Loading

SSL Certificate Information

From ServiceNow Wiki
Home > Administer > Security > SSL Certificate Information
Jump to: navigation, search

Contents

1 SSL Certificate Information

ServiceNow uses industry standard SSL to secure communications to ServiceNow instances. The certificate used by ServiceNow will change between October 13th to October 21st, 2014 depending on the datacenter. A small number of users may be affected by the change to a new certificate.

1.1 Reason for change

Google has decided any SSL certificates using a SHA-1 signature algorithm must be deprecated in favor of SHA-2 signature algorithm certificates.[1] In early November 2014, Google Chrome will start downgrading the visual indicator (normally a green lock) associated with SSL sites if the SSL certificate expiration date is too far in the future. Currently, the ServiceNow SSL certificate used to secure customer communications to instances will be affected by this downgrade by Google Chrome.

To fix this problem, ServiceNow will be replacing the existing SHA-1 signature algorithm certificate which currently expires in 2017 with another SHA-1 signature algorithm certificate that expires at the end of 2015. This will prevent the downgrade by Google Chrome while causing the least amount of disruption to customer interactions with ServiceNow instances. ServiceNow will be migrating to a SHA-2 signature algorithm certificate in 2015.

1.2 SSL Certificate Change Information

Who is impacted by the SSL certificate change?
While all customers use the new certificate, the only customers likely to require additional changes are those who have integrations, caching, or proxy servers that use a hard-coded ServiceNow SSL certificate. Normal web browsers like Internet Explorer, Firefox, Chrome, or Safari are not affected.
How can I find out if my instance will be impacted?
If you access your ServiceNow instance using a URL similar to https://<instance>.service-now.com/, you are likely not affected. If you access your ServiceNow instance by a different URL, you most likely access the instance through a proxy. Please contact your IT department or network administrator to verify that the proxy will properly handle the SSL certificate change.
Is there anything else to consider?
Some inbound integrations, services connecting to your ServiceNow instance, may have the current SSL certificate hard-coded. You can view integrations that may be affected on the List of Available Integrations. Contact the service owner of any integration that connects to your ServiceNow instance to verify that it will properly handle the SSL certificate change.
Is there a way to test the new certificate?
For an in-depth test plan, please see SSL Certificate Testing.
With the migration to SHA-2 next year, is there anything I can do now to prepare?
Verify any software that connects to ServiceNow instances can handle SHA-2 certificates. DigiCert has a good reference guide on when SHA-2 support was added to various software.
What should I do if there is a problem with the SSL certificate change?
If you believe there is a problem with the SSL certificate change, please contact ServiceNow Technical Support.

2 SSL Certificates

If you have determined that your instance is impacted by the SSL certificate change, use this certificate information to resolve any issues.

2.1 Post-November 2014 SSL Certificates

0 Subject: /C=US/ST=California/L=San Diego/O=ServiceNow/CN=*.service-now.com
  Issuer:  /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
1 Subject: /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
  Issuer:  /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
2 Subject: /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
  Issuer:  /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)



2.2 Pre-November 2014 SSL Certificates

0 Subject: /C=US/ST=California/L=San Diego/O=ServiceNow, Inc./CN=*.service-now.com
  Issuer:  /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
1 Subject: /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
  Issuer:  /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
2 Subject: /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
  Issuer:  /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)


2.3 Certificate Archive

The rest of these certificates are for historical purposes only.

Was this article helpful?
Yes, I found what I needed
No, I need more assistance
Views
Personal tools