The Machine Identity Protection app for ServiceNow (MIPS) leverages the power of ServiceNow and Venafi TLS Protect to manage the lifecycle of your TLS Certificates. This application is capable of integrating with both TLS Protect Datacenter and TLS Protect Cloud and supports connecting to more than one TLS Protect environment at the same time.
The app allows organizations to standardize and streamline the process of requesting, installing, renewing and revoking certificates. When you implement and use this app, you directly implement processes that are based on experience with Fortune 500 organizations and supports Self Service.
With this integration application, an organization can
- Improve compliance and adherence to policies and standards by simplifying User request process
- Maintain an accurate inventory of all Machine Identity installed locations and association with CI in the CMDB
- Be able to replace all machine identities in a business as usual manner without additional manpower and emergency change management
- Leverage ServiceNow workflows for certificate request and approval to adhere to organizational policies and processes
- Avoid outages resulting from
- Unknown and unmanaged key stores / installed locations
- Untimely certificate renewals
DifendaWorks' Machine Identity Protection app is the most comprehensive solution available today for integrating Venafi TLS Protect and ServiceNow. Many organizations have chosen and implement Venafi TLS Protect to manage Machine Identities (Certificates, keys) but wish to seamlessly manage their certificates within their IT Service Management framework.
With the Machine Identity Protection application, users can leverage the power of the Venafi TLS Protect platform right from the ServiceNow UI. Certificates, server and keystore objects created and maintained in Venafi can be mapped and associated with CIs in ServiceNow. The app provides a self-service capability for certificate management to application and infrastructure support personnel. It enables users to
- Request for New Certificates
- Automatically deploy certificates using Venafi TPP
- Renew Certificates and install renewed certificates
- Revoke a Certificate
- Retire a Certificate
- Synchronize certificate changes in TPP back to ServiceNow
- Bulk renew / revoke certificates
- Request and renew SSH Certificates
This application provides organizations the fastest path to integrating Venafi and ServiceNow. If you are a current user of Venafi TLS Protect Datacenter and have plans to move to Venafi TLS Protect Cloud, the application provides an almost seamless experience for the end users as their UI, processes, etc do not change.
Version 8.0 Release Notes
Version 8.0 introduces the tlsrequests table, which manages all requests within the scoped application. Tables that have been extended from the Task table have been deprecated.
Key Enhancements:
- Multi-TLS Environment Support: Since version 7.x, the application has supported integration with multiple TLS environments. Now, every request and certificate record must be linked to a TLS Protect Environment identifier.
- Enhanced Change Management Integration: A more streamlined integration has been implemented. Change requests will now be automatically created for Certificate Installation Requests and can also be generated for Certificate Requests and Renewals.
- Unified Certificate Import Experience: The process for importing certificates is now consistent across both initial submissions and renewals.
- Venafi Workflow Enhancements: When the workflow requires approval for a Venafi Workflow (stage 500 or 800), it will now verify that the Venafi Workflow ticket has been removed after approval before proceeding.
Bug Fixes:
- CSR-Based Requests in TLSP Cloud: Fixed an issue where Certificate Signing Request (CSR)–based certificate creation was not processing correctly.
- Notification Issues: Resolved problems where some notifications were either not triggered or not generated.
- Certificate Name Change During Renewal: Fixed an issue preventing certificate names from being updated during renewal.
- Certificate Parsing Errors: Addressed issues occurring when certificates were uploaded for import.
This release improves overall stability, enhances integration capabilities, and refines user experience.
ServiceNow ITSM module required. Integration Hub is not required.
A MID Server will be required for this application. Connections to the TLS Protect Datacenter REST API are made through the MID Server.
For TLS Protect Cloud, the MID server is still required as there are some PowerShell scripts and one other executable that is requried for encrypting sensitive data before sending to TLS Protect Cloud API.