Sectigo.com
Shop Enterprise Partners Resources

Installing PKS agents

Installation requirements

To install a PKS agent, the following requirements must be satisfied:

  • Windows

  • Linux

Component Value

OS version

Windows 2008 or later

Outbound port

TCP: 443

Inbound port

TCP: 9091
Component Value

OS version

  • CentOS/RHEL 6.x, 7.x

  • Debian 8 (Jessie), 9 (Stretch)

  • Ubuntu LTS 14.04, 16.04, 18.04

Outbound port

TCP: 443

Inbound port

TCP: 9091

Add a private key agent to SCM

  1. Navigate to Integrations  Private Key Agent, and click Download Agent.

    Download PKS agent

  2. Select your operating system.

  3. Click Download.

The agent should now be listed on the Private Key Agent page with a status of Pending.

Install a private key agent

  • Windows

  • Linux Self-Extracting

  1. Right-click the setup file and select Run as Administrator.

  2. Read the EULA, accept the terms of use by selecting I accept the agreement, then click Next.

  3. Review the installation location and click Install.

  4. Click Finish.

  1. Give execute permission to the installer binary.

    chmod +x ccmpkcontrollerinstall-amd64.bin

  2. Run the installer.

    sudo ./ccmpkcontrollerinstall-amd64.bin

  3. Accept the EULA.

The agent should now be listed on the Private Key Agent page with a status of Connected.

Once connected to SCM you should confirm the Agent Hostname/IP Address listed in SCM. This value is used to connect to the private key agent when a user wants to download a private key. Switch to a more consistent hostname if the default value might change or be unreachable.

Uninstall a PKS agent

  • Windows

  • Linux Self-Extracting

This cannot be undone. If you uninstall the PKS agent all stored private keys will be lost.

  1. Navigate to Settings  Apps & features.

  2. Search for CCM.

  3. Select the CCMPkController and click Uninstall.

This cannot be undone. If you uninstall the PKS agent all stored private keys will be lost.

  1. Stop the PKS agent service.

    sudo service ccmpkcontroller stop

  2. Navigate to the /etc/init.d directory.

  3. Delete the ccmpkcontroller file.

  4. (Optional) Delete the PKS agent installation files and key store.

    1. Navigate to the /opt/comodo directory.

    2. Delete the ccmpkcontroller directory.

Configure proxy server

If the use of an HTTPS proxy server is required in your organization, you must configure the agents.properties file to enable communication between your agent and SCM.

You can configure an agent for use with an HTTPS proxy server as follows:

  1. Open your agents.properties file.

    For example, the path for a network agent might be Windows(C:)/Program Files (x86)/COMODO/CCMExtraAgent/conf/agent.properties

  2. Specify your proxy settings based on the information in the following table.

    Parameter Description

    proxy.pacurl

    The address of your proxy auto-config (PAC)

    This file contains your proxy configuration details and can be used instead of manually entering the values.

    proxy.host

    The hostname or IP address of your proxy server

    proxy.port

    The port number used by your proxy server

    proxy.user

    The username for accessing the proxy server if configured to use credentials

    proxy.password

    The password for accessing the proxy server if configured to use credentials

  3. Save the file.

  4. Restart the agent using the certsrv.mcs snap-in.