Unified Keystore for MID
- Unified Keystore is a new feature introduced from Quebec to have a single keystore that can be used everywhere.
- This allows the customers to import their own certificates into the MID Keystore and use this certificate when connecting to the instance, instead of us generating a self signed certificate.
- Customer's configure the MID to use a custom certificate using a post installation script.
- The procurement of the certificate bundle which involves "Client certificate" and a "Private key" from a trusted CA has to be done by the customer and Servicenow will not generate the same.
- Command to install and remove the certificates
- <agent_path>/bin/scripts/install-certificate.sh <certificate path>
- <agent_path>/bin/scripts/install-certificate.bat <certificate path>
- <agent_path>/bin/scripts/remove-certificate.sh <certificate path>
- <agent_path>/bin/scripts/remove-certificate.bat <certificate path>
- The products "Agent client collector" and "Loom" connects to the MID through the web server running on the MID itself.
- Instead of each product running its own SSL termination and each having its own certificates, the same Keystore is used there by same certificates are used here (for MID server to the instance, Agent Client Collector to MID and Loom to MID)
- So, all the above uses the same certificate to ensure that their connections are using the same certificate.
- Once the MID is configured with the custom certificate, the "Is using a custom certificate" option would be checked on the MID instance record.