ServiceNow REST Integration - Configure EJBCA
The following outlines the EJBCA configuration steps required to Integrate a ServiceNow instance with EJBCA using the REST API.
Enable REST Protocol
To enable the REST protocol:
Log into the EJBCA Admin Web.
Select System Configuration under System Configuration.
Select Protocol Configuration.
Verify the following protocols are enabled:
REST Certificate Management
REST End Entity Management
For more information about the EJBCA REST API, see EJBCA REST Interface.
Issue ServiceNow Admin Credential
The following provides the steps required to issue a ServiceNow administrator credential.
Releated Content
Create User Certificate Profile
The following describes how to create a user certificate profile in EJBCA.
If a User Certificate Profile (Client Authentication) already exists, proceed to the section Create User End Entity Profile.
To create a user certificate profile:
Select Certificate Profiles under CA Functions.
Select Clone under Actions in the ENDUSER row.
Enter tlsClientAuth in the Name of new certificate profile field.
Select Edit under Actions in the tlsClientAuth row.
Select RSA in Available Key Algorithms.
Select 2048 and 3072 from Available Bit Lengths.
Set the Validity or end date of the certificate to 1y.
In the X.509v3 extensions (Usages) section, select Client Authentication from Extended Key Usages.
In the X.509v3 extensions (Validation Data) section, select the following:
CRL Distribution Points
Use CA defined CRL Distribution Point
Authority Information Access
Use CA defined OCSP locator
Use CA defined CA Issuer
Clear the LDAP DN Order option.
Click Save to create the certificate profile.
Create User End Entity Profile
The following describes how to create a user end entity profile in EJBCA.
If a User End Entity Profile already exists, proceed to section Issue ServiceNow Admin Credential.
To create a user end entity profile:
Select End Entity Profiles under RA Functions.
In the Add End Entity Profile field.
Enter tlsClientAuth and click Add profile.
Select tlsClientAuth and click Edit End Entity Profile.
In the Main Certificate Data section near the bottom, select the following:
Default Certificate Profile: tlsClientAuth
Available Certificate Profiles: tlsClientAuth
Default CA: Desired Issuing CA
Available CAs: Desired Issuing CA
Click Save to create the end entity profile.
Issue ServiceNow Admin Credential
To issue a ServiceNow administrator credential:
Select RA Web to access the RA Web and select Make New Request.
From the Certificate Type drop-down, select tlsClientAuth.
If an End Entity profile already existed for Client Authentication, select that profile insteadSelect By the CA to enable EJBCA to generate the key pair.
Enter ServiceNow REST Admin in the CN, Common Name field.
Enter servicenow_rest_admin in the Username field.
Enter a password in the Enrollment Code field.
Enter the password in the Confirm Enrollment Code field.
Select Download PKCS#12 (P12) and save the P12 locally.
From the top of the page, select Search.
Select Certificates.
Enter ServiceNow Rest Admin in the Search field.
Copy the serial number.
Do not copy the decimal version in the parenthesis.
Create/Modify Registration Authority Role
To add a Registration Authority role:
Select Roles and Access Rules under the System Functions menu.
If a Registration Authority role does not exist, perform the following to create one:
Click Add.
Enter Registration Authority and click Add.
Select Access Rules.
Select all applicable Authorized CAs.
Select all applicable End Entity Profiles.
Click Save.
Select Members next to Registration Authority.
Select the Issuing CA of the P12 certificate from the CA drop-down list.
Enter the Serial Number of the certificate in the Match Value.
Enter ServiceNow REST Admin in the description field.
Click Add to add the role.
If using an External RA for proxying REST calls, verify the /administrator rule is set to Allow in the RA-Peering role on the EJBCA CA.
For more information on roles and access rules in EJBCA, see Roles and Access Rules.