RISKIQ SSL certificate lookups that return an exact match

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of RISKIQ SSL certificate lookups that return an exact match

    RISKIQ SSL certificate lookup results that return an exact match are accessible on the SSL Certificates tab within a security incident record in ServiceNow. These results help security incident analysts quickly assess the validity of SSL certificates by providing detailed certificate authority information.

    Show full answer Show less

    Key Features

    • Exact Match Identification: Displays SSL certificate lookup results with exact matches, highlighting valid certificate authorities.
    • Issuer Information: Shows certificate issuer name, issuer organization, and the organization the certificate is issued to, aiding in verification.
    • Raw Data Access: Analysts can open individual issuer records and view detailed raw data, including entity names, categories, subjects, and issuers associated with the certificate.
    • Tabbed Forms Setting: Provides instructions to enable tabbed forms in System Settings for optimal viewing of the SSL Certificates tab.

    Key Outcomes

    • For valid SSL certificates, the lookup shows a recognized, trusted public certificate authority (e.g., Let’s Encrypt) as the issuer, with distinct subject and issuer entities confirming the certificate’s authenticity.
    • For self-signed SSL certificates, the issuer and subject entities are the same, and the issuer is not a recognized public certificate authority, indicating potential risk that may require further investigation.

    Practical Use for ServiceNow Customers

    By using RISKIQ SSL certificate lookup results, security analysts can efficiently validate SSL certificates involved in security incidents. This helps in distinguishing between trusted certificates and potentially risky self-signed certificates, enabling more informed decisions during incident response and investigation workflows.

    RISKIQ SSL certificate lookup results for an exact match are displayed on the SSL Certificates tab on the security incident record. An exact match provides a valid certificate authority name, which helps a security incident analyst determine the validity of a website.

    Exact match for a valid SSL certificate

    The following example shows a valid issuer of an SSL certificate from an exact match in the lookup results. Follow the steps to view the results and raw data.

    Note:
    The figures in the following examples are shown with the Tabbed forms setting active in the System Settings. If your screen does not match the view shown below, follow the steps to set tabbed forms.
    1. In the upper-right corner of the banner frame, select the Settings icon.
    2. In the System Settings dialog box that is displayed, select Forms and verify that Tabbed forms and With the Form are selected.
    1. In the security incident record, select the SSL Certificates tab.

      Information about the certificate issuer’s name, the issuer's organization, and who the certificate is issued to (Organization) is displayed along with other data.

      18 items are displayed in the Issuer Name column. The second item (R3) provides a valid certificate authority name (Let's Encrypt) in the Issuer Organization column.

      No information in the Issuer Organization and Issued to columns is displayed for the second item (mail.dgtnetworks.com).
    2. Select the second item in the Issuer namecolumn, which is (R3) to open the entry record. Alternatively, select the information icon next to the item followed by Open record.
    3. Select the Raw Data tab.

      The SSL Certificate Entry record includes the observable in the Raw Data tab under the Entity name column, as well as other data.

      Note in the Category column, the Subject, and Issuer correspond to recognizable entities in the Entity name column. The issuer of this certificate is most likely valid and from a trusted public certificate authority. Also note, the Subject, and Issuer are different entities. These separate entities indicate that the certificate is not an internally signed certificate from an unknown certificate authority.

    Exact match for a self-signed SSL Certificate

    The following example shows results for a self-signed SSL certificate from the lookup. Follow the steps to view the results and raw data.

    1. Navigate back to the security incident record. In the Issuer Name column, select the other item (mail.dgtnetworks.com).
    2. On the open record, select the Raw Data tab.

      The Category column indicates the Issuer (mail.dgtnetworks.com and dgtsbs.DGTNetworks.local) are not trusted public certificate authorities. Also note the Issuer and Subject are the same entity (dgtsbs.DGTNetworks.local), and each contains the name of the observable (dgtsbs). This certificate is possibly a self-signed certificate. Self-signed certificates may warrant further investigation, as these certificates aren't issued by a known certificate authority.