Configuration management database (CMDB) integration

You can optionally enable ServiceNow CMDB integration to copy certificates to the cmdb_ci_certificate table in ServiceNow, using one or both of these methods:

ServiceNow app option: Use this option if you only want to copy the certificates you request through the ServiceNow app to the CMDB table. When you request a certificate with the ServiceNow app, it saves a local copy to the CMDB table. If you later update the issued certificate in DigiCert® ONE, the changes don’t get synced back to the CMDB table unless you also have a connector in place for the certificate's business unit.
DigiCert ONE connector: Add a connector in DigiCert ONE to copy all certificates from a certain business unit to the ServiceNow CMDB, regardless of certificate status or where the certificates were issued from. An initial migration job copies all the existing certificates from that business unit, and ongoing jobs keep the certificate data in the CMDB table synced with DigiCert ONE. For details on certificate properties that are copied, see ServiceNow CMDB table.

Note

The ServiceNow CMDB table has view-only access. You can’t directly manage the certificates from the CMDB table, but the integration lets you use the CMDB functionality to query, filter, and monitor the certificates from the ServiceNow Workspaces > Certificate Management page.

Prerequisites

To use the CMDB integration features, you need minimum version 1.3.0 of the DigiCert Trust Lifecycle Manager app for ServiceNow.

Your ServiceNow instance must have the Certificate Inventory and Management (App id: sn_disco_certmgmt) v3.3.0 plugin installed, which requires a paid subscription. To learn more and install this plugin:

From the ServiceNow store: Check the Certificate Inventory and Management app listing.
From the Application Manager for your ServiceNow instance: Search for the Certificate Inventory and Management plugin.

ServiceNow app option

Use this integration method if you want to copy certificates you request through the ServiceNow app to the CMDB table.

To enable this option:

Select the CMDB integration item for the DigiCert Trust Lifecycle Manager app in ServiceNow.
Toggle on the option to copy certificates to CMDB.
When toggled on, the DigiCert Trust Lifecycle Manager app will start saving a copy of any certificate you request to the CMDB table.

DigiCert ONE connector

Use this integration method if you want to copy all certificates from a business unit to the ServiceNow CMDB table. The certificates are copied regardless of certificate status or where the certificates were issued from. The certificate data is also synced with ServiceNow on an ongoing basis.

Each connector is associated with a specific business unit and copies certificates from that business unit to the ServiceNow instance. To copy certificates from multiple business units, add multiple connectors in DigiCert ONE.

DigiCert ONE prerequisites

Your DigiCert account must have the Connectors and ServiceNow CMDB integration features enabled in DigiCert® Account Manager. Contact your DigiCert system administrator to verify or enable these features.
The user who will add the ServiceNow connector must have the CMDB Integration Config Manager user role assigned for Trust Lifecycle Manager.

Authentication methods

You can use either of the following methods to authenticate the DigiCert ONE connector to ServiceNow:

Account credentials: Enter the username and password for a ServiceNow account with the "user" role (x_dice_digicertone.user).
Certificate-based authentication: Upload a PKCS#12 certificate to authenticate via mutual TLS (mTLS).
Your ServiceNow instance must be enabled for certificate-based authentication using the same certificate that you add to the DigiCert ONE connector. For details, refer to the official ServiceNow documentation.
You can use any PKCS#12 certificate (with private key and associated password) to set up the connector. For details about how to generate the certificate in DigiCert ONE, see Generate authentication certificate for ServiceNow connector.

Add the connector in DigiCert ONE

You need a separate connector in DigiCert ONE for each business unit whose certificates you want to copy to the ServiceNow CMDB table.

To add the connector in DigiCert ONE:

Select Integrations > Connectors from the Trust Lifecycle Manager menu.
In the IT service management category, select the connector type for ServiceNow.
Fill out the form to configure the connector to ServiceNow:
- Name: Assign a friendly name to the connector.
- Business unit: Select the business unit for the certificates to copy and sync to ServiceNow.
- Instance URL: Enter your ServiceNow instance URL.
- Authentication method: Select one of the available authentication methods and enter the requested information:
  - Account credentials: Enter the ServiceNow user credentials (Username and Password) to use to establish the connection. At minimum, the account specified in the connector must have the "user" role (x_dice_digicertone.user).
  - Certificate-based authentication: Upload a PKCS#12 certificate (with private key) authorized to connect to your ServiceNow instance. Enter the password for the PKCS#12 certificate file.
Select Add to finish adding the new ServiceNow connector.

Verify or edit the connector

To verify or edit the connector in DigiCert ONE:

Select Integrations > Connectors from the Trust Lifecycle Managermenu.
Select the ServiceNow connector by name to view the details for it.
If you need to make changes, select the pencil icon to edit the connector details. Update the applicable fields and select Update.

Migration jobs

When the connection from DigiCert ONE to ServiceNow is established:

A one-time migration job runs after 30 minutes to copy all existing certificates from the selected business unit to the CMDB table. You can track the status of the initial migration job from the CMDB integration page in the DigiCert Trust Lifeycle Manager app in ServiceNow.
Once the initial migration is complete, an ongoing incremental synchronization job runs every 10 minutes to copy any updated certificate data to the ServiceNow CMDB table.
All certificates, regardless of the certificate status or where the certificates were issued from, are copied to the CMDB table. This may include a mix of valid, revoked, suspended, and expired certificates.
Note
Trust Lifecycle Manager-specific certificate metadata such as certificate tags, custom attributes (service departments, cost centers, business unit name, etc.), and certificate owners don’t get copied to the CMDB table.
For details on what certificate properties are copied to the CMDB table, see ServiceNow CMDB table.

ServiceNow CMDB table

You can view the following certificate properties in the CMDB table after the initial migration job is completed. These fields represent the actual data copied to the CMDB for each certificate. They are updated during every sync with Trust Lifecycle Manager, including any new certificates issued or added to the business unit after the initial migration.

Field	Type	Required	Description
`cert_template`	string	No	Name of the profile's base template.
`certificate`	string	Yes	Content of the certificate in PEM or Base64 formats.
`issuer_common_name`	string	No	Common name of the issuer.
`key_size`	string	Yes	Key length or curve size (2028, 4096, etc).
`serial_number`	string	No	Serial number (hexadecimal characters)
`signature_algorithm`	string	No	Signature algorithm (for example, sha256RSA).
`state`	enum	Yes	Current status of the certificate, which can be `Issued`, `Installed`, `Revoked`, `Retired`, or `Other`.
`subject_common_name`	string	No	Common name in the Subject DN of the end-entity certificate.
`subject_country`	string	No	Two letter ISO country code.
`subject_distinguished_name`	string	No	Full Distinguished Name (DN) string if aggregated.
`subject_email`	string	No	Email address from the `subject` field or Subject Alternative Name.
`subject_locality`	string	No	Locality (L)
`subject_organization`	string	No	Organization (O)
`subject_organizational_unit`	string	No	Organizational Unit (OU)
`subject_state`	string	No	State or Province (ST)
`thumb_print`	string	Yes	Certificate's hash value (SHA-256/SHA-1).
`valid_from`	Date	Yes	Indicates the timestamp from which the certificate is valid.
`valid_to`	Date	Yes	Indicates the timestamp after which the certificate is no longer valid.

In this section: