Skip to main content
Skip table of contents

ServiceNow REST Integration - Configure EJBCA

The following outlines the EJBCA configuration steps required to Integrate a ServiceNow instance with EJBCA using the REST API.

Enable REST Protocol

To enable the REST protocol:

  1. Log into the EJBCA Admin Web.
  2. Select System Configuration under System Configuration.
  3. Select Protocol Configuration.
  4. Verify the following protocols are enabled:
    • REST Certificate Management
    • REST End Entity Management

For more information about the EJBCA REST API, see EJBCA REST Interface.

Issue ServiceNow Admin Credential

The following provides the steps required to issue a ServiceNow administrator credential.

Create User Certificate Profile

The following describes how to create a user certificate profile in EJBCA.

If a User Certificate Profile (Client Authentication) already exists, proceed to the section ServiceNow REST Integration - Configure EJBCA#Create User End Entity Profile.

To create a user certificate profile:

  1. Select Certificate Profiles under CA Functions.
  2. Select Clone under Actions in the ENDUSER row.
  3. Enter tlsClientAuth in the Name of new certificate profile field.
  4. Select Edit under Actions in the tlsClientAuth row.
  5. Select RSA in Available Key Algorithms.
  6. Select 2048 and 3072 from Available Bit Lengths.
  7. Set the Validity or end date of the certificate to 1y.
  8. In the X.509v3 extensions (Usages) section, select Client Authentication from Extended Key Usages.
  9. In the X.509v3 extensions (Validation Data) section, select the following:
    • CRL Distribution Points
    • Use CA defined CRL Distribution Point
    • Authority Information Access
    • Use CA defined OCSP locator
    • Use CA defined CA Issuer
  10. Clear the LDAP DN Order option.
  11. Click Save to create the certificate profile.

Create User End Entity Profile

The following describes how to create a user end entity profile in EJBCA.

If a User End Entity Profile already exists, proceed to section Issue ServiceNow Admin Credential.

To create a user end entity profile:

  1. Select End Entity Profiles under RA Functions.
  2. In the Add End Entity Profile field.
  3. Enter tlsClientAuth and click Add profile.
  4. Select tlsClientAuth and click Edit End Entity Profile.
  5. In the Main Certificate Data section near the bottom, select the following:
    • Default Certificate Profile: tlsClientAuth
    • Available Certificate Profiles: tlsClientAuth
    • Default CA: Desired Issuing CA
    • Available CAs: Desired Issuing CA
  6. Click Save to create the end entity profile.

Issue ServiceNow Admin Credential 

To issue a ServiceNow administrator credential:

  1. Select RA Web to access the RA Web and select Make New Request.
  2. From the Certificate Type drop-down, select tlsClientAuth. (warning) If an End Entity profile already existed for Client Authentication, select that profile instead
  3. Select By the CA to enable EJBCA to generate the key pair.
  4. Enter ServiceNow REST Admin in the CN, Common Name field.
  5. Enter servicenow_rest_admin in the Username field.
  6. Enter a password in the Enrollment Code field.
  7. Enter the password in the Confirm Enrollment Code field.
  8. Select Download PKCS#12 (P12) and save the P12 locally.
  9. From the top of the page, select Search.
  10. Select Certificates.
  11. Enter ServiceNow Rest Admin in the Search field.
  12. Copy the serial number. (warning) Do not copy the decimal version in the parenthesis.

Create/Modify Registration Authority Role

To add a Registration Authority role:

  1. Select Roles and Access Rules under the System Functions menu.
  2. If a Registration Authority role does not exist, perform the following to create one:
    • Click Add.
    • Enter Registration Authority and click Add.
    • Select Access Rules.
    • Select all applicable Authorized CAs.
    • Select all applicable End Entity Profiles.
    • Click Save.
  3. Select Members next to Registration Authority.
  4. Select the Issuing CA of the P12 certificate from the CA drop-down list.
  5. Enter the Serial Number of the certificate in the Match Value.
  6. Enter ServiceNow REST Admin in the description field.
  7. Click Add to add the role.

If using an External RA for proxying REST calls, verify the /administrator rule is set to Allow in the RA-Peering role on the EJBCA CA.

For more information on roles and access rules in EJBCA, see Roles and Access Rules.

Next: Configure ServiceNow

Next, find instructions on how to Configure ServiceNow.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.