer] | Root entity that signed and issued the immediate certificate. |
| Subject locality [subject_locality] | Locality listed in the certificate's Subject field. |
| Subject state [subject_state] | State listed in the certificate's Subject field. |
| Operational status [operational_status] | Indicates whether the certificate is valid or was revoked. Possible values are:
|
| Signature algorithm [signature_algorithm] | Signature algorithm of the certificate. For example: SHA-256, sha256RSA, or SHA1withRSA. |
| Request Type [request_type] | Format used for requesting the certificate. |
| Request Submission Date [request_submission_date] | Date that the certificate request was submitted. |
| Request Resolution Date [request_resolution_date] | Date that the certificate request was resolved by the CA. |
| Request Revocation Date [request_revocation_date] | Date that the certificate was revoked. This field is populated only for revoked certificates. |
| Effective Revocation Date [effective_revocation_date] | Date that the certificate was effectively revoked by being added to the Certificate Revocation List (CRL). This field is populated only for revoked certificates. |
| Revocation Reason [revocation_reason] | Reason for the certificate’s revocation. This field is populated only for revoked certificates. |
| Requester Name [requester_name] | Name of the person who requested the certificate. |
| Template Enrollment Flags [template_enrollment_flags] | Information about the certificate that needs to be acted on by the CA or the certificate’s owner. For more information, search for the error code in the official Microsoft documentation site. |
CI relationships
The Microsoft CA - Certificate Management pattern doesn’t create any CI relationships.