Skip to page contentSkip to chat
ServiceNow support
    • Community
      Ask questions, give advice, and connect with fellow ServiceNow professionals.
      Developer
      Build, test, and deploy applications
      Documentation
      Find detailed information about ServiceNow products, apps, features, and releases.
      Impact
      Accelerate ROI and amplify your expertise.
      Learning
      Build skills with instructor-led and online training.
      Partner
      Grow your business with promotions, news, and marketing tools
      ServiceNow
      Learn about ServiceNow products & solutions.
      Store
      Download certified apps and integrations that complement ServiceNow.
      Support
      Manage your instances, access self-help, and get technical support.
How to find the correct X509 certificate from SAML response - Support and Troubleshooting
  • >
  • Knowledge Base
  • >
  • Support and Troubleshooting (Knowledge Base)
  • >
  • How to find the correct X509 certificate from SAML response
KB0639196

How to find the correct X509 certificate from SAML response


6187 Views Last updated : Jul 24, 2025 public Copy Permalink
KB Summary by Now Assist

Issue

The purpose of this article is to provide useful troubleshooting steps for LDAP connectivity issues. The LDAP Server might suddenly lose connection after multiple attempts, causing updates interruption from the Active Directory import process.

One of the possible and most likely reasons is the X509 certificates defined in the instance do not match the ones coming in from the SAML response from the Identity Provider.

The steps below are required in order to retrieve the correct certificate value:

  1. Navigate to https://<instance>.service-now.com/nav_to.do?uri=/syslog_list.do
  2. Set the list filter: Message starts with SAML Response xml
    • Ref.: https://<instance>.service-now.com/syslog_list.do?sysparm_query=messageSTARTSWITHSAML%20Response%20xml
  3. Open the latest log record
  4. The correct certificate value is between xml tags <ds:X509Certificate> and </ds:X509Certificate>
  5. Copy this value, without the xml tags
  6. Navigate to https://<instance>.service-now.com/nav_to.do?uri=/sys_certificate_list.do
  7. Create a new certificate
  8. Fill up the required fields and paste the certificate value in the PEM Certificate box using this template:

-----BEGIN CERTIFICATE----- 

<certificate value>


-----END CERTIFICATE----- 

  1. Click Submit

The LDAP server should now connect again, and the import / update from the AD should work if the issue was an incorrect certificate.

 

Release

Cause

Resolution

Related Links


The world works with ServiceNow.

Sign in for more! There's more content available only to authenticated users Sign in for more!
Did this KB article help you?
Did this KB article help you?

How would you rate your Now Support digital experience?

*

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

What can we improve? Please select all that apply.

What are we doing well? Please select all that apply.

Tell us more

*

Do you expect a response from this feedback?

  • Terms and conditions
  • Privacy statement
  • GDPR
  • Cookie policy
  • © 2025 ServiceNow. All rights reserved.