在安装 DigiCert ACME 自动化代理之前,确认您的系统和网络满足最低要求。
重要
To avoid conflicts, do not install a DigiCert sensor and agent on the same system. Use a dedicated host for the sensor.
符合以下要求,ACME 代理软件才能在 Linux 和 Windows 系统上运行:
Server type | Supported OS versions | Minimum specifications |
|---|---|---|
Windows |
|
|
Linux |
|
|
The DigiCert agent on each host must be able to resolve the fully qualified domain names (FQDNs) for the local web server, either via DNS or a local "hosts" file.
出站连接到 HTTPS(端口 443)。
Region
Platform URLs1
TCP port
Protocol
Americas (U.S.A.)
one.digicert.com,clientauth.one.digicert.com443
HTTPS
APJ (Japan)
one.digicert.co.jp,clientauth.one.digicert.co.jp443
HTTPS
EMEA (Netherlands)
one.nl.digicert.com,clientauth.one.nl.digicert.com443
HTTPS
EMEA (Switzerland)
one.ch.digicert.com,clientauth.one.ch.digicert.com443
HTTPS
1. For users with an on-premises DigiCert ONE deployment, the agent needs to access port 443 (HTTPS) on the local DigiCert ONE instance and ClientAuth host (for example, my-org.one.digicert.com and my-org.clientauth.digicert.com).
In addition, the agent requires outbound access to the below host for Trust Lifecycle Manager discovery and automation services:
Region
URL
TCP port
Protocol
All regions
automation-service.digicert.com1443
HTTPS
1. This service is delivered through a content distribution network (CDN) and the IP addresses may vary by region. If your organization uses IP-based allowlists, look up the automation-service.digicert.com host in your local region to determine which IP addresses to allow.
注意
If using a local DigiCert® sensor as proxy, the agent must also be able to connect outbound to the proxy listening port on the sensor. To learn more, see Use a sensor as a proxy server.
To support automated certificate delivery, the agent binds to the following loopback port(s) on the local host. To adjust the loopback port numbers for an installed agent, edit the applicable configuration file/parameter in the agent conf sub-directory and restart the agent service.
Loopback port | Description | Agent conf file | Configuration parameter |
|---|---|---|---|
58080 | Local communications port for the plugin manager process used to manage certificate delivery events for Trust Lifecycle Manager. | config.toml | |
61613 | Local communications port for Simple (or Streaming) Text Oriented Messaging Protocol (STOMP). Used for message queuing between the main agent process and the plugin manager process. | config.toml | |
To install an agent on a single server, see: Install and activate a DigiCert agent.
To bulk install agents on multiple servers at once, see: Install DigiCert agents in silent mode.
If your organization has a private on-premises instance of DigiCert ONE, make sure you meet the additional requirements to use DigiCert agents for certificate lifecycle automation.