https://www.theregister.com/2024/09/23/servicenow_root_certificate_outage
A critical service disruption plagued ServiceNow customers on Monday morning due to an expired root certificate within the company’s Management, Instrumentation, and Discovery (MID) Server. This essential Java application facilitates communication between client servers and the ServiceNow platform.
The expired certificate, identified as the “MID Server Root G2 SSL certificate,” reportedly impacted integrations, orchestrations, discovery functions, and MID Server script executions. Services like instance upgrades, update set retrieval, AI Search, Virtual Agent, and instance cloning were also affected.
According to a ServiceNow service advisory, the issue began around 2:16 UTC on Monday and impacted at least 616 customers. Many users expressed frustration online, particularly regarding the lack of proactive communication from ServiceNow. Some reports claim the certificate expiry was flagged two weeks prior, raising concerns about the response time and execution of the certificate replacement.
While ServiceNow is reportedly working on a fix, user reports on Downdetector indicate ongoing issues. However, some forum users suggest the outage may be gradually easing for certain customers.
This incident highlights the critical role of proper certificate management in maintaining service continuity. The reliance on expired certificates can lead to significant disruptions for businesses heavily dependent on cloud-based platforms.