Integrating OpManager with ServiceNow using 3rd party / self-signed SSL Certificate

OpManager can be integrated easily with ServiceNow using a 3rd party / self-signed SSL Certificate by using the following steps :

Step1: Get the keystore file and password

  • Get the key store file and password used while generating the SSL certificates in OpManager. If certificate is present already, skip to step 3.
  • To get the file path and password, open the file "server.xml" located under "<OpManager_Installed_Dir>/conf/server.xml" and check for the <Connector> tag.
    ServiceNow SSL image
    ServiceNow SSL image

Step2: Export the SSL certificate from keystore file

  •  To export SSL certificate from keystore file, run the following command and if prompted for password, enter the password from step1
    ServiceNow SSL image
    where Alias Name is the certificate alias name.
  • You can get list of aliases from key store using the following command
    ServiceNow SSL image

Step3: Import the SSL Certificate

To import the SSL certificate to a new trust store, run the following command

  • If SSL Certificate is self-signed
    ServiceNow SSL image
  • If SSL Certificate is CA-signed
    ServiceNow SSL image
    Note: The Truststore password can be any password

 

Step4: Import trust store to ServiceNow

  • Go to the Service Now Instance and select System Definition -> Certificates -> New.
  • Select Type as Java Key Store and provide Truststore Password in the Key Store Password field
    ServiceNow SSL image
  • Now select the message attachments and add the opmservicenow.truststore file
    ServiceNow SSL image
  • Validate files before updating using Validate Stores/Certificates option
    ServiceNow SSL image
    and click on Submit

 

Step5: Create a protocol profile in Servicenow

  • Go to Service Now Instance -> System Security -> Protocol Profiles -> New
  • Set Protocol field as opmhttps and select the previously created Certificate entry in Keystore field
    ServiceNow SSL image
    and click on Submit

 

Step6: Set the OPM host url in OpManager

  • In OpManager go to Settings-> Basic Settings -> Addon/Product Settings -> Service Now
  • Provide the service now instance details. At first OpManager will try to connect with default host url and fail. After that you can provide the OpManger Public URL manually.
    ServiceNow SSL image
  • Note: The URL should be of the form opmhttps://host_name:web_port/ where the web_port is the OpManagers web port and host_name refers to the host name or IP Address of the OpManger Instance.