Docker 用センサをインストールする
To discover and automate certificates on network appliances and cloud services, install the DigiCert® sensor software onto a dedicated host that can access those systems over the network.
Before you begin
Verify the system and network requirements for the sensor. See System and network requirements.
You must have root or administrator permissions on the local system to install the sensor.
Sensor deployment workflow
Follow these steps to install a DigiCert sensor and activate it for use.
From the menu, select Discovery & automation tools > Client tools.
Select the Sensor - installer for your system type (Docker, Windows, or Linux).
Select the download installer icon at right.
Save the file to your system. Make sure to note the location.
To authenticate and activate the sensor for Windows or Linux, you need a license key.
From the menu, select Discovery & automation tools > Client tools.
Select the card for the sensor type you're installing (Windows or Linux).
From the Requirements section of the installer details page, select Download activation file.
Optionally select a business unit to assign the sensor to. Select Download.
The activation file gets downloaded as license.properties. Make sure to note the location.
注記
The activation file is not required for Docker installations.
After downloading the sensor installer and the activation file, use it to install the sensor software onto a dedicated host on your network.
Windows
Run the installer
.exe
file as an administrator.Follow the on-screen steps to install the sensor.
Do not activate the sensor yet. On the final installer screen, uncheck the "activate" option.
After the installer finishes, copy the downloaded activation file into the sensor’s config sub-directory, replacing the existing license.properties file there.
From the main sensor installation folder, run the
start.bat
script as an administrator.
Linux
Untar the installer file (for example,
tar -xzvf <sensor-file>.tar.gz
).Copy the downloaded activation file into the sensor’s config sub-directory, replacing the existing license.properties file there.
From the main sensor installation directory, run the
start.sh
script as root (for example,sudo ./start.sh
).Proceed with the on-screen steps to complete the installation and activation process.
Docker
Create a directory for the Docker sensor installation.
Copy the docker-compose.yml file into the installation directory you created.
Change into the sensor installation directory and run the
docker-compose up -d
command to create and start the sensor container.
Proxy settings
If you installed the sensor on a host that requires a proxy server to communicate outside your network, you must configure the proxy settings so the sensor can communicate with DigiCert® Trust Lifecycle Manager.
For Windows, you are prompted to configure proxy settings during the install process. For other installations, or if you wish to update the proxy settings under Windows, you must configure the proxy settings in a separate step.
To learn more, see Configure a sensor to use a proxy server for communications.
Additional settings for private on-premises DigiCert ONE users
Users with a private on-premises DigiCert ONE deployment need to configure the sensor to obtain the private certificate for the local DigiCert ONE instance.
This requires adding an additional configuration line and then restarting the sensor service if it's already activated and running. Specifics vary by platform:
Windows or Linux
Add the following configuration line anywhere in the license.properties file for the sensor:
TRUST_PRIVATE_TLS=true
Restart the sensor service if it's already running, otherwise use the sensor's start.bat
(Windows) or start.sh
(Linux) script to launch it.
Docker
Add the following configuration line into the environment:
section of the docker-compose.yml file for the sensor:
- TRUST_PRIVATE_TLS=true
Change into the sensor installation directory where the docker-compose.yml file is located. If the sensor is already running, use the docker-compose down
command to stop it. Use the docker-compose up -d
command to start the Docker sensor with the new configuration setting in place.
Uninstall or reinstall a sensor
To uninstall an existing DigiCert sensor:
Windows: Use the Windows Apps control panel to uninstall the DigiCert sensor software.
Linux: Stop the DigiCert sensor service, then delete the directory where you installed the sensor.
Docker: Change into the sensor installation directory where the docker-compose.yml file is located. Use the
docker-compose down
command to stop the sensor, then delete the directory.
To reinstall a DigiCert sensor: first uninstall the existing sensor as described above and then download and install/activate a fresh sensor. For Docker, we recommend that you store the docker-compose.yml file for the new sensor in a directory with a different name than any previous sensor.
What's next
Go to the Discovery & automation tools > Sensors page in Trust Lifecycle Manager to view and manage your installed sensors.
Use your sensors to run network scans for discovery or to set up connectors for integrating remote devices and services into your Trust Lifecycle Manager environment.