Linux agent silent mode preparation
Follow the below steps to prepare for silent mode installation of DigiCert® agents on one or more Linux servers for use with DigiCert® Trust Lifecycle Manager.
You can prepare the silent mode installation on any Linux system. It does not need to be one of the systems where you will install a DigiCert agent.
Before you begin
You need a DigiCert® ONE service user token ID to authenticate agents for silent mode installation. See Create a service user for detailed instructions about how to create and download an API service user token ID. Make sure the service user includes the following properties:
Accounts that can use this service user includes your DigiCert® Trust Lifecycle Manager account.
DigiCert ONE Manager access includes Trust Lifecycle.
Roles and permissions includes the
Infrastructure admin
andUser and certificate manager
user roles for Trust Lifecycle Manager.
Avis
You can reuse the same service user token ID to install Windows or Linux agents in silent mode. You can disable the service user after the agents are deployed.
Go
You need the latest version of Go to build the companion application for silent mode installation.
To download and install Go, refer to the official Go documentation.
Avis
64-bit versions of Linux (CentOS 7 and above) require go1.18.5 or above.
DigiCert agent software
Download the Linux agent installer and silent mode tools from DigiCert® Trust Lifecycle Manager:
Select Discovery & automation tools > Client tools from the Trust Lifecycle Manager main menu.
Select Agent - Linux installer.
Use the download button on the right to download the latest version of the DigiCert agent installer for Linux. It should have a name like tlm_agent_N.N.N_linux64.zip, where "N.N.N" is the agent version number.
Select the Companion application link to download the companion application package (Digicert-TLM-Agent-Deployment-Companion.zip).
Select the Agent deployment codes link to download the silent mode installer script for Linux (silentInstaller-by-companion-lnx.sh).
To build the companion application for silent mode installation of Linux agents:
Unzip the companion application package you downloaded from Trust Lifecycle Manager (Digicert-TLM-Agent-Deployment-Companion.zip).
Navigate into the unzipped Digicert-TLM-Agent-Deployment-Companion directory.
Run the following command as root to build the companion application, replacing the
{DEVKEY}
parameter with your service user token ID:(set GOARCH=amd64) && (set GOOS=linux) && go build -o digicert-agent-deployment-companion -trimpath -ldflags="-s -w -X 'main.devkey={DEVKEY}'"
For example:
(set GOARCH=amd64) && (set GOOS=linux) && go build -o digicert-agent-deployment-companion -trimpath -ldflags="-s -w -X 'main.devkey=IWMDAWMDAWWHCNMJEWMTE5MJM1OTU5WJBXMQSWCQYDVQQGEWJVUZEXMBUGA1UECHMOVMVYAVNPZ24SIEL'"
The compiled companion application gets saved as digicert-agent-deployment-companion
in the Digicert-TLM-Agent-Deployment-Companion directory.
To prepare the software distribution package for silent mode installation of Linux agents:
Create a directory called DigiCertTLMAgentGPOInstaller somewhere on the build system.
Copy the following files into the DigiCertTLMAgentGPOInstaller directory you created:
tlm_agent_N.N.N_linux64.zip: The DigiCert agent installer you downloaded from Trust Lifecycle Manager, where "N.N.N" is the agent version number.
silentInstaller-by-companion-lnx.sh: The silent mode installer script you downloaded from Trust Lifecycle Manager.
digicert-agent-deployment-companion: The compiled companion application file you built in Step 2: Build the companion application.
Make sure the silent mode installer script is executable. For example:
chmod +x silentInstaller-by-companion-lnx.sh
Create a .tar.gz file called DigiCertTLMAgentGPOInstaller.tar.gz that contains the DigiCertTLMAgentGPOInstaller directory you created and the three files you copied into it. For example:
tar -czvf DigiCertTLMAgentGPOInstaller.tar.gz DigiCertTLMAgentGPOInstaller
What's next
After completing the Linux agent silent mode preparation, you are ready to install Linux agents in silent mode on your servers.