CrowdStrike Update Causes BSOD Issues Globally – Audit Available 🛡️ Learn more

Partners & Integrations

Preventing Unplanned Outages by Getting on Top of Digital Certificates

4 min. read
By Karen Lambrechts

If you have been in the IT industry for more than say a year,there’s a good chance you are aware of two things:

  1. There are countless posts, articles and general commentary about the need to manage digital certificate expiry/renewals to avoid unplanned outages.
  2. Unplanned outages from expired certificates continue to be a very (very) common occurrence.

A recent article that summarized results from a broad survey of organisations found

  • Around 90% of companies had experienced unplanned outages solely as a result of expired certificates. What’s more, they had experienced multiple certificate outages over the same period.
  • Just under half of those organisations predict a high likelihood of further unplanned outages directly related to expired certificates (despite already having been affected by this problem in the past).

The purpose of this article isn’t to replay what’s well-known: if you want to avoid the embarrassment of a major unplanned outage caused by an expired certificate, you need a solution that:

  1. Discovers the certificates installed on systems.
  2. Updates your transactional/workflow system (e.g. ServiceNow) with the discovered certificate data and, at the same time, creates relationships between the certificates and the systems.
  3. Allows you to create actionable tasks on the teams responsible for maintaining the operational state of those systems.

As simple as thatsounds, the problem often comes down to implementation overhead. The time, effort and cost of implementing those solution elements can feel insurmountable amongst the variety of other important initiatives and day-to-day operational activities required of IT organisations.

Overcoming these time, effort and cost constraints requirestwo rapid and low-cost steps:

  1. Implement Lansweeper Discovery. If you are already a Lansweeper customer, then this bit is done. If you aren’t,  try it out to see how fast (blazingly fast) you can get agentless discovery working in your environment to automatically discover digital certificates on Lansweeper’s Windows Server fleet.
  2. Implement Syncfish CI Synchronizer. CI Synchronizer will populate your CMDB with and and all Lansweeper discovery data, including the discovered digital certificates. Better yet, CI Synchronizer automatically creates CI-to-CI relationships (of type “uses”) between the Windows Servers and the Certificates they depend on. And even better still, it can be configured with rules to exclude certificates s that don’t have signficant operational impacts.

The figure below depicts CI-to-CI dependencies on a Windows Server that were automatically determined and set by CI Synchronizer using discovery data from Lansweeper.

Windows Server

Drilling into the first certificate, you can see its details (valid from/to, operational status, etc.): 

Windows Server 2

Most importantly, you can see which other devices are also using this certificate:

Windows Server 3

With this information in ServiceNow, imagine how easy it is to:

  1. Create a dashboard showing all certificates with an upcoming expiry (e.g. in 30 or 60 days). You can even exclude those dependent server CIs that already have a replacement certificate installed.
  2. Create and remediate tasks to the relevant CI owner/s to install the replacement certificate before it expires (and generate reminders etc).
  3. Easily keep track of everything, thanks to the end-to-end automation between Lansweeper and CI Syncronizer.

Lansweeper Discovers a vast amount of information beyond servers and certificates, as well, and CI Synchronizer will keep all of that discovery data up-to-date in your ServiceNow CMDB.

Sound too good to be true? It’s not. It’s time to solve CMDB automation!

Lansweeper + Syncfish = CMDB Automation made possible

Lansweeper provides a world-leading IT Asset discovery platform that can be implemented quickly, to find and store an incredible array of IT asset data at pace.

Syncfish provides a sophisticated transactional integration SaaS solution that takes your Lansweeper source data and transforms and correlates it to your CMDB (happily alongside other CMDB sources if present). It does all of this at a low price point despite including out-of-the-box mappings for a large number of asset types and related record types. It also determines and sets around 80 unique CI-to-CI relationship types, all automatically, based on the Lansweeper source data. And if that isn’t compelling enough, the solution can be set up and running in about 60-90 minutes.

Contact us to see how you can leverage Lansweeper to finally solve CMDB automation and, at the same time, increase the ROI of your investment in ServiceNow.


Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.