How to find the correct X509 certificate from SAML responseDescriptionThe purpose of this article is to provide useful troubleshooting steps for LDAP connectivity issues. The LDAP Server might suddenly lose connection after multiple attempts, causing updates interruption from the Active Directory import process. One of the possible and most likely reasons is the X509 certificates defined in the instance do not match the ones coming in from the SAML response from the Identity Provider. The steps below are required in order to retrieve the correct certificate value: Navigate to https://<instance>.service-now.com/nav_to.do?uri=/syslog_list.doSet the list filter: Message starts with SAML Response xml Ref.: https://<instance>.service-now.com/syslog_list.do?sysparm_query=messageSTARTSWITHSAML%20Response%20xml Open the latest log recordThe correct certificate value is between xml tags <ds:X509Certificate> and </ds:X509Certificate>Copy this value, without the xml tagsNavigate to https://<instance>.service-now.com/nav_to.do?uri=/sys_certificate_list.doCreate a new certificateFill up the required fields and paste the certificate value in the PEM Certificate box using this template: -----BEGIN CERTIFICATE----- <certificate value> -----END CERTIFICATE----- Click Submit The LDAP server should now connect again, and the import / update from the AD should work if the issue was an incorrect certificate. Release or EnvironmentCauseResolutionAdditional Information