Compliance and security hygiene go hand in hand. Lack of visibility to the deployed and expiring TLS certificates results in service outages and data breaches. The latest data breach from the largest consumer credit reporting company says “TLS certificate had expired about 10 months before the breach occurred, meaning that encrypted traffic was not being inspected throughout that period”

Certificate Inventory and Management solution provide a platform-centric approach to the lifecycle management of TLS certificates. This solution combined with task fulfillment can provide a methodical approach to the request and renewal management of expired TLS certificates. Automating manual tasks like a request for new certificates and renewal of expired certificates increases the productivity of the public-key infrastructure (PKI) team by ~30% and helps to digitize their manual workflows. Below are the key customer outcomes realized by the newly introduced cert management solution.

Lifecycle Management for TLS certificates

With Orlando release, PKI team can unlock the potential of discovery data, which provides comprehensive visibility to the deployed certificates. ServiceNow platform and CMDB are effectively being used as the system of record to automate IT workflows. PKI team can use the discovered TLS information to effectively track the lifecycle of TLS certificate. 

Version 1.0 (available via store.servicenow.com) - Key features :

• Discovery and Inventory of deployed TLS certificates via IP/port scans (Shazzam) and from URLs.
• Topology visibility to deployed TLS certificates with a complete view of server certs, Intermediate certificates, and root certificates
• Ownership tracking and service context to understand the business impact in the case of cert expiry.
• Request Fulfilment / Renewal of TLS certificate management with ServiceNow TASK automation.
• Dashboards and Insights to proactively track the TLS certificate expiry with a new certificate pipeline view which shows TLS cert expiry with 30 day/60 day and 90 days view.
• Automated Incident management for TLS certificates expired.

Screenshots - TLS certificate deployed in 3 printers

Detection of zombie/rouge TLS certificates

Evolution of DevOps and decentralized process resulted in “Instrument everything & establish a culture of automation”. “Several Internal applications built and shipped with the DevOps model run with self-signed TLS certificates. Lack of visibility to self-signed certificates has resulted in several application outages” – the Largest baking customer.

If you are an early access Orlando family release customer, try out the new TLS cert management application from the store.servicenow.com.