How to update your Edge Encryption digital signature validation key to the new "servicenow2" keySummary Beginning in the Tokyo release, ServiceNow includes a new RSA key for validating signatures on base system encryption configuration and properties. Customers upgrading to Tokyo Patch 1 or later will need to add the new certificate to their keystore. Customers will see the following message for any proxies the new servicenow2 certificate to their keystore. Your proxy is using legacy servicenow key for validation; please update your keystore to use the new servicenow2 key for validation. ReleaseEdge Encryption customers upgrading to Tokyo release Patch 1 and laterInstructions1. Use the java keytool command to export the new servicenow2 certificate from servicenow.jceks under the "update" directory under installation root to a file (for example, servicenow2.cer.) The password for update/servicenow.jceks is the same password as default for keystore/keystore.jceks, ie., "changeme" Export certificate from new keystore keytool -exportcert -rfc -alias servicenow2 -file servicenow2.cer -keystore update/servicenow.jceks -storetype jceks -v Import servicenow2.cer certificate into customer pre-existing keystore keytool -importcert -noprompt -alias servicenow2 -file servicenow2.cer -keystore keystore/keystore.jceks -storetype jceks -v 2. Validate the new servicenow2 validation certificate from the keystore/keystore.jceks 1. List keystore contents: keytool -list -keystore keystore/keystore.jceks -storetype jceks -alias servicenow2 2. Compare imported certificate SHA256 fingerprint with source certificate from update/servicenow.jceks: keytool -list -keystore update/servicenow.jceks -storetype jceks -alias servicenow2 3. Fingerprints for the imported certificate and source certificate should match as: servicenow2, Mar 8, 2022, trustedCertEntry,Certificate fingerprint (SHA-256): FF:0F:2F:47:55:8E:48:ED:D5:D2:6D:B4:B5:B8:96:61:7D:06:6D:D6:5E:D4:28:A1:E5:CD:2B:C5:95:11:7E:9C 3. Restart each proxy to activate the changes.