Summary
This KB articulates detailed instructions to setup an Edge Encryption Proxy for your ServiceNow Instance
Release
Kingston, London, Madrid, New York
Instructions
This KB articulates commands that you need to execute on a Ubuntu 64 bit OS as the Edge Proxy's Host OS for installing Servicenow Edge Encryption Proxy.
These commands are common for most of the Linux flavors.
ssh to the Proxy host VM and perform the following:
1) Install Java and other dependencies
sudo apt-get install python-software-properties
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer2) Install MySQL Server, not older than 5.5
sudo apt-add-repository ppa:ondrej/mysql-5.6
sudo apt-get update
sudo apt-get install mysql-server
Since this is a dry run, I kept id & password = "root".
3) Install Edge Encryption Plugin on your ServiceNow Instance
4) Login to your ServiceNow instance with an Admin account, unlock high-Security rights and navigate to
Edge Encryption Configuration Installation & Downloads Download
5) Download the relevant installer, in this example: Linux 64 bit.
6) FTP this installer to your Proxy Server. In this example, we saved the installer at: /home/ubuntu/EDGE/edgeencryption-madrid-12-18-2018__patch4b-07-17-2019_08-12-2019_1850-all
7) Execute below to understand your command:
java -jar edgeencryption-madrid-12-18-2018__patch4b-07-17-2019_08-12-2019_1850-all8) above command gives below:
ubuntu@ip-172-31-28-4:~/EDGE$ java -jar edgeencryption-madrid-12-18-2018__patch4b-07-17-2019_08-12-2019_1850-all
option: [--mode] MODE required
--help
-m|--mode MODE [required, modes: install, upgrade]
-s|--dst-dir DESTINATION DIRECTORY [optional for mode: install: default: $(PROXY_NAME)_$(PORT)]
-d|--proxy-dir PROXY DIRECTORY [required for mode: upgrade]
-n|--proxy-name PROXY NAME [required for mode: install]
-h|--host INSTANCE HOST [required for mode: install]
-p|--port INSTANCE PORT [required for mode: install]
-proto|--protocol INSTANCE PROTOCOL [required for mode: install]Examples:
a) Example command to Install EdgeEncryption proxy into directory test_16001:
java -jar edgeencryption-madrid-12-18-2018__patch4b-07-17-2019_08-12-2019_1850-all.jar -m install -n test -h 1.2.3.4 -p 16001 -proto httpb) Example command to Install EdgeEncryption proxy into SecureProxy directory, and configure to use secure HTTPS connection:
java -jar edgeencryption-madrid-12-18-2018__patch4b-07-17-2019_08-12-2019_1850-all.jar -m install -n test -s SecureProxy -h 1.2.3.4 -p 443 -proto httpsc) Example command to Upgrade EdgeEncryption proxy installed in directory test_16001:
java -jar edgeencryption-madrid-12-18-2018__patch4b-07-17-2019_08-12-2019_1850-all.jar -m upgrade -d test_16001
9) We are installing with below: (update parameters as per your details)
java -jar edgeencryption-madrid-12-18-2018__patch4b-07-17-2019_08-12-2019_1850-all.jar -m install -n VabEdgeUbuntu1 -h instance_name.service-now.com -p 443 -proto https10) Logs from a successfull execution:
ubuntu@ip-172-31-28-4:~/EDGE$ java -jar edgeencryption-madrid-12-18-2018__patch4b-07-17-2019_08-12-2019_1850-all.jar -m install -n VabEdgeUbuntu1 -h instance_name.service-now.com -p 443 -proto https
Sep 17, 2019 5:32:53 AM com.snc.cloudedge_zip.CommandProcessor buildCommand
INFO: option: dist-file: file:/home/ubuntu/EDGE/edgeencryption-madrid-12-18-2018__patch4b-07-17-2019_08-12-2019_1850-all.jar
Sep 17, 2019 5:32:53 AM com.snc.cloudedge_zip.CommandProcessor buildCommand
INFO: option: dst-dir: /home/ubuntu/EDGE/VabEdgeUbuntu1_443
Sep 17, 2019 5:32:53 AM com.snc.cloudedge_zip.CommandProcessor buildCommand
INFO: option: proxy-name: VabEdgeUbuntu1
Sep 17, 2019 5:32:53 AM com.snc.cloudedge_zip.CommandProcessor buildCommand
INFO: option: port: 443
Sep 17, 2019 5:32:53 AM com.snc.cloudedge_zip.CommandProcessor buildCommand
INFO: option: protocol: https
Sep 17, 2019 5:32:53 AM com.snc.cloudedge_zip.CommandProcessor buildCommand
INFO: option: extra-properties: 0
Sep 17, 2019 5:32:53 AM com.snc.dist.upgrade.common.extract.ZipExtractor extract
INFO: extracting: file:/home/ubuntu/EDGE/edgeencryption-madrid-12-18-2018__patch4b-07-17-2019_08-12-2019_1850-all.jar /home/ubuntu/EDGE/VabEdgeUbuntu1_443
Sep 17, 2019 5:32:54 AM com.snc.cloudedge_zip.CloudedgePermissions execute
INFO: setting permissions: /home/ubuntu/EDGE/VabEdgeUbuntu1_443
Sep 17, 2019 5:32:54 AM com.snc.dist.upgrade.common.extract.ZipExtractor extract
INFO: extracting: file:/home/ubuntu/EDGE/VabEdgeUbuntu1_443/java/mid-jre-1.8.0_40-4-linux-x86-64.zip /home/ubuntu/EDGE/VabEdgeUbuntu1_443/java
11) go to <proxy-installation-directory>/conf and open "edgeencryption.properties" to update
ubuntu@ip-----:~/EDGE$ cd VabEdgeUbuntu1_443/conf
ubuntu@ip-----:~/EDGE/VabEdgeUbuntu1_443/conf$ vi edgeencryption.properties12) Update below Properties:
<edgeencryption.target.host= <Your_ServiceNow_Instance_Name>.service-now.com
---
<edgeencryption.target.username= User_Name_With_Edge_Role_In_Your_Instance
<edgeencryption.target.password= Password_Of_User_With_Edge_Role_In_Your_Instance
---
<edgeencryption.proxy.host= IP_Address_OF_Proxy_Host
---
<edgeencryption.proxy.https.keystore.password= default is "changeme" set it to the password you want to create alias with.
<edgeencryption.proxy.https.cert.alias= alias1httscerti set it to the value you want to create alias with.
---
<edgeencryption.db.user= root This is the user of your sql db server installed earlier
<edgeencryption.db.password= root Password you set while installing
---
<edgeencryption.proxy.signature.keystore.password= default is "changeme" set it to the password you want to create alias with.
<edgeencryption.proxy.signature.keystore.keyalias= alias2proxysig set it to the value you want to create alias with.
---
<#edgeencryption.encrypter.properties.password= <ChangeMe> Comment this out. This is for password for config encryption
---
< edgeencryption.keystore.path= keystore/keystore.jceks Uncomment this
<edgeencryption.keystore.password= <ChangeMe> Uncomment this and set it to default password "changeme" (the password of your encryption key)13) Save "edgeencryption.properties" file.
14) Go to <proxy-installation-directory>/keystore
15) Execute below to generate 3 keys:
a) Generating the certificate for the Web server holding the proxy. This is the one you want sign with a CA authority
edgeencryption.proxy.https.cert.alias = alias1httscerti
../java/jre/bin/keytool -genkey -alias alias1httscerti -keyalg rsa -keystore keystore.jceks -storetype jceks b) This is another certificate, internal to edge: the signature
edgeencryption.proxy.signature.keystore.keyalias = alias2proxysig
../java/jre/bin/keytool -genkey -alias alias2proxysig -keyalg rsa -keystore keystore.jceks -storetype jceks c) Generate the encryption certificate on AES format so Edge can encrypt, 128 bit
../java/jre/bin/keytool -genseckey -alias jsaes128 -keyalg aes -keystore keystore.jceks -storetype jceks -keysize 128
16) List all certificates in this keystore, it will have 4 now, password for my example keystore is "changeme"
../java/jre/bin/keytool -list -v -keystore keystore.jceks -storepass changeme -storetype jceks17) Login to ServiceNow with your admin account, and unlock high-Security rights and navigate to
Edge Encryption and Configuration Encryption Key Configuration Set Up Keys
18) Now, you are all set to start up your Edge Encryption Server.
19) Navigate to <proxy-installation-directory> and execute
./startup.sh
20) If you see This error:
bin/./wrapper-linux-x86-32: not found
Execute below:
sudo apt-get install libc6-i386 libc6-dev-i38621) Validate from logs, logs are located at:
<proxy-installation-directory>/logs
22) Validate if your proxy is up:
<Your_ServiceNow_Instance_Name>.service-now.com/xmlstats.do?include=edgeencryption
