Upload a certificate to an instance Administrators can add a certificate to the instance from the Certificates module. Before you beginRole required: admin About this task Note: When a certificate is updated on the ADFS server, you also need to upload an updated certificate to the instance. Procedure Navigate to System Definition > Certificates. Click New. Fill in the following fields (see table). FieldDescription Name Specify a unique name for the certificate. Expiration notification [Optional] Select whether you want to send a notification when the certificate is about to expire. Active Select whether the instance should use this certificate for secure communications and signing requests. Short Description [Optional] Enter a text description of the certificate such as the requester or server name. Format Select the certificate format. The instance supports the PEM and DER formats. See Certificates. Type Select the certificate container. The instance recognizes certificates from trust stores, Java keystore, and PKCS#12 keystores. PEM Certificate Enter the base-64 encoded PEM-formatted text containing the DER certificate. The instance decodes the certificate to populate the Valid from, Expires, Expires in days, Issuer, and Subject fields. Click Submit. During the upload, the module extracts and displays the certificate's read-only properties in these fields: Valid from date Expiration date Issuer Subject of the certificate Validate the certificate or keystore. Certificate criteriaCertificates must meet several criteria.Certificate trustBy default, ServiceNow trusts a certificate's Certificate Authority (CA).Generate an LDAP client certificateGenerate an LDAP client certificate for mutual authentication using OpenSSL. The final output is a PKCS#12 certificate stored within a Java keystore. Generate a server certificateYou can use keytool to generate a new Java keystore file, create a certificate signing request (CSR), and import the private key, public certificate pair, and signed certificates into the keystore.Upload a trusted server certificateBy uploading the service provider's trusted server certificate, the instance ensures it is connecting to a valid and secure service.Validate a certificate or a keystoreAdministrators should validate certificates and keystores after uploading them to determine if there are any issues to resolve.