ServiceNow REST Integration - Configure EJBCA

The following outlines the EJBCA configuration steps required to Integrate a ServiceNow instance with EJBCA using the REST API.

Enable REST Protocol

To enable the REST protocol:

Log into the EJBCA Admin Web.
Select System Configuration under System Configuration.
Select Protocol Configuration.
Verify the following protocols are enabled:REST Certificate ManagementREST End Entity Management

For more information about the EJBCA REST API, see EJBCA REST Interface.

The following provides the steps required to issue a ServiceNow administrator credential.

The following describes how to create a user certificate profile in EJBCA.

To create a user certificate profile:

Select Certificate Profiles under CA Functions.
Select Clone under Actions in the ENDUSER row.
Enter tlsClientAuth in the Name of new certificate profile field.
Select Edit under Actions in the tlsClientAuth row.
Select RSA in Available Key Algorithms.
Select 2048 and 3072 from Available Bit Lengths.
Set the Validity or end date of the certificate to 1y.
In the X.509v3 extensions (Usages) section, select Client Authentication from Extended Key Usages.
In the X.509v3 extensions (Validation Data) section, select the following:CRL Distribution PointsUse CA defined CRL Distribution PointAuthority Information AccessUse CA defined OCSP locatorUse CA defined CA Issuer
Clear the LDAP DN Order option.
Click Save to create the certificate profile.

The following describes how to create a user end entity profile in EJBCA.

If a User End Entity Profile already exists, proceed to section Issue ServiceNow Admin Credential.

To create a user end entity profile:

Select End Entity Profiles under RA Functions.
In the Add End Entity Profile field.
Enter tlsClientAuth and click Add profile.
Select tlsClientAuth and click Edit End Entity Profile.
In the Main Certificate Data section near the bottom, select the following:Default Certificate Profile: tlsClientAuthAvailable Certificate Profiles: tlsClientAuthDefault CA: Desired Issuing CAAvailable CAs: Desired Issuing CA
Click Save to create the end entity profile.

To issue a ServiceNow administrator credential:

Select RA Web to access the RA Web and select Make New Request.
From the Certificate Type drop-down, select tlsClientAuth. (warning) If an End Entity profile already existed for Client Authentication, select that profile instead
Select By the CA to enable EJBCA to generate the key pair.
Enter ServiceNow REST Admin in the CN, Common Name field.
Enter servicenow_rest_admin in the Username field.
Enter a password in the Enrollment Code field.
Enter the password in the Confirm Enrollment Code field.
Select Download PKCS#12 (P12) and save the P12 locally.
From the top of the page, select Search.
Select Certificates.
Enter ServiceNow Rest Admin in the Search field.
Copy the serial number. (warning) Do not copy the decimal version in the parenthesis.

To add a Registration Authority role:

Select Roles and Access Rules under the System Functions menu.
If a Registration Authority role does not exist, perform the following to create one:Click Add.Enter Registration Authority and click Add.Select Access Rules.Select all applicable Authorized CAs.Select all applicable End Entity Profiles.Click Save.
Select Members next to Registration Authority.
Select the Issuing CA of the P12 certificate from the CA drop-down list.
Enter the Serial Number of the certificate in the Match Value.
Enter ServiceNow REST Admin in the description field.
Click Add to add the role.

If using an External RA for proxying REST calls, verify the /administrator rule is set to Allow in the RA-Peering role on the EJBCA CA.

For more information on roles and access rules in EJBCA, see Roles and Access Rules.

Next, find instructions on how to Configure ServiceNow.