系统及网络要求
在安装 DigiCert ACME 自动化代理之前,确认您的系统和网络满足最低要求。
代理必须和自动化的 TLS/SSL 证书安装在相同的系统上。
系统要求
符合以下要求,ACME 代理软件才能在 Linux 和 Windows 系统上运行:
Server type | Supported OS versions | Minimum specifications |
|---|---|---|
Windows |
|
|
Linux |
|
|
网络要求
The DigiCert agent on each host must be able to resolve the fully qualified domain names (FQDNs) for the local web server, either via DNS or a local "hosts" file.
出站连接到 HTTPS(端口 443)。
Region
Platform URLs1
TCP port
Protocol
Americas (U.S.A.)
one.digicert.com,clientauth.one.digicert.com443
HTTPS
APJ (Japan)
one.digicert.co.jp,clientauth.one.digicert.co.jp443
HTTPS
EMEA (Netherlands)
one.nl.digicert.com,clientauth.one.nl.digicert.com443
HTTPS
EMEA (Switzerland)
one.ch.digicert.com,clientauth.one.ch.digicert.com443
HTTPS
1. For users with an on-premises DigiCert ONE deployment, the agent needs to access port 443 (HTTPS) on the local DigiCert ONE instance and ClientAuth host (for example, my-org.one.digicert.com and my-org.clientauth.digicert.com).
In addition, the agent requires outbound access to the below host for Trust Lifecycle Manager discovery and automation services:
Region
URL
TCP port
Protocol
All regions
automation-service.digicert.com1443
HTTPS
1. This service is delivered through a content distribution network (CDN) and the IP addresses may vary by region. If your organization uses IP-based allowlists, look up the automation-service.digicert.com host in your local region to determine which IP addresses to allow.
注意
If using a local DigiCert® sensor as proxy, the agent must also be able to connect outbound to the proxy listening port on the sensor. To learn more, see Use a sensor as a proxy server.
What's next
To install an agent on a single server, see: Install and activate a DigiCert agent.
To bulk install agents on multiple servers at once, see: Install DigiCert agents in silent mode.
If your organization has a private on-premises instance of DigiCert ONE, make sure you meet the additional requirements to use DigiCert agents for certificate lifecycle automation.