Skip to main content

Generate authentication certificate for ServiceNow connector

If you use a DigiCert® ONE connector to integrate with the ServiceNow configuration management database (CMDB), you have the option to authenticate the connector via mutual TLS (mTLS).

You can use any PKCS#12 certificate (with private key and associated password) to set up certificate-based authentication in the ServiceNow connector. To generate the authentication certificate in DigiCert ONE, use one of the following services.

Trust Lifecycle Manager

To generate the authentication certificate in DigiCert ONE Trust Lifecycle Manager, you first need to create a certificate profile for Browser PKCS12 enrollment. You can then use the profile to issue the PKCS#12 certificate for the ServiceNow connector.

To create the certificate profile in DigiCert ONE Trust Lifecycle Manager:

  1. Sign into DigiCert ONE as a user with the Manager or Certificate profile manager role or equivalent permissions.

  2. Open the managers (grid) menu on the top-right and navigate to Trust Lifecycle

  3. In the Trust Lifecycle Manager menu, select Policies > Certificate profiles.

  4. Select Create profile from template.

  5. Select the Generic User Certificate base template as the basis for creating the new certificate profile. To use this base template, you must have at least one available User seat in your account.

    Work through the profile creation wizard, focusing on the options described below and making other selections for your business needs. After filling out each screen, select Next to move to the next screen.

  6. In the General information section:

    • Profile name: Enter a name to help identify this profile.

    • Business unit: Select a business unit for the certificate for tracking purposes.

    • Issuing CA: Select an available CA in your DigiCert ONE account to issue the certificate.

  7. For the Enrollment method, make sure to select Browser PKCS12.

  8. For the Authentication method, select Manual approval.

  9. Select Next to proceed through the remaining profile creation wizard screens. You can keep the default options or change the selections per your business needs.

  10. On the final screen, select Create to create the new certificate profile.

  11. Copy the Enrollment URL for this profile in the popup window that opens. You need it to issue certificates from this profile.

To request issuance of the authentication certificate:

  1. Use a web browser to access the Enrollment URL for the certificate profile you created.

  2. Complete the enrollment form:

    • Requestor email: Enter the email address to associate with this certificate in Trust Lifecycle Manager. Once approved, the URL to download the new certificate will be sent here.

    • Common name: Enter the common name to use for the certificate Subject DN. For example, enter a first and last name, a username, or an email address.

  3. Select Submit to submit the enrollment request.

To approve the enrollment request in DigiCert ONE Trust Lifecycle Manager:

  1. Sign into DigiCert ONE as a user with the Manager or User and certificate manager role or equivalent permissions.

  2. Open the managers (grid) menu on the top-right and navigate to Trust Lifecycle

  3. In the Trust Lifecycle Manager menu, select Inventory > Enrollments.

  4. Locate the pending enrollment for the authentication certificate. Select Approve enrollment to approve the request.

After approving, the URL to download the new PKCS#12 certificate gets sent to the email address from the enrollment request.

Download the certificate to a secure location. You need it to configure certificate-based authentication in ServiceNow and to configure the connector in DigiCert ONE.

Account Manager

You can generate the authentication certificate in DigiCert ONE Account Manager, using the same service account you used to install the ServiceNow app.

To generate the authentication certificate in DigiCert ONE:

  1. In DigiCert ONE, navigate to the Profile icon (top right) > Admin Profile > Access > Service User.

  2. Select the name of the service user you created for installing the ServiceNow app.

  3. In the Client authentication certificates section, select Create client authentication certificate.

  4. Enter a Nickname to help identify this authentication certificate.

  5. Select an End date for how long this authentication certificate should remain valid.

  6. Select Generate certificate.

  7. Copy and save the password to a secure location. You need it to configure the connector in DigiCert ONE.

  8. After saving the password, select Download certificate to download the authentication certificate.

  9. Follow the instructions in the popup window to save the PKCS#12 certificate file to your computer.

    Make note of the location where you save the file. You need it to configure certificate-based authentication in ServiceNow and to configure the connector in DigiCert ONE.