Before installing a DigiCert® sensor, verify the system and network requirements. The sensor must be installed on a dedicated host on your network that can connect to DigiCert® Trust Lifecycle Manager and the systems it will support for network-based integrations, discovery, and automation.
Important
To avoid conflicts, do not install a DigiCert sensor and agent on the same system. Use a dedicated host for the sensor.
Your environment must have at least a minimal installation of a supported operating system:
Server type | Supported OS versions | Minimum specifications |
|---|---|---|
Docker |
|
Be sure to review the installation considerations. |
Windows |
|
|
Linux |
|
|
Docker sensor containers use a bridge network by default. This associates the Docker network with a bridge interface on the host, along with firewall rules to filter traffic between these interfaces.
Docker containers that share the same Docker network and host bridge interface but are isolated from each other by a firewall can communicate with each other on the bridge network.
To view a list of Docker interfaces, run the
docker network lscommand.To get information about Docker interfaces, run the
docker inspect <docker_container_ID> | grep sensorcommand.
The sensor host must be able to resolve its own fully qualified domain names (FQDNs), either via DNS or a local "hosts" file.
To connect to Trust Lifecycle Manager, the sensor requires outbound access to the two DigiCert platform URLs in one of the following regions:
To use the sensor for discovery and automation, it also requires outbound access to the following DigiCert host:
The sensor must be able to access any systems it will integrate with via connectors or target for certificate lifecycle automation or in network scans.
To use the sensor as a proxy server for DigiCert® agents and other hosts on your network, the sensor host must allow inbound access on the proxy listening port (default port 48999). To learn more, see Use a sensor as a proxy server.
The sensor binds to the following loopback port(s) on the local host. To adjust the loopback port numbers for an installed sensor, edit the applicable configuration files in the sensor config sub-directory and restart the sensor service.
Loopback port | Description | Required | Sensor config file |
|---|---|---|---|
10323 | General loopback communications port. If port 10323 is already in use by other software, the sensor automatically binds to an available port between 10323–10373. To control which port the sensor binds to, update the provided configuration file. | Always | cli.properties |
58080 | Local communications port for the plugin manager process used to manage network-based integrations for Trust Lifecycle Manager. | Only if the sensor is used in a connector | plugin.properties |
61616 | Local communications port for Simple (or Streaming) Text Oriented Messaging Protocol (STOMP). Used for message queuing between the main sensor process and the plugin manager process. | Only if the sensor is used in a connector | messaging.properties |