Sensor installation requirements

Before you install a sensor on a computer in your network, verify the computer meets the minimum hardware and software requirements. DigiCert sensors also have deployment and network requirements that must be met before you run your first scan.

Network requirements

To successfully configure a sensor, the host names for the sensor’s host device must be resolvable. For example, to resolve the host name on a Red Had Enterprise Linux server, you add it to /etc/hosts (for non-standard configurations).

The sensor host must be able to access the CertCentral cloud service and your targeted IP address.

CertCentral cloud service

Sensors must be able to communicate with CertCentral cloud to receive instructions on when to run scans and to send inventory updates when new certificates are discovered.

  • Outbound HTTP (port 80) and HTTPS (port 443)
    For direct or proxy access communications with the CertCentral cloud service, a sensor host must have access to the outbound HTTP (port 80) and HTTPS (port 443).
  • CertCentral cloud service IP address
    If you're using a firewall, you need to open the firewall to IP range: Failing to do this blocks the sensor from relaying scan information to Discovery in CertCentral.

Target IP addresses

The firewall rules or Access Control Lists must allow the sensor to reach the target IP addresses you want scanned.

Proxy server communications

For a scan to run successfully, its sensor must be able to communicate with the CertCentral cloud service to receive instructions associated with certificate discovery and to report on certificate inventory updates. See Configure a sensor to use a proxy server for communications.

The proxy configuration for the sensor enables the sensor to communicate with CertCentral cloud service. The proxy configuration is not for enabling the sensor to scan a host.

Deployment requirements

Install the sensor where it can access the fully qualified domain names (FQDNs) and IP addresses you want scanned. We recommend installing one sensor per uninterrupted network segment.

You only need additional sensors if your network:

  • Is segmented by firewalls or routers
  • Has multiple LANs or network segments

Additional sensors may also be useful when scanning a large number of IP addresses and ports. Splitting large IP ranges across multiple scans allows you to decrease the impact of scans on your network resources and to complete scans more quickly.

Hardware and software requirements

Red Hat Enterprise Linux 6.x and 7.x

  • Root privileges
  • 64-bit version and US locale required
  • 2 GB RAM (4GB RAM recommended)
  • 2 GB free disk space (minimum)

Microsoft Windows 7, 8, 8.1, 10, Server 2012, and Server 2016

  • Run as administrator
  • 64-bit version
  • Microsoft .NET Framework 4.x
  • 2 GB RAM (4GB RAM recommended)
  • 2 GB free disk space (minimum)

VMware ESX/ESXi 5.x and later

  • Administrator access
  • 64-bit version
  • 2 GB RAM (4GB RAM recommended)
  • 30 GB free disk space