Skip to content

Commit

Permalink
updated certificate requirements
Browse files Browse the repository at this point in the history
  • Loading branch information
@adworjan
adworjan committed Aug 17, 2023
1 parent 48fccbf commit 88ef73a
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 23 deletions.
2 changes: 1 addition & 1 deletion .ansible-sign/sha256sum.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ b64a9ce7ade9b8fae7bda827f7a8d179809a8df065c8bafc1af07ae827ffb2aa SNOWSetup/imag
3b6b1d02322d2b0435b86bec366c94c6fe928ab84f0d2b881cf102021c44dddc SNOWSetup/images/workflow_start.jpg
cb3a760e0f134314711929e87e54b3a46d3d4898f0baa2d641000ee1e3b63708 SNOWSetup/images/write_scope.png
b8bc0e6865c91d1d8cedf5bc9faa24782629806c15f99d0b24e3397ec294dcbb SNOWSetup/images/write_scope_deets.png
dec33f2f65564e1d659f2eea2d2fe6f13b12390f0e733dd9dc9e0ff29378b13a SNOWSetup/readme.md
9741f8da10567f3040bd589a36ef952aef1cedd9ad444bb71a7d6d192f9e4f0b SNOWSetup/readme.md
f77bab1e4c3dce270a72e743a3141fd7551769012c30185d64a581c65b80466f ServiceNowCR_and_approve.yml
1179d53cf73d4b85d0884bf2a36da1510278a615894ce785a62aa4a67fde7ce1 ServiceNowCR_canceled.yml
5a22de0726a1a1560e69b93531385cc4889ec0e5f02bacc2ce1ab1f308f50a31 ServiceNowCR_closed.yml
Expand Down
22 changes: 11 additions & 11 deletions .ansible-sign/sha256sum.txt.sig
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
-----BEGIN PGP SIGNATURE-----

iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmTCrpIACgkQTiIiIXrU
DNGZ4AwAr33RogeEsiK4JhLCW5wWuRTk5Cs+MiUTlYT2NNIC/i5/vTK/hyOjInJx
XUZzrhgHYntyQBZVHdN9ko0A49ypz3qdskDiPDWZK6cRou/Ioku1uQC46ZgWLk/+
nkD1qzQavpCCr9t2WXrT5cQ+L+aMvLFPJ4FLJ9ppiATkt3f7Z4IrfR9P0FIFqU2R
7nlmqZooFDsMmlZyrvlBGhOGRb7DWzNHkx/8PnsuLWHTRaB0KFQD9rI+EOQnqAyd
jPxlYOzSOu8LfCioxdRCpqC90Jq+3GSq18oPA5b2DYFEYdGtG1RSbCA0cJlDaAgI
FDrMr3RxR3hD+VbrAHV0sgY776w4XGW5J2+KtE1htwHNQ3Asx01Tf86eC6mE582v
Ok7fcVtxacM2w6dBlIBIWkGdTbM9tDiSnHZPVGrtt1fCKgnoACeSds+jRqmBzHyC
D9eQzEz8n74kYzXqtdX4zb10c6/onNefzfTelruXMbzrNFw7eYjMZdwGpBCUiSO/
SKQBWIbc
=BD74
iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmTeDCUACgkQTiIiIXrU
DNFA0Qv/ZSMNiMg4p55RQQkRmHi5AmQmrYRTnmTOR3mV55g1YspNx3bzLtPipk+h
A8iB6QnjAeOK7kR1iYY9KXt2kcCBdxYMWfZv8+XqHdoumI4sGDCdn4n5PbGJFMW8
pKB9xxu7oUk+iha2SGuUDg1fjFTjNzh4BzA/85bXz6t51SX4EQb8IQGBWWIeJudl
i05nOPKLHcx6ESLeqfYvkc5v3bsv+ok8nIvA5pMTOJfWibL3efZY78LqTIyYsr71
uDv58wKb1Yv5VWGo1xkvDWCp4nEAwXn2MB7m57teyidv5+WFIb1e0Vn9fZwidKFN
1CKV3ZJZknhi5NiYcLbazGp3ud3H6ZZeM/XDifycfHEcSBCPEt6p7qR2oUaRJsbU
A3pw8Jgm2WUyf4g9TyUeqMkvCN0J4aVl3RRLIBGTiLA36z+xoK2Kbtxtqj/fl8PH
YBvz0+ipuT3SHJadDQYFtGuNptmdvDicBEiaqCy72x/IRl7ySQHh12SdAaP5YGay
o0XdUcwG
=JCYd
-----END PGP SIGNATURE-----
15 changes: 4 additions & 11 deletions SNOWSetup/readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,14 +50,10 @@ Next, navigate to **Settings** on the left side of the screen and then **Miscell
<img src="images/tower_settings.png" alt="AAP Settings" title="AAP Settings" width="1000" />

#### 4)
The Orlando release of the ServiceNow developer instance does not allow for the self-signed certificate provided by AAP. We need to equip our AAP instance with a certificate from a trusted Certificate Authority. The easiest way to accomplish this to SSH into AAP and run the Certbot ACME client in order to generate a certificate from LetsEncrypt (instructions can be found [here](https://letsencrypt.org/getting-started/)). It is important to place the contents of the certificate you generate (found at `/etc/letsencrypt/live/<tower domain>/cert.pem`), followed by the LetsEncrypt intermediate certificate (starting on a new line) at location AAP places its self-signed certificate, `/etc/tower/tower.cert`. The LetsEncrypt intermediate certificate can be found [here](https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt). You must also replace the contents of `/etc/tower/tower.key` with the contents of `/etc/letsencrypt/live/<tower domain>/privkey.pem`.
The Orlando release of the ServiceNow developer instance does not allow for the self-signed certificate provided by AAP. We need to equip our AAP instance with a certificate from a trusted Certificate Authority. The easiest way to accomplish this is to SSH into AAP and run the Certbot ACME client in order to generate a certificate from LetsEncrypt (instructions can be found [here](https://letsencrypt.org/getting-started/)). It is important to place the contents of the root certificate + the intermediate certificate + the certificate you generate (found at `/etc/letsencrypt/live/<tower domain>/cert.pem`) at the location AAP places its self-signed certificate, `/etc/tower/tower.cert`. The LetsEncrypt intermediate certificate can be found [here](https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt). You must also replace the contents of `/etc/tower/tower.key` with the contents of `/etc/letsencrypt/live/<tower domain>/privkey.pem`.

Be sure to restart the nginx service on your AAP server after updating the certificate and key.

An example of the generated certificate with the intermediate certificate appended (what needs to be place in `/etc/tower/tower.cert`) is pictured below:

<img src="images/fullchain_cert.png" alt="AAP Cert" title="AAP Cert" width="500" />

### Preparing ServiceNow

#### 5)
Expand All @@ -67,7 +63,7 @@ Moving over to ServiceNow, Navigate to **System Definition-->Certificates**. Thi
| Name | Descriptive name of the certificate |
| Format | `PEM` |
| Type | `Trust Store Cert` |
| PEM Certificate | The certificate to authenticate against AAP with. Use the certificate you just generated on your AAP server, located at `/etc/tower/tower.cert.` Copy the contents of this file (EXCLUDE the intermediate certificate) into the field in ServiceNow. |
| PEM Certificate | The certificate to authenticate against AAP with. Use the certificate you just generated on your AAP server, located at `/etc/tower/tower.cert.` Copy the contents of this file into the field in ServiceNow. |

<img src="images/tower_cert.png" alt="AAP Certificate" title="AAP Certificate" width="1000" />

Expand Down Expand Up @@ -315,13 +311,10 @@ Next, navigate to **Settings** on the left side of the screen and then **Miscell
<img src="images/tower_settings.png" alt="AAP Settings" title="AAP Settings" width="1000" />

#### 4)
The Orlando release of the ServiceNow developer instance does not allow for the self-signed certificate provided by AAP. We need to equip our AAP instance with a certificate from a trusted Certificate Authority. The easiest way to accomplish this to SSH into AAP and run the Certbot ACME client in order to generate a certificate from LetsEncrypt (instructions can be found [here](https://letsencrypt.org/getting-started/)). It is important to place the contents of the certificate you generate (found at `/etc/letsencrypt/live/<tower domain>/cert.pem`), followed by the LetsEncrypt intermediate certificate (starting on a new line) at location AAP places its self-signed certificate, `/etc/tower/tower.cert`. The LetsEncrypt intermediate certificate can be found [here](https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt). You must also replace the contents of `/etc/tower/tower.key` with the contents of `/etc/letsencrypt/live/<tower domain>/privkey.pem`.
The Orlando release of the ServiceNow developer instance does not allow for the self-signed certificate provided by AAP. We need to equip our AAP instance with a certificate from a trusted Certificate Authority. The easiest way to accomplish this is to SSH into AAP and run the Certbot ACME client in order to generate a certificate from LetsEncrypt (instructions can be found [here](https://letsencrypt.org/getting-started/)). It is important to place the contents of the root certificate + the intermediate certificate + the certificate you generate (found at `/etc/letsencrypt/live/<tower domain>/cert.pem`) at the location AAP places its self-signed certificate, `/etc/tower/tower.cert`. The LetsEncrypt intermediate certificate can be found [here](https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt). You must also replace the contents of `/etc/tower/tower.key` with the contents of `/etc/letsencrypt/live/<tower domain>/privkey.pem`.

Be sure to restart the nginx service on your AAP server after updating the certificate and key.

An example of the generated certificate with the intermediate certificate appended (what needs to be place in `/etc/tower/tower.cert`) is pictured below:

<img src="images/fullchain_cert.png" alt="AAP Cert" title="AAP Cert" width="500" />

### Preparing ServiceNow

Expand All @@ -332,7 +325,7 @@ Moving over to ServiceNow, Navigate to **System Definition-->Certificates**. Thi
| Name | Descriptive name of the certificate |
| Format | `PEM` |
| Type | `Trust Store Cert` |
| PEM Certificate | The certificate to authenticate against AAP with. Use the certificate you just generated on your AAP server, located at `/etc/tower/tower.cert.` Copy the contents of this file (EXCLUDE the intermediate certificate) into the field in ServiceNow. |
| PEM Certificate | The certificate to authenticate against AAP with. Use the certificate you just generated on your AAP server, located at `/etc/tower/tower.cert.` Copy the contents of this file into the field in ServiceNow. |

<img src="images/tower_cert.png" alt="AAP Certificate" title="AAP Certificate" width="1000" />

Expand Down

0 comments on commit 88ef73a

Please sign in to comment.