Configure a sensor for automation

After installing and activating a sensor, you must configure it for automation.

Initial configuration occurs on the sensor system itself. Here you specify the network appliances for which the sensor will manage TLS certificates.

There are two possible methods:

Make sure your network appliance is supported by CertCentral automation. For a list of supported models and versions, see Get started with automation.

The login password of each network appliance must meet the DigiCert password requirements so it will work with automation. The password must contain lower and upper case letters, numbers, or symbols.

Interactive configuration

The addagentless utility is used to perform local configuration of a DigiCert sensor. This command adds network appliances for certificate automation by the sensor.

The addagentless utility is located within the cli subdirectory of the sensor installation directory. Invoke it differently based on the system type:

  • Linux: ./
  • Windows: addagentless.bat
  • Docker:
    • Without signing into the docker sensor container:
      docker exec -it <container-id/name> cli/
    • After first signing into the docker sensor container:
      Run docker exec -it <container-id/name> bash to get a bash shell in the container, then run cli/
    • (Note: Run the docker ps command to find the container ID or name.)

Invoked by itself, the addagentless command prints a usage statement listing all its possible arguments.

To add a new network appliance for automation, use the -type argument followed by one of the below values:

  • A10: A10 load balancer
  • AWS: Amazon Elastic Load Balancer (ALB or NLB)
  • AWS-CLOUDFRONT: Amazon Cloudfront CDN
  • BIGIP: F5 BIG-IP load balancer
  • NETSCALER: Citrix NetScaler load balancer

Run a separate addagentless command for each individual network appliance that will be managed by the sensor. After making each command, you are presented with a series of interactive prompts to supply the required parameters for that appliance.

For example, the terminal output below shows where the Windows version of the addagentless utility was used to add an A10 load balancer for sensor-based automation. Note the interactive prompts after the initial addagentless.bat -type A10 command, and the values supplied for each in this example.

C:\Program Files\DigiCert\DigiCert sensor\cli>addagentless.bat  -type A10

Sensor CLI. Copyright 2020, DigiCert Inc.
Add or change login credentials and specify data IP addresses for certificate automation.
Enter management IP address:
Enter Management Port (443):443
If available, do you want to map this sensor with the previously voided loadbalancer (Y/N)?:N
Important: Enter an account that has admin (superuser) permission to manage all partitions on the A10 load balancer.
Enter admin username:admin
Enter admin password:
Confirm admin password:
Successfully added or changed the agentless.
IMPORTANT: After you run this command, return to Manage Automation Agents. Verify that the certificate host appears and is configured.

For examples of configuring different types of network appliances for automation, see Sensor configuration examples.

Configure from file

Instead of configuring a sensor interactively, you can read in the configuration from a file. This method can help you plan your configuration before implementing it. To do so:

  1. Create configuration text file.
    Create a basic text file containing the configuration parameters for the network appliance (one parameter per line). Required parameters depend on the appliance type. See examples below.

  2. Read in configuration from the text file.
    Run the addagentless command, using the -type argument to specify the network appliance type, plus the -file argument to specify the file containing the configuration parameters. For example, to configure an A10 load balancer using the configuration parameters in "myfile1.txt":

    • Linux: ./ -type A10 -file myfile1.txt
    • Windows: addagentless.bat -type A10 -file myfile1.txt
    • Docker:
      • Without signing into the docker sensor container:
        docker exec -it <container-id/name> cli/ -type A10 -file myfile1.txt
      • After first signing into the docker sensor container:
        Run docker exec -it <container-id/name> bash to get a bash shell in the container, then run cli/ -type A10 - file myfile1.txt
      • (Note: Run the docker ps command to find the container ID or name.)

The following examples show the parameters needed in the configuration file for different network appliance types:

Network appliance type Example configuration parameters
(For single configuration)
(For high availability configuration)
PEER_INFO=,443,username001,password001 :,443,username002,password002

Note: Use a colon (:) symbol surrounded by blank spaces to separate the login information for each peer.
AWS Network/Application Load Balancer AWS_ACCOUNT_ID=123456789012
AWS CloudFront AWS_ACCOUNT_ID=123456789012
Citrix NetScaler MANAGEMENT_IP=

For AWS NLB/ALB and AWS CloudFront, set the KEY_REQ value to reflect your preferred method of authentication, as follows:

KEY_REQ Parameter Required/Optional Description
1 --- --- Provide login credentials using default AWS credential provider chain.
Required Supply the credentials yourself.
3 PROFILE_NAME Required Use an AWS profile name as your login credentials.

What's next?

After completing the local configuration of your sensor system, go to CertCentral to verify and finalize it: