ServiceNow root certificate blunder leaves users high and dry
More like ServiceNo, or maybe ServiceNotforawhile
Updated Some customers of enterprise cloud vendor ServiceNow have been up in arms after a mistake with root certification left many stymied on a Monday morning.
The error stems from ServiceNow's management, instrumentation, and discovery (MID) Server, a Java app that sits on local client servers inside their firewalls and integrates applications into the platform, either using a Windows service or Unix daemon. According to a service advisory, the issue started at 0216 UTC on Monday after a MID Server Root G2 SSL certificate expired.
"ServiceNow has identified an expired SSL Root certificate that is affecting MID Server and instance-to-instance connectivity," the advisory reads.
"This issue may be impacting your Integrations, Orchestration, Discovery, and MID Server Script Executions that rely on MID Servers or instance-instance communication, such as Instance Upgrades, Update Set retrieval, AI Search, Virtual Agent, and Cloning between instances."
ServiceNow reported that 616 customers have been affected by the problems and it is rolling out a fix as soon as possible. In the meantime, many users are going online to vent their frustrations.
- Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations
- ServiceNow moves its backend off MariaDB to homebrew Postgres
- GenAI spending bubble? Definitely 'maybe' says ServiceNow
- ServiceNow president leaves after policy breach related to public sector boss hire
"It would be nice if they actually notified all impacted customers (basically everyone) before I page out several other teams while waiting on SN to even pick up my ticket," complained one.
"After confirming there was no network or host issues at any of our sites, I called SN and they told me about the issue, and another 90 minutes before they actually linked my CASE to the outage. I feel like they used to be pretty good about pinging us, sometimes before we knew there was an issue."
It appears that the certificate expiration error was flagged with ServiceNow two weeks ago, according to some reports, but that the certificate replacement job was botched. Downdetector is reporting ongoing complaints, although some users of other forums are now saying that the outage appears to have eased for some.
ServiceNow had no comment at time of publication.
While this won't be the first, or last, time this kind of issue with certs will come up, it's not a good look for a company that has been having some PR problems of late. Last week, ServiceNow admitted that customers' internal knowledge base (KB) articles could be accessed. The biz pledged to work with customers to fix that problem. ®
Updated to add on September 24
ServiceNow has assured us its systems are back to normal. A spokesperson told us:
On Sunday, September 22, ServiceNow identified an expired TLS cross-chain certificate affecting MID Server and instance-to-instance connectivity for ServiceNow customers. Since then, ServiceNow has fully mitigated the issue.