In CertCentral, in the sidebar menu, click Discovery > Manage Discovery.
On the Manage scans page, click Add sensor.
On the Set up a sensor page, under step 1 Download a discovery sensor in the Docker section, click Download.
Save the Docker Compose file (digicert_sensor_docker-compose.yml) in your system. Make sure to note the location.
Create the installation directory.
And copy the digicert_sensor_docker-compose.yml file in the installation directory.
Open the digicert_sensor_docker-compose.yml file in a text editor.
Edit the file to provide the information for the following parameters to configure the sensor:
Save the file.
The digicert_sensor_docker-compose.yml file looks like this:
# # To install a sensor # https://docs.digicert.com/certificate-tools/discovery-user-guide/installing-sensor/docker-install-sensor/ # Sensor installation requirements # https://docs.digicert.com/certificate-tools/discovery-user-guide/sensor-installation-requirements/#docker-engine-190313-and-later version: '3.7' services: sensor: image: digicertinc/digicert-sensor:latest ports: - "8088:8080" volumes: - "./sensor_home/:/usr/local/digicert/sensor/mounts/" entrypoint: > /usr/local/digicert/sensor/start.sh -u username -p passsword -d "divisionName" -s sensorName stop_grace_period: 30s
|Version||Docker Compose version.|
|Service||This section defines the sensor container created on your host server.|
|Image||This section specifies the docker image repository/image name and its version tag.|
This section defines the ports mapped between the host server and the docker container for communication.
Note: Each sensor must be configured with different ports and all the ports must be mapped to communicate outside the sensor container.
Here, the docker sensor container is configured to port 8080. But it cannot communicate with the host server (external system) that is configured to port 8088. To establish communication between the host server and docker container, these ports need to be mapped.
If you’re running multiple docker sensor containers, the exposed port 8080 allows these containers to establish communication with each other. But if an Agent or an external system wants to establish communication, they need to be mapped with the port 8088.
This section defines the directories mounted to the docker container.
Here, host directory "./sensor_home/" is being mounted to the docker container "/usr/local/digicert/sensor/mounts/" directory.
Directories mounted to the docker sensor container allow you to access and manage the data associated with the sensor from outside the docker container.
If you’re running multiple docker sensor containers, mounted directories allow you to access, share, and manage the sensor's data through common storage outside the containers.
Note: The host directory (install_dir) stores all the data associated with the sensor–configuration file, log file, and sensor data.
|Username||Username of the CertCentral account.|
|Password||Password of the CertCentral account.|
|Division name||Name of the division you want to assign the sensor to.|
|Sensor name||Friendly name of the sensor.|
|Stop grace period||Specifies the period of time to wait to stop a docker container.|
Username, Password, Division name, and Sensor name information are used to provision a sensor to a CertCentral account.
Now that the sensor is installed on your system:
Go to the sensor installation directory (for example,
install_dir ) and run the
docker-compose -f digicert_sensor_docker-compose.yml up -d command to create and start the sensor container.
Verify sensor installation:
docker ps | grep sensoror
docker-compose -f digicert_sensor_docker-compose.yml logs -fcommand.
You're ready to set up and run a scan using this sensor. See Set up and run a scan.
If you're using multiple sensors, rename the sensors to make tracking and identification easier. See Rename the sensor.