Skip to main content

Configure agents

From the DigiCert​​®​​ Trust Lifecycle Manager Discovery & automation tools > Agents page, select an agent by name to view the details page for it.

Select the pencil (edit) icon on the right side of the agent details page to update the agent configuration.

Agent configuration sections

Configure options in the following sections to enable certificate lifecycle automation and control how the agent operates.

Edit agent details

  • Agent name: Assign a user-friendly name for referencing the agent.

  • Business unit: Assign the agent to a business unit.

  • Group: Assign the agent to an agent group.

Server Name Indication (SNI)

If your web server uses SNI, enable it here so the agent can discover and automate the SNI certificates.

To enable SNI for the agent, toggle it On and select one of the following options for how the agent will learn the SNI domains:

  • Enter manually: Enter the SNI domains manually in the input box provided. Type in each FQDN and press Enter to add it.

  • Server-side script: Select an available SNI information script to learn the SNI domains dynamically. See Agent scripts.

重要

After updating the SNI configuration, run the Refresh configuration action on the agent to force activation of the SNI domains and discover any existing SNI certificates for them. Otherwise, the updated SNI domains won't become active until the agent runs its daily refresh operation.

IP/port targets

Configure managed automation for IP/ports on the local server:

  • To enable agent-based certificate lifecycle automation on a port, select the application running there and optionally select the application version.

  • To automate certificates for a custom application, select Custom for the application and select a custom automation script. See 为托管自动化设置自定义应用程序.

  • If you do not want to use the agent to manage certificates on a port, leave the application unselected.

Pre/post-install scripts

Configure custom scripts to run before or after an automation event, per web server application.

To learn more, see Assign scripts to an agent.

Post-install service restart

Control whether the agent restarts the web server application after installing a certificate:

  • On: The web server application gets automatically restarted so the newly installed certificate can be activated and validated.

  • Off: During an automation event, you will need to manually restart the web server application and select the option to validate the installation.

Admin request delivery location

Enter the full pathname of the directory to deliver certificates to on the agent host system when using the admin web request enrollment method. If you do not provide a value here, certificates get delivered to the .secrets sub-directory within the agent installation directory by default.

Advanced settings

Configure the heartbeat interval this agent uses to sync with DigiCert​​®​​ Trust Lifecycle Manager. Default is 30 seconds.

Email notification recipients

Add, select, or deselect users who receive email notifications about this agent.

重要

Select the Update button at bottom to save any configuration changes you made for the DigiCert agent.

Global agent settings

To configure global settings that apply to all your DigiCert agents, select Account > Settings > Automation from the Trust Lifecycle Manager main menu. From there you can:

  • Enable or disable the manual approval process for deploying new agents.

  • Specify blocked port numbers where certificate automation is disabled, based on the agent operating system.