(Optional) Adding SSL Certificate to MidServer

Optionally, SSL certificates can be added to the MID Server for secure communication.

If the certificate for the site is published from an internal Active Directory Certificate Authority (CA) or an internal self-generated certificate, that certificate needs to be added to the MID Server Agent’s local Keystore for Java.

ServiceNow has documented the method for adding the certificate which can be found here.

The following steps are the additional details to the ServiceNow documentation.

  1. Download your SSL certificate for PAS / Secret Server to the MID Server.

  2. One way to get the certificate is to go to a PAS / Secret Server website.

  3. Select the Site icon on the address bar.

  4. Navigate to Certificate > Details > Copy to File > Export and save it in the following format Der-encoded binary (.cer).

  5. Copy the certificate file to MidServer.

  6. Go to MidServer, open a PowerShell prompt and set the location to the Java bin directory: <JavaDirectoryPath>\jre\bin.

  7. Run the following command, replacing with your environment specifics:

    exe -import -alias -file -keystore

    Example:

    keytool -import -alias myAlias -file myCertificate.cer -keystore "C:\Program Files\Java\jre1.8.XXXX\lib\security\cacerts"

  8. You will be prompted to provide the password for the Keystore. The password should have been changed within your environment. If not, the default password is change it.

  9. You will be prompted to a screen that asks if you trust the self-signed certificate. Select Yes and the certificate will be imported into the trust store.

Once you have submitted and installed the integration through either the ServiceNow Store or manual import, your MID Servers should pull both the credential resolver and setup utility JAR files. To verify that the file has been downloaded, check the extlib directory within your agent’s root path.