Before you install a sensor on a computer in your network, verify the computer meets the minimum hardware and software requirements. DigiCert sensors also have deployment and network requirements that must be met before you run your first scan.
To successfully configure a sensor, the host names for the sensor’s host device must be resolvable.
For example, to resolve the host name on a Red Hat Enterprise Linux server, you add it to /etc/hosts (for non-standard configurations).
The sensor host must be able to access the CertCentral cloud service and your targeted IP address.
CertCentral cloud service
Sensors must be able to communicate with CertCentral cloud to receive instructions on when to run scans and to send inventory updates when new certificates are discovered.
cli.propertiesfile, which is located in
<SensorInstllationDirectory>/config/cli.properties,and run the Start command.
Target IP addresses
The firewall rules or Access Control Lists must allow the sensor to reach the target IP addresses you want scanned.
Proxy server communications
For a scan to run successfully, its sensor must be able to communicate with the CertCentral cloud service to receive instructions associated with certificate discovery and to report on certificate inventory updates. See Configure a sensor to use a proxy server for communications.
Docker containers and network interfaces
Docker sensor containers use a bridge network by default. A docker network is associated with a bridge interface on the host, and firewall rules are defined to filter traffic between these interfaces.
Docker containers that share the same docker network and host bridge interface but are isolated from each other by the firewall can communicate with each other using the bridge network.
To view a list of Docker interfaces, run
docker network ls.
To get information about Docker interfaces, run
docker inspect <docker_container_ID> | grep sensor.
The proxy configuration for the sensor enables the sensor to communicate with CertCentral cloud service. The proxy configuration is not for enabling the sensor to scan a host.
Install the sensor where it can access the fully qualified domain names (FQDNs) and IP addresses you want scanned. We recommend installing one sensor per uninterrupted network segment.
You only need additional sensors if your network:
Additional sensors may also be useful when scanning a large number of IP addresses and ports. Splitting large IP ranges across multiple scans allows you to decrease the impact of scans on your network resources and to complete scans more quickly.