Service Now End Customer–Partner Communication Overview
A Service Now end customer establishes connection with a Service Now partner using the HTTPS protocol. When a Service Now end customer initiates a request for communication with the Service Now partner, the Service Now partner provides an Secure Sockets Layer (SSL) certificate for the Service Now end customer to validate. Communication between the Service Now partner and Service Now end customer is established after the Service Now end customer validates the certificate.
Figure 1 depicts the communication between a Service Now partner with a Service Now End Customer and Juniper Support System (JSS) using an SSL certificate.
Figure 1: Service Now Partner Communicating with a Service Now End Customer and JSS Using SSL Certificate

For information about using SSL certificates, see Certificate Management Overview.
By default, Junos Space Service Now uses a self-signed SSL certificate, provided by the Junos Space Network Management Platform to validate connections between a Service Now partner and Service Now end customer. However, from Service Now Release 14.1R3, a Service Now partner can use a custom SSL Certificate instead of the default self-signed certificate to secure communication with Service Now end customers.
To secure the communication between a Service Now partner and Service Now End Customer, the following tasks must be performed:
- Generating CSR by Service Now Partner
- Obtaining Signature of a Certificate Authority
- Uploading the Certificate to Service Now Partner
- Obtaining the Intermediate Certificate (key) for Establishing Credibility of the SSL Certificate
- Obtaining SSL Certificate of the Service Now Partner
Generating CSR by Service Now Partner
To install a custom SSL certificate on the Service Now partner, you must first generate a Certificate Signing Request (CSR):
To generate a CSR:
- Log in to the Junos Space Appliance.
The Junos Space Settings Menu Is displayed.
- Type 7 if the Junos Space Appliance is a virtual appliance or type 6 if the Junos Space Appliance is a hardware appliance to access the SSH shell.
- Change the directory to
/etc/pki/tls
.[root@host] cd /etc/pki/tls
- Open the
openssl.cnf
file and comment out all instances of subjectAltName=${ENV::SAN}.<snip> # subjectAltName=${ENV::SAN} <snip>
- Save the file.
- Generate a private key by executing the following command:
server $ openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus ......++++++ .............++++++ e is 65537 (0x10001)
Where 1024 is the length of the key in bits and server.key is the name of the key file. - Enter a pass phrase for the private key.
sever $ Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key:
- Generate a signing request using the private key and password.
You are prompted to provide your details such as the state or province to which you belong, your locality, email address and so on.
server $ openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]:NSW Locality Name (eg, city) []:Sydney Organization Name (eg, company) [Internet Widgits Pty Ltd]:Juniper Organizational Unit Name (eg, section) []:AS Common Name (e.g. server FQDN or YOUR name) []:he-man Email Address []:fred@juniper.net Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:fred1234 An optional company name []: server $
After this step is executed, you can find the following encrypted files in the
/etc/pki/tls
folder:server.key
—The private key for the SSL certificate.The following is a sample of the
server.key
file obtained by using the cat server.key command:server $ cat server.key -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,019649A2E4BBCC4C uKKzDLcMrBpuYDkxSl6epQqoScvcYnJvTM5kaJKNNxVrUarYA16JYFszBOEpqCjr AV7Ln6hg8Jl+UPEbrZPvXVED29qvM4tp1SDwKwuLs+IRWsON9ee2TSmVubCEOAc7 aA8jg7kzubCktF3y+8/lM3yf+IWMy4EdWBXwTjMBO22kjU5KGwyznQeCsN2HtOLp WvFOFDQHgxougL0qfF7pkDsVby5bKv74OT+ju/On6HtLf8IUfZDh/Xui/scsoKeb 8eJnNKNOldYAtU+eyNwkmP1o9j8Ly/GeeiOOamMFaDpO1WuMQLmEH8En3tVIULrD WZ2Ly0U9+d6Jl6f7LXXIEcBcH0eOOC3pp7Bq4zlkO/2WPq5FmcM9OmZZdeC2ZeYP fNzBk2lZVVDAM89ggNlRNsm6FG9F6kkfczjBOSvawhBs7AgTDzty5J279uTGIyol lCVXbijo9+KR3INX3nWatYYR7T7MUG1Yma/MbCg2dWAPR6iwYWY3w6VD51BIGNCP po42YOH4yLvT8OuVzkpQ8z9tjukO5ZAR6E8fWEdiYBbPIhfEBxc7WVUBdPE/OQaj 8FuyLnzY5iCxYltkyWhtXntX32NrHJdJp6A8HfJf/v3ZnJ8FRHrNXtALcENVkgit iCgmsGr5zwThiJqdSp6Xd4YpJrws5baTGRNjOrhfunGyEebhYmsQVKZpuXYM/YuV 5/Nqd3Hdmx58hWXViOCm7+HUlRFRCu+JBhBLOJ9rBzaDVAFRqNtkMkFlwHKQ6u9K ly+qgO7gT8jYIWGfKsB70QdMF+MntA+SvD5bfoUd6CY= -----END RSA PRIVATE KEY-----
server.csr
—The CSR file to be signed by a Certificate Authority (CA).The following is a sample of the
server.csr
file obtained by using the cat server.csr command:server $ cat server.csr -----BEGIN CERTIFICATE REQUEST----- MIIB1jCCAT8CAQAwfTELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UE BxMGU3lkbmV5MRAwDgYDVQQKEwdKdW5pcGVyMQswCQYDVQQLEwJBUzEPMA0GA1UE AxMGaGUtbWFuMR8wHQYJKoZIhvcNAQkBFhBmcmVkQGp1bmlwZXIubmV0MIGfMA0G CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjA2megTM4/9iP9I56iNqmKmROQYfPwHLn pW7BWq1Dikzn8BqM6cFeMa1vUpRntiPJRNbUjGZPbfa3cwZEy/vgy3MyTALFj9Zy 7tkpUIdlQn2Khw47mEcaixkEec5PxOUZm3Af1kKcMtIzajxxyVRs6cr6xLy0Bqew 1TA+3Xj6PwIDAQABoBkwFwYJKoZIhvcNAQkHMQoTCGZyZWQxMjM0MA0GCSqGSIb3 DQEBBQUAA4GBAJjxApGFYAFfUl1x0osdoGzedRkrVmR5693+hOEtI01n0z7ONCVu ixOin4dH0SDipNPgfZwQ0jx6wyVGx/b6wWpMxBTrvhxH1EiCgR9pP0U63eMZsyEI 3RoU+7KeRTxxtXbRYUx0EHGPDOHSgiShbjVc2uAPXijSRlutI3sViTJ2 -----END CERTIFICATE REQUEST-----
Obtaining Signature of a Certificate Authority
The Service Now partner should get the server.csr
file signed by a Certificate Authority (CA); for example, GeoTrust®.
To get the server.csr
file signed
by a CA, contact a CA. A signed certificate has the .der
or .pem
extension.
![]() | Note: Service Now supports signed certificates in the x.509 format only. We recommend that while requesting a CA to sign your certificate, specify that you need the signed certificate in the x.509 format. |
After you receive the signed certificate, save it on your local system.
Uploading the Certificate to Service Now Partner
The signed server.csr
file should be uploaded to the Junos Space Platform on which the
Service Now partner is installed.
For information about uploading custom SSL certificate to Junos Space Platform, refer to Installing Custom SSL Certificate on Junos Space Server.
Obtaining the Intermediate Certificate (key) for Establishing Credibility of the SSL Certificate
Download the certificate key from the website of the CA from whom you obtained the signature for the SSL certificate; for example, https://www.geotrust.com/resources/root-certificates/ is the website of GeoTrust®.
Ensure that you select the appropriate root certificate. The root certificate obtained from the CA should be uploaded to the Junos Space Platform using the Administration > CA/CRL Certificates navigation path of the Junos Space Platform GUI. For more information, see Certificate Management Overview.
Obtaining SSL Certificate of the Service Now Partner
To secure communication with the Service Now partner, a Service Now end customer should obtain and install the SSL certificate from the Service Now partner.
![]() | Note: The procedure to obtain SSL certificate of a Web server varies from one browser to another. |
To obtain the SSL certificate of the Service Now partner using Mozilla Firefox Web browser:
- Open Mozilla Firefox Web browser and enter the URL to access the Service Now partner.
- On the web browser, click the padlock present before the
URL.
A dialog box with the information about the identity and security of the Service Now partner’s Web site appears.
- Click More Information.
The Page Info dialog box appears.
- Click Security > View Certificate on the Page
Info dialog box.
The Certificate Viewer dialog box appears displaying the SSL certificate used by the Service Now partner.
- Click the Details > Export tab on the Certificate
Viewer to export the SSL certificate.
The Save To dialog box of the web browser appears.
- Save the certificate on your local system.
Ensure that the certificate is an X.509 certificate (
*.pem
).
To obtain the SSL certificate of the Service Now partner using CLI:
- Connect to the Virtual IP (VIP) node of the Junos Space cluster on which the Service Now partner is installed and configured.
- Type 7 if the Junos Space Appliance is a virtual appliance or type 6 if the Junos Space Appliance is a hardware appliance to access the SSH shell.
- Type the following from the command line:
server $ echo "" | openssl s_client -connect <hostname>:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cert.pem
where <hostname> is the hostname of the Service Now partner.