Skip to main content

시스템 및 네트워크 요구 사항

DigiCert ACME 자동화 에이전트를 설치하기 전에 시스템과 네트워크가 최소 요구 사항을 충족하는지 확인하십시오.

에이전트는 자동화된 TLS/SSL 인증서와 동일한 시스템에 설치해야 합니다.

시스템 요구 사항

ACME 에이전트 소프트웨어는 Linux 및 Windows 시스템에서 실행되며 다음 요구 사항이 있습니다.

Server type

Supported OS versions

Minimum specifications

Windows

  • Windows 10

  • Windows Server 2016, 2019, 2022

  • 64비트 버전

  • 2GB RAM(4GB RAM 권장)

  • 2GB 여유 디스크 공간(최소)

  • Microsoft .NET Framework 4.x installed

  • Administrator privileges

Linux

  • CentOS/RHEL 7.x, 8.x, 9.x

  • Ubuntu 20.04 or later

  • 64비트 버전 및 US 로캘 필요

  • 2GB RAM(4GB RAM 권장)

  • 2GB 여유 디스크 공간(최소)

  • CLI utilities awk, grep, sed, lsof, and dos2unix installed

  • Root privileges

네트워크 요구 사항

로컬 ACME 에이전트는 다음을 수행할 수 있어야 합니다.

로컬 ACME 에이전트는 다음을 수행할 수 있어야 합니다.

  • HTTPS(포트 443)에 대한 아웃바운드 연결.

    Region

    URLs

    Americas (U.S.A.)

    one.digicert.com, clientauth.one.digicert.com

    APJ (Japan)

    one.digicert.co.jp, clientauth.one.digicert.co.jp

    EMEA (Netherlands)

    one.nl.digicert.com, clientauth.one.nl.digicert.com

    EMEA (Switzerland)

    one.ch.digicert.com, clientauth.one.ch.digicert.com

  • 공용 IP 주소 216.168.244.42(acme.digicert.comdaas.digicert.com용)에 대한 아웃바운드 연결.

참고

If the agent will use a local DigiCert​​®​​ sensor as proxy, make sure port 48999 is open on the sensor and can be accessed by the agent.

Additional requirements for private on-premises DigiCert ONE users

Users with a private on-premises DigiCert ONE deployment need to install the private DigiCert ONE certificate into the local truststores of any systems that will run agent-based automations.

Below are basic instructions for how to meet these private trust requirements. For more details about how to install and manage the CA certificates in a local truststore, consult the documentation for your operating system version.

Note: These requirements only apply to private on-premises DigiCert ONE users. They do not apply to users of the cloud-hosted DigiCert ONE service.

Windows truststore requirements

To automate certificates on a Windows system via a private on-premises DigiCert ONE server, install the private DigiCert ONE certificate into the Windows truststore as described below.

Active Directory deployment

Refer to this page on the Microsoft website for instructions about how to distribute the DigiCert ONE certificate via Active Directory.

Standalone deployment

To install the DigiCert ONE certificate on a standalone Windows system:

  1. Copy the private DigiCert ONE certificate to the Windows system as a PEM-encoded file (.crt file extension). Note the certificate file location.

  2. Launch the Windows certlm.msc tool as an administrator to manage the certificates on the local machine.

  3. Use the Import action to browse and import the DigiCert ONE certificate file into the list of Trusted Root Certification Authorities > Certificates.

Linux truststore requirements

To automate certificates on a Linux system via a private on-premises DigiCert ONE server, install the private DigiCert ONE certificate into the Linux truststore as follows:

  1. Copy the private DigiCert ONE certificate to the Linux system as a PEM-encoded file (.crt file extension). Note the certificate file location.

  2. Make sure the Linux ca-certificates package is installed. Install it if needed, for example, by running apt-get install ca-certificates or yum install ca-certificates as root.

  3. Copy the .crt file for DigiCert ONE into the CA certificates directory. The location of this directory depends on your Linux distribution and version. See the table below for some possible locations.

  4. Run the command as root to update the local truststore based on the current CA certificate files. The name of this command depends on your Linux distribution and version. See the table below for some possibilities.

Linux distribution

CA certificates directory

Command to update truststore

CentOS/RHEL

/etc/pki/ca-trust/source/anchors/

update-ca-trust

SUSE

/usr/share/pki/trust/anchors/

update-ca-certificates

Ubuntu

/usr/local/share/ca-certificates/

update-ca-certificates