Certificate Management | How to Add Certificates from a Certificate Chain to the Bulk Certificate Upload TemplateSummary<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } This article serves as a guide on how to add the certificates in a certificate chain to the Certificate Bulk Upload Template and covers the following topics. How to export the certificates to filesWhere to download the template fromHow to get the property values from the certificate filesHow to appropriately set the certificates values to the template Facts<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Certificate Chain: A certificate chain, or chain of trust, is a hierarchical sequence of digital certificates starting with an end-entity certificate (e.g., a website's SSL certificate) and ending with a trusted root certificate from a recognized CA. This chain verifies the end-entity certificate's authenticity by linking it to a pre-installed root certificate in devices or browsers, with each certificate cryptographically signed by the next entity in the chain. NOTE: If the certificate you want to add to the Bulk Upload Template is a Self-Signed Certificate then please follow the below article instead. KB2640782: Certificate Management | How to Add a Self-Signed Certificate to the Bulk Certificate Upload Template Bulk Certificate Upload Template: The Bulk Upload Template can be downloaded from your instance following the below procedure. Navigate to All > Certificate Management > Bulk Upload Certificates.From the Bulk Upload page, select Download Template File (.xlsx) link to download the sample_cmdb_ci_certificate.xlsx file.Open the downloaded sample_cmdb_ci_certificate.xlsx file. Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Certificate Inventory and Management version 1.2.0 and later Instructions<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } I. Export the Certificates in the chain from a Web Browser Note: The below procedure is using Chrome, steps will be similar but may vary in other web browsers. A quick Google search on "how to export ssl certificate from <web browser name>" should return exact steps. Open Chrome browser and navigate to the website for which you want to export the certificate. Click the padlock icon in the URL bar. Click Connection is secure and then Certificate is valid. A certificate viewer window will appear. Click the Details tab. Repeat next steps 6 through 8 for each certificate in the Certificate Hierarchy starting with the Root certificate at the top of the chain and work your way down to the last certificateClick the Export button at the bottom. In the Certificate Export Wizard, choose the format Base64 encoded ASCII, single certificate and click Next. Name the file ending with .pem, select a location, and click Save. II. Get the Certificate Properties from the Certificate files The below columns from the Bulk Upload Template are mandatory fields that must be filled in on the template. root_issuerissuersubject_common_nameissuer_common_namefingerprintissuer_distinguished_namesubject_distinguished_namefingerprint_algorithmvalid_to: Cannot be less than valid_fom. By milliseconds. For example, 1586789478000 represents 13 April 2020 14:51:18valid_from: By milliseconds. For example, 1586789478000 represents 13 April 2020 14:51:18signature_algorithmkey_sizestate: issued, installed, revoked, retired, or other If you're not sure where to get these certificate properties from in the certificate then you can follow either of the two below KB articles depending on what OS the computer you're implementing this from is running. UNIX/Linux OS with openssl installed: KB2624956: Certificate Management | openssl Commands to Get Field Data From an SSL Certificate File for Populating the Template to Bulk Upload Certificates Windows OS: KB2631375: Certificate Management | PowerShell Commands to Get Field Data from an SSL Certificate File for Populating the template to Bulk Upload Certificates III. Add the Root Certificate from The Chain to The Bulk Upload Template The Root Certificate is the certificate at the top of the Certificate Hierarchy. 1. Add any of the below properties that you collected from the Root Certificate to the Bulk Upload Template. fingerprint, fingerprint_algorithm, is_ca, issuer_common_name, issuer_distinguished_name, key_size, valid_to, valid_from, version, serial_number, signature_algorithm, subject_common_name, subject_distinguished_name, subject_organization, subject_organizational_unit, subject_email, subject_country, subject_state, subject_locality, subject_alternative_name 2. For the Root Certificate, set the issuer and the root_issuer columns to the same value as it's own fingerprint. Example: If the Root Certificate's fingerprint is 1dfc1605fbad358d8bc844f76d15203fac9ca5c1a79fd4857ffaf2864fbebf96 Then the Root Certificates issuer will also be 1dfc1605fbad358d8bc844f76d15203fac9ca5c1a79fd4857ffaf2864fbebf96 And the Root Certificates root_issuer field will also be 1dfc1605fbad358d8bc844f76d15203fac9ca5c1a79fd4857ffaf2864fbebf96 3. Finally set the state column to the appropriate value from below choices. issued, installed, revoked, retired, or other IV. Add The Rest of The Certificates from The Chain In Descending Order to The Bulk Upload Template The issuer column for the certificates will be set with the fingerprint of the certificate named in the issuer_distinguished_name column. This is typically the certificate above it within the certificate hierarchy, thus it's more logical to have already added the preceding certificate to the template and it's fingerprint ready to copy to the certificate below it's issuer column. Repeat the below steps for all remaining certificates in the chain. 1. Add any of the below properties that you collected from the Certificate to the Bulk Upload Template. fingerprint, fingerprint_algorithm, is_ca, issuer_common_name, issuer_distinguished_name, key_size, valid_to, valid_from, version, serial_number, signature_algorithm, subject_common_name, subject_distinguished_name, subject_organization, subject_organizational_unit, subject_email, subject_country, subject_state, subject_locality, subject_alternative_name 2. Set the Certificate's root_certificate column with the fingerprint of the Root Certificate. 3. Set the Certificate's issuer column to with the fingerprint of the certificate identified as the Issuer in the issuer_distinguished_name column. 4. Finally set the state column to the appropriate value from below choices. issued, installed, revoked, retired, or other V. Upload the completed Bulk Upload Template to the instance 1. Save the Bulk Upload Template xlsx file. 2. Navigate to Certificate Management > Bulk Upload Certificates. 3. Select Browse File and choose the Bulk Upload Template xlsx file. 4. Select Upload. Related Links<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } ServiceNow Product Documentation - Use bulk certificate upload