Skip to main content

Install and activate a sensor

Automating certificate requests on network appliances, such as load balancers, requires that the DigiCert sensor be installed and running on a dedicated system that can manage those appliances over the network.

Notice

If you already have a sensor running for discovery, you can configure it to perform automation as well. Skip to the configuration step to learn how.

Before you begin

  • Verify your network appliances are supported for sensor-based automation. See Get started with managed automation.

  • Verify the system and network requirements for the sensor. See System and network requirements.

  • You must have root or administrator permissions on the local system to install the sensor.

  • You must have CertCentral admin or manager account credentials to activate the sensor.

Download the sensor software

Start by downloading the sensor installer package.

To download the sensor directly:

To download the sensor via CertCentral:

  1. In your CertCentral account, in the left main menu, select Automation > Manage automation.

  2. Select the Add automation button at top.

  3. Select the Set up a sensor option.

  4. Select I don't have a sensor installed or need to install a new one.

  5. Finally, select Download to download the applicable sensor version.

Windows: Install and activate the sensor

After downloading the Windows version of the sensor, follow these steps to install and activate it:

  1. On your Windows system, run the installer .exe file as an administrator.

  2. Accept the End-User license agreement terms and select an installation folder. The wizard installs the sensor as a Windows service.

  3. After the wizard has finished installing the files, check Activate DigiCert Sensor and select Finish.

  4. Select how the sensor will connect to the CertCentral cloud:

    • Direct No Proxy: If the sensor will connect directly.

    • My Own Proxy: If connecting through a third-party proxy server. You will be prompted to enter the proxy server details.

  5. On the Activate DigiCert Sensor page, enter your CertCentral admin or manager account credentials (username and password) and select Connect.

  6. In the Divisions dropdown, select the division you want to assign the sensor to. If you do not have divisions, select the organization for your account.

  7. In the Sensor name box, enter an easily identifiable name for the sensor. Select Next.

  8. Check Start DigiCert Sensor and select Finish.

Notice

If you choose not to activate the sensor after installation (step 3), you can do so later by running the start.bat script from the sensor installation directory.

Linux: Install and activate the sensor

After downloading the Linux version of the sensor, follow these steps to install and activate it:

  1. Untar the installer file (for example, tar -xzvf <sensor-file>.tar.gz).

  2. Change into the installation directory, and run start.sh as root (for example, sudo ./start.sh).

  3. When asked to proceed with authentication, type y and enter your CertCentral admin or manager account credentials (username and password).

  4. Select the division you want to assign the sensor to, if applicable. If you do not have divisions, select the organization for your account.

  5. When asked, enter an easily identifiable name for the sensor.

Optionally, you can set up the sensor to run as a Linux service. This allows the sensor to operate uninterrupted in the background, even after your machine reboots. To do so:

  1. If an instance of the sensor is already running, stop it first by running ./cli/stop.sh as root from the sensor installation directory.

  2. In the sensor installation directory, run ./service-install.sh as root to install and start the sensor service.

Docker: Install and activate the sensor

After downloading the Docker Compose sensor file, follow these steps to install and activate it:

  1. Create an installation directory for the sensor.

  2. Copy the Docker Compose sensor file (digicert_sensor_docker-compose.yml) into the installation directory.

  3. Open the digicert_sensor_docker-compose.yml file in a text editor.

  4. Edit the file to provide values for the following parameters to configure the sensor:

    • Username: Username of the CertCentral admin or manager account.

    • Password: Password of the CertCentral admin or manager account.

    • Division name: Name of the division you want to assign the sensor to.

    • Sensor name: An easily identifiable name for the sensor.

  5. From the sensor installation directory, run the docker-compose -f digicert_sensor_docker-compose.yml up -d command to create and start the sensor container.

Notice

For more details about Docker installation parameters, see Docker: Install a sensor.

Kubernetes: Install and activate the sensor

After downloading the Kubernetes sensor deployment file, follow these steps to install and activate it:

  1. Extract the contents of the downloaded zip file.

  2. Create an installation directory and copy the extracted folder (digicert_sensor_kubernetes) into it.

  3. Open the values.yaml file in a text editor.

  4. Edit the file to provide values for the following parameters to configure the sensor:

    • Username: Username of the CertCentral admin or manager account.

    • Password: Password of the CertCentral admin or manager account.

    • Division name: Name of the division you want to assign the sensor to.

    • Sensor name: An easily identifiable name for the sensor.

  5. From the sensor installation directory, run the helm install <image-name> <installation-directory-path> command to install and start the sensor.

    For example:

    helm install digicert-sensor ./install_dir

Notice

For more details about Kubernetes installation parameters, see Kubernetes: Install a sensor.

Proxy settings for the sensor

If you installed the sensor on a system that requires a proxy server to communicate outside your network, you must add the proxy settings so the sensor can communicate with the CertCentral cloud.

For Windows, you are prompted to configure proxy settings during the install process. For other installations, or if you wish to update the proxy settings under Windows, add the proxy settings as follows:

  1. From the sensor installation directory, access the config directory.

  2. Locate the file called proxy.properties. If it does not already exist, create it here. An example of this file is provided below.

  3. Open the proxy.properties file in a text editor and configure the following parameters for proxy access:

    • enableProxy: true enables proxy access and false disables it.

    • httpsHost: IP address of the proxy server to use.

    • httpsHostPort: Port number for the proxy server.

    • httpsAuthUser: Username for authentication on the proxy server (basic authentication only), if required.

    • httpsAuthPassword: Password for authentication on the proxy server (basic authentication only), if required.

  4. Restart the sensor service to encrypt the proxy passwords and upload the proxy information.

The following is an example of the config/proxy.properties file:

enableProxy=true
httpsHost=10.125.125.125
httpsHostPort=443
httpsAuthUser=system01@Admin
httpsAuthPassword=mypassword

Notice

For more details about proxy server settings on sensors, see Configure a sensor to use a proxy server for communications.

Loopback port for the sensor

The sensor requires a local loopback port for communications. By default, the sensor uses 10323 as its loopback port. If port 10323 is already in use, it will bind to another available port between 10323-10373.

To assign a loopback port of your choice, edit the config/cli.properties file in the sensor installation directory. Restart the sensor service to apply your changes.

Uninstall or reinstall a sensor

To uninstall an existing sensor: see Uninstall a sensor for detailed instructions per sensor platform.

To reinstall a sensor: first uninstall the existing sensor and then download and install/activate a fresh sensor for Windows, Linux, Docker, or Kubernetes.

What's next?