Certificate Inventory and Management release notes

  • Release version: Store
  • Updated June 11, 2026
  • 7 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Certificate Inventory and Management release notes

    The Certificate Inventory and Management application on the ServiceNow Store provides a comprehensive platform for lifecycle management of TLS certificates. It automates manual tasks such as certificate requests and renewals, increasing PKI team productivity by approximately 30%. The solution integrates certificate discovery, inventory, policy-based routing, and workflow automation to streamline certificate management and improve compliance and audit readiness.

    Show full answer Show less

    Key Features

    • Integration with external vaults and management tools: Supports CyberArk Certificate Manager SaaS and Azure Key Vault for secure private key storage during automated operations.
    • Notification and workflow enhancements: Certificate notifications can be managed centrally, with options for email and Microsoft Teams alerts, and renewal workflows can be initiated directly from Microsoft Teams or Outlook.
    • Certificate discovery and inventory: Supports discovery from cloud providers (AWS, Azure, GCP), multiple CAs including Microsoft CA and Digicert, and imports via MID Server. Root certificates stored off-site can also be discovered and linked.
    • Policy-based routing framework: Enables PKI administrators to configure fulfillment processes for certificate authorities, enhancing automation and control.
    • Service Catalog and workspace: Provides forms and a workspace for users to request, renew, and revoke certificates, including a new Certificate Management workspace with dashboards and PKI workflow insights.
    • Certificate data accuracy and compliance: Features CMDB data certification for TLS certificates to validate ownership and improve audit readiness.
    • Support for advanced certificate operations: CSR generation on the ServiceNow instance, support for PKCS8 private key format, ACME protocol support for multiple CAs, and handling of certificate chains and attributes.
    • UI/UX improvements: Updated dashboards aligned with ServiceNow Coral UI theme and accessibility compliance (WCAG 2.1).

    Key Outcomes and Benefits for ServiceNow Customers

    • Centralized visibility and control: Manage certificates across multiple environments and external vaults from a single platform, reducing operational complexity.
    • Improved automation and efficiency: Automate certificate lifecycle tasks such as discovery, renewal, and approval workflows, minimizing the risk of expired certificates and service disruptions.
    • Enhanced compliance and audit readiness: Validate and certify certificate ownership data in the CMDB, supporting governance and regulatory requirements.
    • Seamless collaboration: Leverage integrations with Microsoft Teams and Outlook for timely notifications and streamlined approval processes within familiar communication tools.
    • Scalable and flexible management: Supports multiple certificate authorities, cloud providers, and certificate types, enabling adaptation to diverse enterprise environments.
    • Reliable discovery and inventory accuracy: Detect certificates from various sources including cloud platforms and certificate authorities, reconcile overlapping data, and maintain accurate certificate inventories.
    • User-friendly interfaces: Access intuitive catalog forms and dashboards for certificate requests, renewals, and revocations, enhancing user experience and adoption.

    Version history for the IT Operations Management Certificate Inventory and Management app on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 4.2.0 - June 2026
    • New:
      • Integration with CyberArk Certificate Manager SaaSManage certificates by using the certificate management capabilities of CyberArk Certificate Manager SaaS while maintaining centralized visibility and control through ServiceNow Certificate Inventory and Management.
      • Integration with Azure Key VaultStore your private keys in Azure Key Vault during automated certificate operations by selecting Azure Key Vault as an external vault provider when setting up routing policies.This feature is supported starting with the Brazil release.
      • Integration with Microsoft TeamsGet certificate notifications and start renewal workflows directly from Microsoft Teams channels.
      • Manage certificate notifications from a centralized formView and manage all email and Microsoft Teams certificate notifications from the Certificate notification policy form. This form enables you to configure which events trigger email notifications and specify recipients for each event type.
      • Access Service Catalog forms for certificate request, renewal, and revocation processes from the Certificate Management workspace.
    • Fixed:
      • Fixed an issue where CIs in the installed certificate table showed empty Name values.
      • Retired certificates no longer generate renewal tasks.
      • Fixed an issue where the issuer and root_issuer fields were both set to the same intermediate certificate in a certificate chain, causing inconsistent issuer selection.
    Version 4.0.1 - March 2026
    • New:
      • Introducing seamless certificate renewal via Microsoft Outlook – streamline TLS certificate renewals by handling approvals and updates directly within your existing email workflow, reducing friction and missed expirations.
      • Introducing CMDB Data Certification for TLS certificates – ensure accurate certificate ownership and accountability by validating and certifying ownership data directly in your CMDB, improving compliance and audit readiness.
    • Fixed:
      • Unique certificate records are updated from the Retired state to the Install state when a certificate is re-discovered again.
      • New private key format (PKCS8) is now supported in Certificate management credentials.
      • Fixed vulnerabilities found in the external issuer image.
      • Fixed routing policy workflow failure on CSR details mismatch.
    Version 3.14.0 - December 2025
    • Fixed:
      • Corrected decoding of IPV6 IP address from CSR
      • Multiple security bug fixes
    Version 3.12.0 - September 2025
    • Automating manual tasks like requesting a new certificate and renewing expired certificates can increase the productivity of the public-key infrastructure (PKI) team by ~30% and help to digitize manual workflows.
    • The TLS Certificate management store application provides a platform-based approach to the lifecycle management of TLS certificates. This solution combined with task fulfillment can provide a methodical approach to the request management and renewal management process.
    Version 3.8.2 - August 2025
    • New:
      • Added archiving rules for unique certificates and their associated records.
      • TLS Certificate request automated flow now supports EJBCA with ACME.
      • Added the ability to discover root certificates stored off-site and connect them to the certificate chain.
    • Fixed:
      • Domain ID is resetting in 'Discovery Certificate Captured' and 'Discovery Device Complete' script actions.
      • No longer creating tasks for Retired Certificates Discovered by the "Amazon AWS - Certificates Manager" pattern
      • Resolved discrepancies in the root issuer name
      • Polling job implemented for Microsoft CA Manual Approval flow
      • Other less significant issues have also been addressed in this version
    Version 3.6.3 - July 2025
    • New:
      • The outdated CIM Dashboard's image has been updated to match the Coral UI theme, improving visual consistency and user experience
      • Improvements in the certificate notification job.
        • Introduced two new system properties to limit the notification for expired certificates:
          • sn_disco_certmgmt.most_recent_discovery_days_considered_to_create_renewal_task: The number of days is considered for querying expired certificates to create a renewal task based on their Most Recent Discovery date, with a default value of 7 days
          • sn_disco_certmgmt.valid_to_days_considered_to_create_renewal_task: If the last_discovered field is empty, this property is used to check if the certificate expired within the past 7 days (or the value of the property)
    Version 3.6.0 - November 2024
    • New: CSR Generation can now be generated on the ServiceNow instance itself (supported only on Y+ instances).
    • Fixed:
      • Resolved: Certificate Management Flow is not working as expected with Secure Mode Mid
      • Resolved: Issues with the certificate valid to and from dates.
      • Resolved: "DigiCert - Certificate Management" pattern setting invalid value "none" to service_type field
      • Resolved: [Upgrade from Vancouver/Washington to itommerge] Amazon AWS - Certificates Manager pattern is failing with error after AWS Cloud Discovery
      • Resolved: If SAN in CSR is an IP Address, it is being converted to hexadecimal in the form's "Subject Alternative Name" field.
      • Resolved: Certificate inventory and management - Microsoft CA new certificates have inconsistent new line control characters.
    Version 3.4.0 - May 2024
    • New:
      • Populate all the attributes of the imported certificates using IRE.
      • ACME support for multiple Certificate authorities, and validating the automated certificate renewals
      • Cloud certificate discovery patterns have been integrated directly into the Certificate Inventory Management application, keeping these patterns housed within the app.
      • Discovering certificates from AWS, Azure, and GCP certificate managers and populating the cmdb_ci_certificate.
      • the app reconciles the certificates discovered with IP/Port scanner with certificate discovered from Cert Manager CA Pattern
    • Fixed:
      • "Multiple CAs on Host" error still observed during Microsoft CA certificate request
      • DigiCert - New Certificate automation flow is not getting certificate id in response
      • DigiCert - Certificate Management pattern - expired certificates are discovered with state 'issued'
      • In related lists, Certificates are sorted based on nonexistent field 'valid_upto', instead of the expected 'valid_to' field
      • Path attribute unecesarilly added for sn_disco_certmgmt_cmdb_installed_certificate
      • When parsing certificate subject-names allow spaces in between attributes of the certificate
      • Application Servers table (cmdb_ci_app_server) does not allow user to distinguish between the records in the table when the 'Request New Certificate (Automated)' catalog request is submitted
    Version 3.3.0 - November 2023
    • Changed: Accessibility WCAG 2.1
    • Fixed:
      • Rectified Certificate Authority Discovery Payload populating special Characters for subject_organization field
      • app-itom-external-issuer helm chart can be deployed using --namespace tag
    Version 3.1.0 - August 2023

    What's New:

    Certificate management workspace: Explore the brand-new workspace experience.

    - Certificate Inventory Dashboard and Insights.

    - PKI Workflow Insights.

    - Certificate lifecycle management views.

    Support cert-manager integration.

    cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters and simplifies the process of obtaining, renewing, and using those certificates.

    Version 3.0.6 - June 2023
    Fixed: Decryption bug fixes.
    Version 3.0.0 - May 2023
    • Fixed:
      • Minor bug fixes
      • Added support for multiple Microsoft CAs on same host.
      • Added support for using intermediate server instead of CA server for Microsoft CA.
    Version 2.4.0 - February 2023
    Minor fixes.
    Version 2.3.2 - November 2022

    What's New:

    • Automation of certificate fulfillment for Microsoft Active Directory Certificate Services
    • Employee Center experience for Certificate request, renewal, and revoke operations
    • Visibility to Certificate chain from Unique certificate form view
    Version 2.1.0 - May 2022
    New: Entrust CA Policy Automation for certificate request, renewal, and revoke operations.
    Version 1.3.19 - March 2022
    • Fixed:
      • Save UI action was missing in context menu in sysapproval_approver record.
      • Warning message or alert in the "Disable CellEdit - State Field" client script appeared when user tried to change the state from approval list view.
    Version 1.5.0 - February 2022
    • This is a patch release for Certificate Inventory and Management 1.3.8. This 1.5.0 patch release is compatible with the San Diego family release.
    • Fixed:
      • "Disable CellEdit - State Field" client script was blocking users from updating values from the "Approval" table list view. This has been removed.
      • Discovery issues for ECC Algorithm signed certificates for Entrust.
      • Subject Alternative Name was not getting recognized while decoding CSR if the Subject Alternative Name had X509v3 format.
      • In the Manual Renew Certificate Service Catalog Form, the Certificate Expiration Date was not converting to local time.
      • Save UI action was missing in the context menu for sysapproval_approver record.
      • Removed the overridden UI actions and added a new UI action “Choose Routing Policy & Approve.”
      • Earlier Certificates with single certificate in chain were marked as self-signed. Control this behavior by setting the [sn_disco_certmgmt.mark_self_signed_for_incomplete_chain] property. If the property is set to true (default), the certificate with incomplete chain is marked as self-signed.
    Version 1.3.8 - September 2021
    • New:
      • Service Catalog workflows for users to request, renew and revoke digital certificates.
      • Policy-based routing framework for PKI administrators to configure the request fulfillment process flows for Digicert Certificate Authority
    Version 1.2.1 - August 2020
    Changed: Added ITOM visibility subscription as a dependency.
    Version 1.1.7 - February 2020
    • New:
      • Discovery of TLS Certs from Certificate Authority Vendors - Support discovery TLS certificates from Digicert and GoDaddy Certificate Authority (CA). The discovery logic will use the existing pattern framework to discovery/inventory certificates from Digicert and GoDaddy CA.
      • Bulk import of TLS certs from MID Server - Certificates can be imported from files. You can discover certificates from certificate files by importing the files into the system using pattern-based Discovery. You can only import 1500 certificates at one time.
    • Fixed: Minor bug fixes
    Version 1.0.6 - January 2020
    The TLS Certificate management store application provides a platform-based approach to the lifecycle management of TLS certificates. This solution combined with task fulfillment can provide a methodical approach to the request management and renewal management process. Automating manual tasks like requesting a new certificate and renewing expired certificates can increase the productivity of the public-key Infrastructure (PKI) team by ~30% and help to digitize their manual workflows.