Protecting the security and privacy of our customers is among our top priorities, so ServiceNow utilizes SSL/TLS to encrypt communications for all customer instances. In order to continue to provide best-in-class protection, we are upgrading our SSL/TLS encryption.
We are making this change because SSL certificates signed with the SHA1 algorithm have been known for some time to contain security weaknesses that could lead to the unintentional disclosure of sensitive information if compromised. An industry-wide effort (led by Google, Microsoft, and others) is forcing the timeframe for sun-setting the use of this older technology.
In addition to the technical change, ServiceNow is leveraging this opportunity to increase the frequency at which we rotate SSL certificates. A shorter lifespan for SSL certificates reduces our exposure window and also gives us greater flexibility to deal with unforeseen security issues. Since so many recent headlines have featured exposures in the SSL protocol and the surrounding technologies (Heartbleed, POODLE, root CA compromises, unauthorized disclosures) ServiceNow views this as a necessary step in order to stay ahead of current and future threats.
The following changes occur when we upgrade our SSL/TLS encryption:
|Note: Events that may trigger a notification include, but are not limited to, a change in Root CA providers or disabling a feature or supported algorithm.|
All customers utilizing the ServiceNow web application use the new SSL certificate, but for the most part, this is a transparent change.
The only customers likely to require manual intervention are those who have integrations, caching or proxy servers that use a hard-coded ServiceNow SSL certificate.
Normal web browsers like Internet Explorer, Firefox, Chrome, or Safari are not affected.
ServiceNow uses Entrust as our 3rd party Certificate Authority (CA). The *.service-now.com SHA-2 SSL certificate is anchored to the Entrust G2 Root that expires December 7, 2030. Entrust has indicated that there are no planned changes to the root hierarchy and if one does occur, ample notice will be provided before any changes are made that could impact the validity of the Root CA.
If you believe there is a problem with the SSL certificate change, please contact ServiceNow Technical Support.
If you have determined that your instance is impacted by the SSL certificate change, use this certificate information to resolve any issues.
Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G
Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
Not Before: Jul 7 17:25:54 2009 GMT
Not After : Dec 7 17:55:54 2030 GMT
Serial Number: 1246989352 (0x4a538c28)
Note that the *.service-now.com SSL certificate and associated Entrust chain certificates are subject to change and not provided here. If you need more information, please contact ServiceNow Technical Support.