시스템 및 네트워크 요구 사항
DigiCert ACME 자동화 에이전트를 설치하기 전에 시스템과 네트워크가 최소 요구 사항을 충족하는지 확인하십시오.
중요
To avoid conflicts, do not install a DigiCert sensor and agent on the same system. Use a dedicated host for the sensor.
시스템 요구 사항
ACME 에이전트 소프트웨어는 Linux 및 Windows 시스템에서 실행되며 다음 요구 사항이 있습니다.
Server type | Supported OS versions | Minimum specifications |
---|---|---|
Linux |
|
|
Windows |
|
|
네트워크 요구 사항
Each DigiCert agent must be able to access the network hosts described below, either directly or via proxy.
Direct access: If the agent does not use a proxy to connect, it must have direct access to the network hosts described below.
Proxy access: If the agent uses a DigiCert sensor as proxy or a third-party proxy service, it only needs access to the sensor or proxy server. In turn, the sensor or proxy server must have access to the network hosts described below.
DigiCert® ONE platform
To connect to Trust Lifecycle Manager, the agent requires access to one of the following DigiCert ONE environments.
To use the production environment, the agent must be able to connect outbound to HTTPS (TCP port 443
) on the two DigiCert ONE platform URLs in one of the following regions.
To use the demo environment, the agent must be able to connect outbound to HTTPS (TCP port 443
) on the two DigiCert ONE platform URLs in one of the following regions.
Service URLs
In addition to platform access, the agent must be able to connect outbound to HTTPS (TCP port 443
) on the following automation and discovery service URLs.
Loopback ports
The agent binds to the following loopback ports on the local host. To adjust the loopback port numbers for an installed agent, edit the applicable configuration file/parameter in the agent conf sub-directory and restart the agent service.
Loopback port | Description | Agent conf file | Configuration parameter |
---|---|---|---|
58080 | Local communications port for the plugin manager process used to manage certificate delivery events for Trust Lifecycle Manager. | config.toml | |
61613 | Local communications port for Simple (or Streaming) Text Oriented Messaging Protocol (STOMP). Used for message queuing between the main agent process and the plugin manager process. | config.toml | |
참고
Loopback ports do not require any access rules on the local firewall.
Web server hostname resolution
The DigiCert agent on each host must be able to resolve the fully qualified domain names (FQDNs) for the local web server for which it manages certificates.
The agent can resolve the web server hostname(s) via either DNS or a local "hosts" file.
What's next
To install an agent on a single server, see Install and activate a DigiCert agent.
To bulk install agents on multiple servers at once, see Install DigiCert agents in silent mode.
If your organization has a private on-premises instance of DigiCert ONE, make sure you meet the additional requirements to use DigiCert agents for certificate lifecycle automation.