Skip to main content

System and network requirements

Verify that your system and network meet the minimum requirements before you install a DigiCert sensor.

System requirements

The sensor software runs on systems with the following requirements:

Red Hat Enterprise Linux 7.x, 8.x, and Ubuntu 20.04 or later

  • Root privileges

  • 64-bit version and US locale required

  • 2 GB RAM (4GB RAM recommended)

  • 2 GB free disk space (minimum)

Microsoft Windows 8, 8.1, 10, Server 2012, 2016, 2019, and 2022

  • Run as administrator

  • 64-bit version

  • Microsoft .NET Framework 4.x

  • 2 GB RAM (4GB RAM recommended)

  • 2 GB free disk space (minimum)

Docker Engine 18.06.3 or later

  • Admin access

  • 64-bit version

  • 2 GB RAM (4GB RAM recommended)

  • 2 GB free disk space (minimum)

Network requirements

To access the CertCentral cloud, the sensor must be able to:

  • Connect outbound to HTTPS (port 443).

  • Connect outbound to the public IP address 216.168.244.42 (for acme.digicert.com and daas.digicert.com).

  • Resolve the fully qualified domain names (FQDNs) for its host system, either via DNS or a local "hosts" file.

To manage certificate automations for your network appliances, the sensor must be able to:

  • Connect to HTTPS (port 443) on each network appliance that it manages.

  • Bind to a loopback port on the local system. By default, the sensor uses 10323 as its loopback port. If port 10323 is already in use, it will bind to another available port between 10323-10373. The loopback port can also be user-defined via the sensor config/cli.properties file.

Note: DigiCert recommends installing the sensor at a network location with maximum visibility of the systems it will manage. Multiple sensors may be required if all managed systems cannot be accessed from a single network segment.

Sensor used as proxy

If your sensor will be used as a proxy for ACME agent-based automations, then it must:

  • Be accessible to those agents over the network.

  • Have the local proxy port open:

    • Port 8080 for sensor version 3.8.46 and older.

    • Port 48999 for sensor version 3.8.47 and newer.

Docker installations

When installing a sensor with docker, note that the sensor container will use a bridge network by default. In this case a docker network is associated with a bridge interface on the host, and firewall rules are defined to filter traffic between these interfaces.

Docker containers that share the same docker network and host bridge interface but are isolated from each other by the firewall can communicate with each other using the bridge network.

  • To view a list of Docker interfaces: docker network ls

  • To get information about Docker interfaces used by the sensor: docker inspect <docker_container_ID> | grep sensor