Skip to main content

Install and activate sensors

To discover and automate certificates on network appliances and cloud services, install the DigiCert​​®​​ sensor software onto a dedicated host that can access those systems over the network.

Before you begin

  • Verify the system and network requirements for the sensor. See System and network requirements.

  • You must have root or administrator permissions on the local system to install the sensor.

Sensor deployment workflow

Follow these steps to install a DigiCert sensor and activate it for use.

  1. From the menu, select Discovery & automation tools > Client tools.

  2. Select the Sensor - installer for your system type (Docker, Windows, or Linux).

  3. Select the download installer icon at right.

  4. Save the file to your system. Make sure to note the location.

To authenticate and activate the sensor for Windows or Linux, you need a license key.

  1. From the menu, select Discovery & automation tools > Client tools.

  2. Select the card for the sensor type you're installing (Windows or Linux).

  3. From the Requirements section of the installer details page, select Download activation file.

  4. Optionally select a business unit to assign the sensor to. Select Download.

  5. The activation file gets downloaded as license.properties. Make sure to note the location.

Note

The activation file is not required for Docker installations.

After downloading the sensor installer and the activation file, use it to install the sensor software onto a dedicated host on your network.

Windows

  1. Run the installer .exe file as an administrator.

  2. Follow the on-screen steps to install the sensor.

  3. Do not activate the sensor yet. On the final installer screen, uncheck the "activate" option.

  4. After the installer finishes, copy the downloaded activation file into the sensor’s config sub-directory, replacing the existing license.properties file there.

  5. From the main sensor installation folder, run the start.bat script as an administrator.

Linux

  1. Untar the installer file (for example, tar -xzvf <sensor-file>.tar.gz).

  2. Copy the downloaded activation file into the sensor’s config sub-directory, replacing the existing license.properties file there.

  3. From the main sensor installation directory, run the start.sh script as root (for example, sudo ./start.sh).

  4. Proceed with the on-screen steps to complete the installation and activation process.

Docker

  1. Create a directory for the Docker sensor installation.

  2. Copy the docker-compose.yml file into the installation directory you created.

  3. Change into the sensor installation directory and run the docker-compose up -d command to create and start the sensor container.

Proxy settings

If you installed the sensor on a host that requires a proxy server to communicate outside your network, you must configure the proxy settings so the sensor can communicate with DigiCert​​®​​ Trust Lifecycle Manager.

For Windows, you are prompted to configure proxy settings during the install process. For other installations, or if you wish to update the proxy settings under Windows, you must configure the proxy settings in a separate step.

To learn more, see Configure a sensor to use a proxy server for communications.

Additional settings for private on-premises DigiCert ONE users

Users with a private on-premises DigiCert ONE deployment need to configure the sensor to obtain the private certificate for the local DigiCert ONE instance.

This requires adding an additional configuration line and then restarting the sensor service if it's already activated and running. Specifics vary by platform:

Windows or Linux

Add the following configuration line anywhere in the license.properties file for the sensor:

TRUST_PRIVATE_TLS=true

Restart the sensor service if it's already running, otherwise use the sensor's start.bat (Windows) or start.sh (Linux) script to launch it.

Docker

Add the following configuration line into the environment: section of the docker-compose.yml file for the sensor:

- TRUST_PRIVATE_TLS=true

Change into the sensor installation directory where the docker-compose.yml file is located. If the sensor is already running, use the docker-compose down command to stop it. Use the docker-compose up -d command to start the Docker sensor with the new configuration setting in place.

Uninstall or reinstall a sensor

To uninstall an existing DigiCert sensor:

  • Windows: Use the Windows Apps control panel to uninstall the DigiCert sensor software.

  • Linux: Stop the DigiCert sensor service, then delete the directory where you installed the sensor.

  • Docker: Change into the sensor installation directory where the docker-compose.yml file is located. Use the docker-compose down command to stop the sensor, then delete the directory.

To reinstall a DigiCert sensor: first uninstall the existing sensor as described above and then download and install/activate a fresh sensor. For Docker, we recommend that you store the docker-compose.yml file for the new sensor in a directory with a different name than any previous sensor.

What's next

Go to the Discovery & automation tools > Sensors page in Trust Lifecycle Manager to view and manage your installed sensors.

Use your sensors to run network scans for discovery or to set up connectors for integrating remote devices and services into your Trust Lifecycle Manager environment.