Windows agent silent mode preparation
Follow the below steps to prepare for silent mode installation of DigiCert® agents on one or more Windows servers for use with CertCentral.
You can prepare the silent mode installation on any Windows system. It does not need to be one of the systems where you will install a DigiCert agent.
Before you begin
You need a CertCentral API key to authenticate agents for silent mode installation. To create an API key in CertCentral:
Select Automation > API Keys from the left main menu.
Select the Add API Key button and fill out the resulting form:
Description: Enter a user-friendly description for this API key.
User: Select an administrator user.
API key restrictions: Leave it set to "None".
Select the Add API Key button to finish creating the key. Copy the key to a secure location. It only gets shown once.
注記
You can reuse the same API key to install Windows or Linux agents in silent mode. You can delete the API key after the agents are deployed.
Go
You need the latest version of Go to build the companion application for silent mode installation.
To download and install Go, refer to the official Go documentation.
注記
64-bit versions of Windows (Win10 and above) require go1.18.5 or above.
.NET Core SDK
.NET Core SDK is a prerequisite for installing the WiX Toolset (see below).
Download and install the latest version of .NET Core SDK from the official Microsoft website.
WiX Toolset
You will use the WiX Toolset (version 4 or later) to build the MSI bundle for Windows agent silent mode installation.
To install WiX using the .NET CLI (included with .NET Core SDK), run the following command with administrator privileges:
dotnet tool install --global wix
DigiCert agent software
Download the Windows agent installer and silent mode tools from CertCentral:
From the left main menu, select Automation > Manage automation.
Select the Add automation button, then select Set up an agent.
Select Yes for your server can be reached directly.
Use the Download button to download the latest version of the DigiCert agent installer for Windows. It should have a name like adm_agent_N.N.N_win64.zip, where "N.N.N" is the agent version number.
Select the Do you want to install the agent silently on multiple servers? link. In the resulting pop-up window:
Select the Companion application build code link to download the companion application package (Digicert-Agent-Deployment-Companion.zip).
Select the Windows link to download the silent mode installer package for Windows (DigiCertADMAgentGPOInstaller.zip).
To build the companion application for silent mode installation of Windows agents:
Unzip the companion application package you downloaded from CertCentral (Digicert-Agent-Deployment-Companion.zip).
Open a terminal with administrator privileges and navigate into the unzipped Digicert-Agent-Deployment-Companion folder.
Run the following command to build the companion application, replacing the
{DEVKEY}
parameter with your API key:(set GOARCH=amd64) && (set GOOS=windows) && go build -o digicert-agent-deployment-companion.exe -trimpath -ldflags="-s -w -X 'main.devkey={DEVKEY}'"
For example:
(set GOARCH=amd64) && (set GOOS=windows) && go build -o digicert-agent-deployment-companion.exe -trimpath -ldflags="-s -w -X 'main.devkey=IWMDAWMDAWWHCNMJEWMTE5MJM1OTU5WJBXMQSWCQYDVQQGEWJVUZEXMBUGA1UECHMOVMVYAVNPZ24SIEL'"
The compiled companion application gets saved as digicert-agent-deployment-companion.exe
in the Digicert-Agent-Deployment-Companion folder.
To build the MSI bundle for installing Windows agents in silent mode:
Unzip the silent mode installer package you downloaded from CertCentral (DigiCertADMAgentGPOInstaller.zip).
The previous step creates a folder called DigiCertADMAgentGPOInstaller on your build system. Copy the compiled companion application file (
digicert-agent-deployment-companion.exe
) into this folder.Now unzip the DigiCert agent installer you downloaded from CertCentral. It should have a name like adm_agent_N.N.N_win64.zip, where "N.N.N" is the agent version number.
The previous step extracts the file called
DigiCert TLM Agent.exe
into your working folder. Copy this file into the same DigiCertADMAgentGPOInstaller folder where you copied the companion application.Open a terminal session, and change into the DigiCertADMAgentGPOInstaller folder. Run the
DigiCertADMAgentGPOInstaller-msi-build.bat
in this folder to build the MSI bundle for installing the DigiCert agent software in silent mode.
Upon successful execution, the MSI bundle DigiCertADMAgentGPOInstaller.msi
is available in the DigiCertADMAgentGPOInstaller folder.
The silent mode installer package you downloaded from CertCentral (DigiCertADMAgentGPOInstaller.zip) provides a sample script called DigiCertAgentGPOInstaller.bat
to drive the agent silent mode installation process. Find this script in the unzipped DigiCertADMAgentGPOInstaller folder.
To prepare to install the MSI bundle, update the sample DigiCertAgentGPOInstaller.bat
script to supply values for the configuration parameters at the top of this file, as described below.
Configuration parameter | Required | Description |
---|---|---|
shared_path | Yes | The shared network path where you will place the MSI bundle file ( |
division_id | Yes | The ID of the division to assign agents to in CertCentral. |
proxy | No | Proxy settings for the agents. Leave empty if your agents don't use a proxy to connect to CertCentral. Note: DigiCert agents only support
|
Examples of setting these variables at the top of the DigiCertAgentGPOInstaller.bat
script:
重要
The provided DigiCertAgentGPOInstaller.bat
script assumes the Windows operating system is running from the C: drive on the systems where you will install the DigiCert agent. If not, update the script to replace all references to the C: drive with the applicable drive letter where Windows is running. You cannot install the agent onto a mix of systems that run Windows from different drive letters at the same time.
Create a shared software distribution point on a server on your network that is accessible by the target systems where you want to install the DigiCert agent software:
Sign in to the publishing server as an administrator.
Create a shared network folder on the server and set the permissions on it to allow access from the target systems for agent installation.
Copy the DigiCert agent MSI bundle (
DigiCertADMAgentGPOInstaller.msi
) and silent mode installer script (DigiCertAgentGPOInstaller.bat
) that you prepared into the shared network folder.
The shared files should now be accessible over the network using a universal naming convention (UNC) path (for example, \\my-server\WindowsAgent\DigiCertADMAgentGPOInstaller.msi and \\my-server\WindowsAgent\DigiCertAgentGPOInstaller.bat).
What's next
After completing the Windows agent silent mode preparation, you are ready to install Windows agents in silent mode on your servers.