Managing network agents

Updating network agents

Update to a new agent version

Windows
Linux Self-Extracting
Linux DNF ( RPM )
Linux APT ( DEB )
Docker

Log in to SCM.
From the left-hand menu, select About.
In the Network Agent Version row, click the Download Network Agent icon, and select Windows.
(Optional) If required, move the Sectigo_Network_Agent.exe file to the install location of the existing network agent.
Right-click Sectigo_Network_Agent.exe and click Install.

The package automatically recognizes that there’s an existing version of the network agent and initiates an update instead of a new install.
Read the EULA, select I agree to the license terms and conditions, and click Install.
Click Next.
Read the EULA, select I accept the terms in the License Agreement, and click Next.
(Optional) Specify an installation location.
Click Next, Install, and Close.
In SCM, navigate to the Network Agents page and verify that the agent is connected and showing the correct version.

Log in to SCM.
From the left-hand menu, select About.
In the Network Agent Version row, click the Download Network Agent icon, and select Linux Self-Extracting.
(Optional) If required, move the sectigo-network-agent.bin file to the install location of the existing network agent.
Give execute permission to the installer binary.
```
chmod +x sectigo-network-agent.bin
```

Run the installer.

sudo ./sectigo-network-agent.bin -- --upgrade

In SCM, navigate to the Network Agents page and verify that the agent is connected and showing the correct version.

Run the update package.
```
dnf update sectigo-network-agent
```
In SCM, navigate to the Network Agents page and verify that the agent is connected and showing the correct version.

Run the update package.

sudo apt-get update && sudo apt install --only-upgrade sectigo-network-agent

In SCM, navigate to the Network Agents page and verify that the agent is connected and showing the correct version.

Stop the Docker container.
```
docker stop sectigo-network-agent
```
Remove the old Docker container.
```
docker rm sectigo-network-agent
```

Pull the latest Docker container.

docker pull sectigoinc/networkagent:latest

Start the new Docker container.

docker run -d --name sectigo-network-agent -v /var/opt/network-agent-data:/base sectigoinc/networkagent:latest

In SCM, navigate to the Network Agents page and verify that the agent is connected and showing the correct version.

Update autoupdate settings

Autoupdate is only available on agent version 3.0 or later.

Windows ( CLI )
Linux Self-Extracting

In a command prompt, navigate to the network agent install location.
(Optional) View the current network agent configuration.
```
sectigona-config.exe autoupdate get
```
Update the network agent configuration.
Action Command
Disable autoupdate
sectigona-config.exe autoupdate disable
Enable autoupdate
sectigona-config.exe autoupdate enable

Action	Command
Disable `autoupdate`	`sectigona-config.exe autoupdate disable`
Enable `autoupdate`	`sectigona-config.exe autoupdate enable`

Restart the network agent service.

sc stop SectigoNetworkAgent

sc start SectigoNetworkAgent

Confirm the updated network agent configuration.
```
sectigona-config.exe autoupdate get
```

In a terminal, navigate to the network agent install location.
(Optional) View the current network agent configuration.
```
sudo sectigona-config autoupdate get
```
Update the network agent configuration.
Action Command
Disable autoupdate
sudo sectigona-config autoupdate disable
Enable autoupdate
sudo sectigona-config autoupdate enable

Action	Command
Disable `autoupdate`	`sudo sectigona-config autoupdate disable`
Enable `autoupdate`	`sudo sectigona-config autoupdate enable`

Restart the network agent service.

SysVinit Linux:

sudo service sectigo-network-agent restart

systemd Linux:

sudo systemctl restart sectigo-network-agent

Confirm the updated network agent configuration.
```
sudo sectigona-config autoupdate get
```

Update proxy server details

The supported proxy authentication schemes are the following:

Digest
NTLM (requires a domain to be provided)
Basic

Windows ( CLI )
Linux
Docker

To update the proxy server information for your existing network agent, do the following:

In a command prompt, navigate to the network agent install location.
(Optional) View the current network agent configuration.
```
sectigona-config.exe proxy get
```

Update the network agent configuration.

Action Command

Action	Command
Clear proxy settings	`sectigona-config.exe proxy set`
Set PAC URL	`sectigona-config.exe proxy set --pacurl <pac-url>`
Set proxy host and port without access credentials	`sectigona-config.exe proxy set --host <host> --port <port>`
Set proxy host and port with access credentials	`sectigona-config.exe proxy set --host <host> --port <port> --domain <domain> --user <username> --password <password>`

Clear proxy settings

sectigona-config.exe proxy set

Set PAC URL

sectigona-config.exe proxy set --pacurl <pac-url>

Set proxy host and port without access credentials

sectigona-config.exe proxy set --host <host> --port <port>

Set proxy host and port with access credentials

sectigona-config.exe proxy set --host <host> --port <port> --domain <domain> --user <username> --password <password>

The domain is only included if the proxy server uses NTLM authentication.

Restart the network agent service.

sc stop SectigoNetworkAgent

sc start SectigoNetworkAgent

Confirm the updated network agent configuration.
```
sectigona-config.exe proxy get
```

To update the proxy server information for your existing network agent, do the following:

In a terminal, navigate to the network agent install location.
(Optional) View the current network agent configuration.
```
sudo sectigona-config proxy get
```

Update the network agent configuration.

Action Command

Action	Command
Clear proxy settings	`sudo sectigona-config proxy set`
Set PAC URL	`sudo sectigona-config proxy set --pacurl <pac-url>`
Set proxy host and port without access credentials	`sudo sectigona-config proxy set --host <host> --port <port>`
Set proxy host and port with access credentials	`sudo sectigona-config proxy set --host <host> --port <port> --domain <domain> --user <username> --password <password>`

Clear proxy settings

sudo sectigona-config proxy set

Set PAC URL

sudo sectigona-config proxy set --pacurl <pac-url>

Set proxy host and port without access credentials

sudo sectigona-config proxy set --host <host> --port <port>

Set proxy host and port with access credentials

sudo sectigona-config proxy set --host <host> --port <port> --domain <domain> --user <username> --password <password>

The domain is only included if the proxy server uses NTLM authentication.

Restart the network agent service.

SysVinit Linux:

sudo service sectigo-network-agent restart

systemd Linux:

sudo systemctl restart sectigo-network-agent

Confirm the updated network agent configuration.
```
sudo sectigona-config proxy get
```

To update the proxy server information for your existing network agent, do the following:

(Optional) View the current network agent configuration.
```
docker exec sectigona-config proxy get
```

Update the network agent configuration.

Action Command

Action	Command
Clear proxy settings	`docker exec sectigona-config proxy set`
Set PAC URL	`docker exec sectigona-config proxy set --pacurl <pac-url>`
Set proxy host and port without access credentials	`docker exec sectigona-config proxy set --host <host> --port <port>`
Set proxy host and port with access credentials	`docker exec sectigona-config proxy set --host <host> --port <port> --domain <domain> --user <username> --password <password>`

Clear proxy settings

docker exec sectigona-config proxy set

Set PAC URL

docker exec sectigona-config proxy set --pacurl <pac-url>

Set proxy host and port without access credentials

docker exec sectigona-config proxy set --host <host> --port <port>

Set proxy host and port with access credentials

docker exec sectigona-config proxy set --host <host> --port <port> --domain <domain> --user <username> --password <password>

The domain is only included if the proxy server uses NTLM authentication.

Restart the docker container.

docker exec service sectigo-network-agent restart

Confirm the updated network agent configuration.
```
docker exec sectigona-config proxy get
```

Configuring credential stores

Sectigo network agents can be configured to utilize local or external credential stores for use when connecting to remote servers. Using a credential store enables you to securely store and manage credentials for remote servers without ever providing the credentials in SCM directly.

Sectigo network agents support the following credential stores:

Local
HashiCorp Vault
CyberArk Vault (via CyberArk Central Credential Provider)
Delinea Secret Server

Adding credential stores

Once a network agent has been installed, you can add a connection between the agent and a credential store.

Add a local credential store

Windows ( CLI )
Linux
Docker

A local credential store named sectigo-store is automatically created when you install a network agent. You can add additional credential stores as needed.

In a command prompt window, navigate to the network agent install location.
Modify the following command to include a --storename for your new local credential store.
```
sectigona-config.exe credstore add local --storename <store-name>
```
Run the modified installation command.

Once you have added a local credential store, you must add credentials before it can be used. For more information, see Adding credentials to a local credential store.

A local credential store named sectigo-store is automatically created when you install a network agent. You can add additional credential stores as needed.

In a terminal, navigate to the network agent install location.
Modify the following command to include a --storename for your new local credential store.
```
sudo sectigona-config credstore add local --storename <store-name>
```
Run the modified installation command.

Once you have added a local credential store, you must add credentials before it can be used. For more information, see Adding credentials to a local credential store.

A local credential store named sectigo-store is automatically created when you install a network agent. You can add additional credential stores as needed.

Modify the following command to include a --storename for your new local credential store.

docker exec sectigo-network-agent sectigona-config credstore add local --storename <store-name>

Run the modified installation command.

Once you have added a local credential store, you must add credentials before it can be used. For more information, see Adding credentials to a local credential store.

Add a HashiCorp Vault credential store

Windows ( CLI )
Linux
Docker

In a command prompt window, navigate to the network agent install location.

Modify one of the following commands based your preferred authentication method.

Token authentication:

sectigona-config.exe credstore add hashicorp --storename <store-name> --vaulturl <vault-url> --authtype Token --token <token> --rootpath <root-path> --verify <path-of-secret>

Option Description

Option	Description
`--storename`	The name of your HashiCorp Vault credential store.
`--vaulturl`	The URL of your HashiCorp Vault.
`--authtype`	The authentication type. Set this to `Token` for this method.
`--token`	The token for `Token` authentication.
`--rootpath`	The root path for the secret in the credential store.
`--verify`	(Optional) The path of the secret used to verify its existence.

--storename

The name of your HashiCorp Vault credential store.

--vaulturl

The URL of your HashiCorp Vault.

--authtype

The authentication type.

Set this to Token for this method.

--token

The token for Token authentication.

--rootpath

The root path for the secret in the credential store.

--verify

(Optional) The path of the secret used to verify its existence.

AppRoleSecret authentication:

sectigona-config.exe credstore add hashicorp --storename <store-name> --vaulturl <vault-url> --authtype AppRoleSecret --roleid <role-id> --secretid <secret-id> --appwrapped [Yes/No] --rootpath <root-path> --verify <path-of-secret>

Option Description

Option	Description
`--storename`	The name of your HashiCorp Vault credential store.
`--vaulturl`	The URL of your HashiCorp Vault.
`--authtype`	The authentication type. Set this to `AppRoleSecret` for this method.
`--roleid`	The HashiCorp AppRole `RoleID`. Required when `--authtype` is set to `AppRoleSecret` or `AppRoleFile`.
`--secretid`	The HashiCorp AppRole `SecretID`. Required when `--authtype` is set to `AppRoleSecret`.
`--appwrapped`	Whether the AppRole `SecretId` is token wrapped or not. Can be `Yes` or `No`. Required when `authtype` is set to `AppRoleSecret` or `AppRoleFile`.
`--rootpath`	The root path for the secret in the credential store.
`--verify`	(Optional) The path of the secret used to verify its existence.

--storename

The name of your HashiCorp Vault credential store.

--vaulturl

The URL of your HashiCorp Vault.

--authtype

The authentication type.

Set this to AppRoleSecret for this method.

--roleid

The HashiCorp AppRole RoleID.

Required when --authtype is set to AppRoleSecret or AppRoleFile.

--secretid

The HashiCorp AppRole SecretID.

Required when --authtype is set to AppRoleSecret.

--appwrapped

Whether the AppRole SecretId is token wrapped or not.

Can be Yes or No.

Required when authtype is set to AppRoleSecret or AppRoleFile.

--rootpath

The root path for the secret in the credential store.

--verify

(Optional) The path of the secret used to verify its existence.

AppRoleFile authentication:

sectigona-config.exe credstore add hashicorp --storename <store-name> --vaulturl <vault-url> --authtype AppRoleFile --roleid <role-id> --secretfile <secret-file> --appwrapped [Yes/No] --rootpath <root-path> --verify <path-of-secret>

Option Description

Option	Description
`--storename`	The name of your HashiCorp Vault credential store.
`--vaulturl`	The URL of your HashiCorp Vault.
`--authtype`	The authentication type. Set this to `AppRoleFile` for this method.
`--roleid`	The HashiCorp AppRole `RoleID`. Required when `--authtype` is set to `AppRoleSecret` or `AppRoleFile`.
`--secretfile`	The path of a file containing the HashiCorp AppRole `SecretID`. Required when `--authtype` is set to `AppRoleFile`.
`--appwrapped`	Whether the AppRole `SecretId` is token wrapped or not. Can be `Yes` or `No`. Required when `authtype` is set to `AppRoleSecret` or `AppRoleFile`.
`--rootpath`	The root path for the secret in the credential store.
`--verify`	(Optional) The path of the secret used to verify its existence.

--storename

The name of your HashiCorp Vault credential store.

--vaulturl

The URL of your HashiCorp Vault.

--authtype

The authentication type.

Set this to AppRoleFile for this method.

--roleid

The HashiCorp AppRole RoleID.

Required when --authtype is set to AppRoleSecret or AppRoleFile.

--secretfile

The path of a file containing the HashiCorp AppRole SecretID.

Required when --authtype is set to AppRoleFile.

--appwrapped

Whether the AppRole SecretId is token wrapped or not.

Can be Yes or No.

Required when authtype is set to AppRoleSecret or AppRoleFile.

--rootpath

The root path for the secret in the credential store.

--verify

(Optional) The path of the secret used to verify its existence.

Run the modified installation command.

Once you have added the credential store, you must add servers to the network agent and configure them to use the credential store. For more information, see Adding servers to the network agent.

In a terminal, navigate to the network agent install location.

Modify one of the following commands based your preferred authentication method.

Token authentication:

sudo sectigona-config credstore add hashicorp --storename <store-name> --vaulturl <vault-url> --authtype Token --token <token> --rootpath <root-path> --verify <path-of-secret>

Option Description

Option	Description
`--storename`	The name of your HashiCorp Vault credential store.
`--vaulturl`	The URL of your HashiCorp Vault.
`--authtype`	The authentication type. Set this to `Token` for this method.
`--token`	The token for `Token` authentication.
`--rootpath`	The root path for the secret in the credential store.
`--verify`	(Optional) The path of the secret used to verify its existence.

--storename

The name of your HashiCorp Vault credential store.

--vaulturl

The URL of your HashiCorp Vault.

--authtype

The authentication type.

Set this to Token for this method.

--token

The token for Token authentication.

--rootpath

The root path for the secret in the credential store.

--verify

(Optional) The path of the secret used to verify its existence.

AppRoleSecret authentication:

sudo sectigona-config credstore add hashicorp --storename <store-name> --vaulturl <vault-url> --authtype AppRoleSecret --roleid <role-id> --secretid <secret-id> --appwrapped [Yes/No] --rootpath <root-path> --verify <path-of-secret>

Option Description

Option	Description
`--storename`	The name of your HashiCorp Vault credential store.
`--vaulturl`	The URL of your HashiCorp Vault.
`--authtype`	The authentication type. Set this to `AppRoleSecret` for this method.
`--roleid`	The HashiCorp AppRole `RoleID`. Required when `--authtype` is set to `AppRoleSecret` or `AppRoleFile`.
`--secretid`	The HashiCorp AppRole `SecretID`. Required when `--authtype` is set to `AppRoleSecret`.
`--appwrapped`	Whether the AppRole `SecretId` is token wrapped or not. Can be `Yes` or `No`. Required when `authtype` is set to `AppRoleSecret` or `AppRoleFile`.
`--rootpath`	The root path for the secret in the credential store.
`--verify`	(Optional) The path of the secret used to verify its existence.

--storename

The name of your HashiCorp Vault credential store.

--vaulturl

The URL of your HashiCorp Vault.

--authtype

The authentication type.

Set this to AppRoleSecret for this method.

--roleid

The HashiCorp AppRole RoleID.

Required when --authtype is set to AppRoleSecret or AppRoleFile.

--secretid

The HashiCorp AppRole SecretID.

Required when --authtype is set to AppRoleSecret.

--appwrapped

Whether the AppRole SecretId is token wrapped or not.

Can be Yes or No.

Required when authtype is set to AppRoleSecret or AppRoleFile.

--rootpath

The root path for the secret in the credential store.

--verify

(Optional) The path of the secret used to verify its existence.

Run the modified installation command.

Once you have added the credential store, you must add servers to the network agent and configure them to use the credential store. For more information, see Adding servers to the network agent.

Modify one of the following commands based your preferred authentication method.

Token authentication:

docker exec sectigo-network-agent sectigona-config credstore add hashicorp --storename <store-name> --vaulturl <vault-url> --authtype Token --token <token> --rootpath <root-path> --verify <path-of-secret>

Option Description

Option	Description
`--storename`	The name of your HashiCorp Vault credential store.
`--vaulturl`	The URL of your HashiCorp Vault.
`--authtype`	The authentication type. Set this to `Token` for this method.
`--token`	The token for `Token` authentication.
`--rootpath`	The root path for the secret in the credential store.
`--verify`	(Optional) The path of the secret used to verify its existence.

--storename

The name of your HashiCorp Vault credential store.

--vaulturl

The URL of your HashiCorp Vault.

--authtype

The authentication type.

Set this to Token for this method.

--token

The token for Token authentication.

--rootpath

The root path for the secret in the credential store.

--verify

(Optional) The path of the secret used to verify its existence.

AppRoleSecret authentication:

docker exec sectigo-network-agent credstore add hashicorp --storename <store-name> --vaulturl <vault-url> --authtype AppRoleSecret --roleid <role-id> --secretid <secret-id> --appwrapped [Yes/No] --rootpath <root-path> --verify <path-of-secret>

Option Description

Option	Description
`--storename`	The name of your HashiCorp Vault credential store.
`--vaulturl`	The URL of your HashiCorp Vault.
`--authtype`	The authentication type. Set this to `AppRoleSecret` for this method.
`--roleid`	The HashiCorp AppRole `RoleID`. Required when `--authtype` is set to `AppRoleSecret` or `AppRoleFile`.
`--secretid`	The HashiCorp AppRole `SecretID`. Required when `--authtype` is set to `AppRoleSecret`.
`--appwrapped`	Whether the AppRole `SecretId` is token wrapped or not. Can be `Yes` or `No`. Required when `authtype` is set to `AppRoleSecret` or `AppRoleFile`.
`--rootpath`	The root path for the secret in the credential store.
`--verify`	(Optional) The path of the secret used to verify its existence.

--storename

The name of your HashiCorp Vault credential store.

--vaulturl

The URL of your HashiCorp Vault.

--authtype

The authentication type.

Set this to AppRoleSecret for this method.

--roleid

The HashiCorp AppRole RoleID.

Required when --authtype is set to AppRoleSecret or AppRoleFile.

--secretid

The HashiCorp AppRole SecretID.

Required when --authtype is set to AppRoleSecret.

--appwrapped

Whether the AppRole SecretId is token wrapped or not.

Can be Yes or No.

Required when authtype is set to AppRoleSecret or AppRoleFile.

--rootpath

The root path for the secret in the credential store.

--verify

(Optional) The path of the secret used to verify its existence.

AppRoleFile authentication:

docker exec sectigo-network-agent credstore add hashicorp --storename <store-name> --vaulturl <vault-url> --authtype AppRoleFile --roleid <role-id> --secretfile <secret-file> --appwrapped [Yes/No] --rootpath <root-path> --verify <path-of-secret>

Option Description

Option	Description
`--storename`	The name of your HashiCorp Vault credential store.
`--vaulturl`	The URL of your HashiCorp Vault.
`--authtype`	The authentication type. Set this to `AppRoleFile` for this method.
`--roleid`	The HashiCorp AppRole `RoleID`. Required when `--authtype` is set to `AppRoleSecret` or `AppRoleFile`.
`--secretfile`	The path of a file containing the HashiCorp AppRole `SecretID`. Required when `--authtype` is set to `AppRoleFile`.
`--appwrapped`	Whether the AppRole `SecretId` is token wrapped or not. Options are `Yes` or `No`. Required when `authtype` is set to `AppRoleSecret` or `AppRoleFile`.
`--rootpath`	The root path for the secret in the credential store.
`--verify`	(Optional) The path of the secret used to verify its existence.

--storename

The name of your HashiCorp Vault credential store.

--vaulturl

The URL of your HashiCorp Vault.

--authtype

The authentication type.

Set this to AppRoleFile for this method.

--roleid

The HashiCorp AppRole RoleID.

Required when --authtype is set to AppRoleSecret or AppRoleFile.

--secretfile

The path of a file containing the HashiCorp AppRole SecretID.

Required when --authtype is set to AppRoleFile.

--appwrapped

Whether the AppRole SecretId is token wrapped or not.

Options are Yes or No.

Required when authtype is set to AppRoleSecret or AppRoleFile.

--rootpath

The root path for the secret in the credential store.

--verify

(Optional) The path of the secret used to verify its existence.

Run the modified installation command.

Once you have added the credential store, you must add servers to the network agent and configure them to use the credential store. For more information, see Adding servers to the network agent.

Add a CyberArk Vault credential store

Windows ( CLI )
Linux
Docker

In a command prompt window, navigate to the network agent install location.

Modify one of the following commands based your preferred authentication method.

Machine address authentication:

sectigona-config.exe credstore add cyberark --storename <store-name> --appid <app-id> --ccpurl <ccp-url> --verify <query-string>

Option Description

Option	Description
`--storename`	The name of your CyberArk credential store.
`--appid`	The application ID for CyberArk authentication.
`--ccpurl`	The URL of your CyberArk Central Credential Provider.
`--verify`	(Optional) The query string of the secret used to verify its existence.

--storename

The name of your CyberArk credential store.

--appid

The application ID for CyberArk authentication.

--ccpurl

The URL of your CyberArk Central Credential Provider.

--verify

(Optional) The query string of the secret used to verify its existence.

Certificate authentication:

sectigona-config.exe credstore add cyberark --storename <store-name> --appid <app-id> --ccpurl <ccp-url>  --authcert <authcert-file-path> --certpass <password-of-authcert> --verify <query-string>

Option Description

Option	Description
`--storename`	The name of your CyberArk credential store.
`--appid`	The application ID for CyberArk authentication.
`--ccpurl`	The URL of your CyberArk Central Credential Provider.
`--authcert`	The file path for the authentication certificate.
`--certpass`	The password of the authentication certificate.
`--verify`	(Optional) The query string of the secret used to verify its existence.

--storename

The name of your CyberArk credential store.

--appid

The application ID for CyberArk authentication.

--ccpurl

The URL of your CyberArk Central Credential Provider.

--authcert

The file path for the authentication certificate.

--certpass

The password of the authentication certificate.

--verify

(Optional) The query string of the secret used to verify its existence.

Run the modified installation command.

Once you have added the credential store, you must add servers to the network agent and configure them to use the credential store. For more information, see Adding servers to the network agent.

In a terminal, navigate to the network agent install location.

Modify one of the following commands based your preferred authentication method.

Machine address authentication:

sudo sectigona-config credstore add cyberark --storename <store-name> --appid <app-id> --ccpurl <ccp-url> --verify <query-string>

Option Description

Option	Description
`--storename`	The name of your CyberArk credential store.
`--appid`	The application ID for CyberArk authentication.
`--ccpurl`	The URL of your CyberArk Central Credential Provider.
`--verify`	(Optional) The query string of the secret used to verify its existence.

--storename

The name of your CyberArk credential store.

--appid

The application ID for CyberArk authentication.

--ccpurl

The URL of your CyberArk Central Credential Provider.

--verify

(Optional) The query string of the secret used to verify its existence.

Certificate authentication:

sudo sectigona-config credstore add cyberark --storename <store-name> --appid <app-id> --ccpurl <ccp-url>  --authcert <authcert-file-path> --certpass <password-of-authcert> --verify <query-string>

Option Description

Option	Description
`--storename`	The name of your CyberArk credential store.
`--appid`	The application ID for CyberArk authentication.
`--ccpurl`	The URL of your CyberArk Central Credential Provider.
`--authcert`	The file path for the authentication certificate.
`--certpass`	The password of the authentication certificate.
`--verify`	(Optional) The query string of the secret used to verify its existence.

--storename

The name of your CyberArk credential store.

--appid

The application ID for CyberArk authentication.

--ccpurl

The URL of your CyberArk Central Credential Provider.

--authcert

The file path for the authentication certificate.

--certpass

The password of the authentication certificate.

--verify

(Optional) The query string of the secret used to verify its existence.

Run the modified installation command.

Once you have added the credential store, you must add servers to the network agent and configure them to use the credential store. For more information, see Adding servers to the network agent.

Modify one of the following commands based your preferred authentication method.

Machine address authentication:

docker exec sectigo-network-agent credstore add cyberark --storename <store-name> --appid <app-id> --ccpurl <ccp-url> --verify <query-string>

Option Description

Option	Description
`--storename`	The name of your CyberArk credential store.
`--appid`	The application ID for CyberArk authentication.
`--ccpurl`	The URL of your CyberArk Central Credential Provider.
`--verify`	(Optional) The query string of the secret used to verify its existence.

--storename

The name of your CyberArk credential store.

--appid

The application ID for CyberArk authentication.

--ccpurl

The URL of your CyberArk Central Credential Provider.

--verify

(Optional) The query string of the secret used to verify its existence.

Certificate authentication:

docker exec sectigo-network-agent credstore add cyberark --storename <store-name> --appid <app-id> --ccpurl <ccp-url>  --authcert <authcert-file-path> --certpass <password-of-authcert> --verify <query-string>

Option Description

Option	Description
`--storename`	The name of your CyberArk credential store.
`--appid`	The application ID for CyberArk authentication.
`--ccpurl`	The URL of your CyberArk Central Credential Provider.
`--authcert`	The file path for the authentication certificate.
`--certpass`	The password of the authentication certificate.
`--verify`	(Optional) The query string of the secret used to verify its existence.

--storename

The name of your CyberArk credential store.

--appid

The application ID for CyberArk authentication.

--ccpurl

The URL of your CyberArk Central Credential Provider.

--authcert

The file path for the authentication certificate.

--certpass

The password of the authentication certificate.

--verify

(Optional) The query string of the secret used to verify its existence.

Run the modified installation command.

Once you have added the credential store, you must add servers to the network agent and configure them to use the credential store. For more information, see Adding servers to the network agent.

Add a Delinea Secret Server credential store

Windows ( CLI )
Linux
Docker

In a command prompt window, navigate to the network agent install location.

Modify the add command as needed.

sectigona-config credstore add delinea-secret-server --storename <store-name> --url <server-url> --username <username> --password <password>  --verify <secret-id>

Option Description

Option	Description
`--storename`	The name of your Delinea Secret Server credential store.
`--url`	The URL of your Delinea Secret Server.
`--username`	The username for the user account used by the network agent to authenticate to the Secret Server.
`--password`	The password for the user account used by the network agent to authenticate to the Secret Server.
`--verify`	(Optional) The secret id used to verify its existence.

--storename

The name of your Delinea Secret Server credential store.

--url

The URL of your Delinea Secret Server.

--username

The username for the user account used by the network agent to authenticate to the Secret Server.

--password

The password for the user account used by the network agent to authenticate to the Secret Server.

--verify

(Optional) The secret id used to verify its existence.

Run the modified installation command.

Once you have added a local credential store, you must add credentials before it can be used. For more information, see Adding credentials to a local credential store.

In a terminal, navigate to the network agent install location.

Modify the add command as needed.

sudo sectigona-config credstore add delinea-secret-server --storename <store-name> --url <server-url> --username <username> --password <password>  --verify <secret-id>

Option Description

Option	Description
`--storename`	The name of your Delinea Secret Server credential store.
`--url`	The URL of your Delinea Secret Server.
`--username`	The username for the user account used by the network agent to authenticate to the Secret Server.
`--password`	The password for the user account used by the network agent to authenticate to the Secret Server.
`--verify`	(Optional) The secret id used to verify its existence.

--storename

The name of your Delinea Secret Server credential store.

--url

The URL of your Delinea Secret Server.

--username

The username for the user account used by the network agent to authenticate to the Secret Server.

--password

The password for the user account used by the network agent to authenticate to the Secret Server.

--verify

(Optional) The secret id used to verify its existence.

Run the modified installation command.

Once you have added a local credential store, you must add credentials before it can be used. For more information, see Adding credentials to a local credential store.

Modify the add command as needed.

docker exec sectigo-network-agent credstore add delinea-secret-server --storename <store-name> --url <server-url> --username <username> --password <password>  --verify <secret-id>

Option Description

Option	Description
`--storename`	The name of your Delinea Secret Server credential store.
`--url`	The URL of your Delinea Secret Server.
`--username`	The username for the user account used by the network agent to authenticate to the Secret Server.
`--password`	The password for the user account used by the network agent to authenticate to the Secret Server.
`--verify`	(Optional) The secret id used to verify its existence.

--storename

The name of your Delinea Secret Server credential store.

--url

The URL of your Delinea Secret Server.

--username

The username for the user account used by the network agent to authenticate to the Secret Server.

--password

The password for the user account used by the network agent to authenticate to the Secret Server.

--verify

(Optional) The secret id used to verify its existence.

Run the modified installation command.

Once you have added a local credential store, you must add credentials before it can be used. For more information, see Adding credentials to a local credential store.

Managing local credential stores

Unlike external credential stores, local credential stores are managed entirely through the network agent command line tool. Once a local store is created, you can add, update, or remove credentials as needed.

Add credentials to a local credential store

Windows ( CLI )
Linux
Docker

In a command prompt window, navigate to the network agent install location.

Modify the following command to include the mandatory --storename, --id, and --username with the appropriate accompanying credential option(s).

sectigona-config.exe credstore credentials add --storename <store-name> --id <id> --username <username> --password <password> --privatekeypath <private-key-path> --passphrase <passphrase>

Option Description

Option	Description
`--storename`	The name of your local credential store.
`--id`	The ID of the credential.
`--username`	The username for the credential.
`--password`	The password for the credential. Required if `--privatekeypath` is not provided.
`--privatekeypath`	The path to the private key for the credential. Required if `--password` is not provided.
`--passphrase`	The passphrase for the private key. Required if `--privatekeypath` is provided and configured with a passphrase.

--storename

The name of your local credential store.

--id

The ID of the credential.

--username

The username for the credential.

--password

The password for the credential.

Required if --privatekeypath is not provided.

--privatekeypath

The path to the private key for the credential.

Required if --password is not provided.

--passphrase

The passphrase for the private key.

Required if --privatekeypath is provided and configured with a passphrase.

Run the modified command.

In a terminal, navigate to the network agent install location.

Modify the following command to include the mandatory --storename, --id, and --username with the appropriate accompanying credential option(s).

sudo sectigona-config credstore credentials add --storename <store-name> --id <id> --username <username> --password <password> --privatekeypath <private-key-path> --passphrase <passphrase>

Option Description

Option	Description
`--storename`	The name of your local credential store.
`--id`	The ID of the credential.
`--username`	The username for the credential.
`--password`	The password for the credential. Required if `--privatekeypath` is not provided.
`--privatekeypath`	The path to the private key for the credential. Required if `--password` is not provided.
`--passphrase`	The passphrase for the private key. Required if `--privatekeypath` is provided and configured with a passphrase.

--storename

The name of your local credential store.

--id

The ID of the credential.

--username

The username for the credential.

--password

The password for the credential.

Required if --privatekeypath is not provided.

--privatekeypath

The path to the private key for the credential.

Required if --password is not provided.

--passphrase

The passphrase for the private key.

Required if --privatekeypath is provided and configured with a passphrase.

Run the modified command.

In a terminal, modify the following command to include the mandatory --storename, --id, and --username with the appropriate accompanying credential option(s).

docker exec sectigo-network-agent credstore credentials add --storename <store-name> --id <id> --username <username> --password <password> --privatekeypath <private-key-path> --passphrase <passphrase>

Option Description

Option	Description
`--storename`	The name of your local credential store.
`--id`	The ID of the credential.
`--username`	The username for the credential.
`--password`	The password for the credential. Required if `--privatekeypath` is not provided.
`--privatekeypath`	The path to the private key for the credential. Required if `--password` is not provided.
`--passphrase`	The passphrase for the private key. Required if `--privatekeypath` is provided and configured with a passphrase.

--storename

The name of your local credential store.

--id

The ID of the credential.

--username

The username for the credential.

--password

The password for the credential.

Required if --privatekeypath is not provided.

--privatekeypath

The path to the private key for the credential.

Required if --password is not provided.

--passphrase

The passphrase for the private key.

Required if --privatekeypath is provided and configured with a passphrase.

Run the modified command.

Update credentials in a local credential store

Windows ( CLI )
Linux
Docker

In a command prompt window, navigate to the network agent install location.

Modify the following command to include the mandatory --storename, --id, and the additional options you want to update.

sectigona-config.exe credstore credentials update --storename <store-name> --id <id> --username <username> --password <password> --privatekeypath <private-key-path> --passphrase <passphrase>

Option Description

Option	Description
`--storename`	The name of your local credential store.
`--id`	The ID of the credential.
`--username`	The username for the credential.
`--password`	The password for the credential.
`--privatekeypath`	The path to the private key for the credential.
`--passphrase`	The passphrase for the private key. Required if `--privatekeypath` is provided and configured with a passphrase that changed or hasn’t been provided.

--storename

The name of your local credential store.

--id

The ID of the credential.

--username

The username for the credential.

--password

The password for the credential.

--privatekeypath

The path to the private key for the credential.

--passphrase

The passphrase for the private key.

Required if --privatekeypath is provided and configured with a passphrase that changed or hasn’t been provided.

Run the modified command.

In a terminal, navigate to the network agent install location.

Modify the following command to include the mandatory --storename, --id, and the additional options you want to update.

sudo sectigona-config credstore credentials update --storename <store-name> --id <id> --username <username> --password <password> --privatekeypath <private-key-path> --passphrase <passphrase>

Option Description

Option	Description
`--storename`	The name of your local credential store.
`--id`	The ID of the credential.
`--username`	The username for the credential.
`--password`	The password for the credential.
`--privatekeypath`	The path to the private key for the credential.
`--passphrase`	The passphrase for the private key. Required if `--privatekeypath` is provided and configured with a passphrase that changed or hasn’t been provided.

--storename

The name of your local credential store.

--id

The ID of the credential.

--username

The username for the credential.

--password

The password for the credential.

--privatekeypath

The path to the private key for the credential.

--passphrase

The passphrase for the private key.

Required if --privatekeypath is provided and configured with a passphrase that changed or hasn’t been provided.

Run the modified command.

Modify the following command to include the mandatory --storename, --id, and the additional options you want to update.

docker exec sectigo-network-agent credstore credentials update --storename <store-name> --id <id> --username <username> --password <password> --privatekeypath <private-key-path> --passphrase <passphrase>

Option Description

Option	Description
`--storename`	The name of your local credential store.
`--id`	The ID of the credential.
`--username`	The username for the credential.
`--password`	The password for the credential.
`--privatekeypath`	The path to the private key for the credential.
`--passphrase`	The passphrase for the private key. Required if `--privatekeypath` is provided and configured with a passphrase that changed or hasn’t been provided.

--storename

The name of your local credential store.

--id

The ID of the credential.

--username

The username for the credential.

--password

The password for the credential.

--privatekeypath

The path to the private key for the credential.

--passphrase

The passphrase for the private key.

Required if --privatekeypath is provided and configured with a passphrase that changed or hasn’t been provided.

Run the modified command.

Remove credentials from a local credential store

Windows ( CLI )
Linux
Docker

In SCM, verify that the credentials you want to remove are not in use by an added server.
In a command prompt window, navigate to the network agent install location.
Modify the following command to include the --storename and --id of the credentials you want to remove.
```
sectigona-config.exe credstore credentials remove --storename <store-name> --id <id>
```
Option Description

--storename

The name of your local credential store.

--id

The ID of the credential.
Run the modified command

Option	Description
`--storename`	The name of your local credential store.
`--id`	The ID of the credential.

In SCM, verify that the credentials you want to remove are not in use by an added server.
In a terminal, navigate to the network agent install location.
Modify the following command to include the --storename and --id of the credentials you want to remove.
```
sudo sectigona-config credstore credentials remove --storename <store-name> --id <id>
```
Option Description

--storename

The name of your local credential store.

--id

The ID of the credential.
Run the modified command

Option	Description
`--storename`	The name of your local credential store.
`--id`	The ID of the credential.

In SCM, verify that the credentials you want to remove are not in use by an added server.
Modify the following command to include the --storename and --id of the credentials you want to remove.
```
docker exec sectigo-network-agent credstore credentials remove --storename <store-name> --id <id>
```
Option Description

--storename

The name of your local credential store.

--id

The ID of the credential.
Run the modified command

Option	Description
`--storename`	The name of your local credential store.
`--id`	The ID of the credential.

Updating credential stores

If required, you can update the connection between a network agent and an existing external credential store.

Update a HashiCorp Vault credential store

Windows ( CLI )
Linux
Docker

In a command prompt window, navigate to the network agent install location.

Modify the following command to include the mandatory --storename and any options you want to update.

sectigona-config.exe credstore update hashicorp --storename <store-name> --vaulturl <vault-url> --authtype <Token/AppRoleSecret/AppRoleFile> --token <token> --rootpath <root-path> --roleid <role-id> --secretid <secret-id> --secretfile <secret-file> --appwrapped <Yes/No> --verify <path-of-secret>

Option Description

--storename

The name of your HashiCorp Vault credential store.

Required for all authtype options.

--vaulturl

The URL of your HashiCorp Vault.

--authtype

The authentication type.

Set this to Token, AppRoleSecret, or AppRoleFile for the respective method.

If you are updating the authtype and the new type requires different parameters, you must provide the new parameters.

If you are updating the authtype and it reuses required parameters from the previous type that have not changed, you do not need to provide the parameters again.

--token

The token for Token authentication.

Required when authtype is set to Token.

--rootpath

The root path for the secret in the credential store.

--roleid

The HashiCorp AppRole RoleID.

Required when --authtype is set to AppRoleSecret or AppRoleFile.

--secretid

The HashiCorp AppRole SecretID.

Required when --authtype is set to AppRoleSecret.

--secretfile

The path of a file containing the HashiCorp AppRole SecretID.

Required when --authtype is set to AppRoleFile.

--appwrapped

Whether the AppRole SecretId is token wrapped or not.

Can be Yes or No.

Required when authtype is set to AppRoleSecret or AppRoleFile.

--verify

(Optional) The path of the secret used to verify its existence.

Required for all authtype options.

Run the modified installation command.

In a terminal, navigate to the network agent install location.

Modify the following command to include the mandatory --storename and any options you want to update.

sudo sectigona-config credstore update hashicorp --storename <store-name> --vaulturl <vault-url> --authtype <Token/AppRoleSecret/AppRoleFile> --token <token> --rootpath <root-path> --roleid <role-id> --secretid <secret-id> --secretfile <secret-file> --appwrapped <Yes/No> --verify <path-of-secret>

Option Description

--storename

The name of your HashiCorp Vault credential store.

Required for all authtype options.

--vaulturl

The URL of your HashiCorp Vault.

--authtype

The authentication type.

Set this to Token, AppRoleSecret, or AppRoleFile for the respective method.

If you are updating the authtype and the new type requires different parameters, you must provide the new parameters.

If you are updating the authtype and it reuses required parameters from the previous type that have not changed, you do not need to provide the parameters again.

--token

The token for Token authentication.

Required when authtype is set to Token.

--rootpath

The root path for the secret in the credential store.

--roleid

The HashiCorp AppRole RoleID.

Required when --authtype is set to AppRoleSecret or AppRoleFile.

--secretid

The HashiCorp AppRole SecretID.

Required when --authtype is set to AppRoleSecret.

--secretfile

The path of a file containing the HashiCorp AppRole SecretID.

Required when --authtype is set to AppRoleFile.

--appwrapped

Whether the AppRole SecretId is token wrapped or not.

Can be Yes or No.

Required when authtype is set to AppRoleSecret or AppRoleFile.

--verify

(Optional) The path of the secret used to verify its existence.

Required for all authtype options.

Run the modified installation command.

Modify the following command to include the mandatory --storename and any options you want to update.

docker exec sectigo-network-agent credstore update hashicorp --storename <store-name> --vaulturl <vault-url> --authtype <Token/AppRoleSecret/AppRoleFile> --token <token> --rootpath <root-path> --roleid <role-id> --secretid <secret-id> --secretfile <secret-file> --appwrapped <Yes/No> --verify <path-of-secret>

Option Description

--storename

The name of your HashiCorp Vault credential store.

Required for all authtype options.

--vaulturl

The URL of your HashiCorp Vault.

--authtype

The authentication type.

Set this to Token, AppRoleSecret, or AppRoleFile for the respective method.

If you are updating the authtype and the new type requires different parameters, you must provide the new parameters.

If you are updating the authtype and it reuses required parameters from the previous type that have not changed, you do not need to provide the parameters again.

--token

The token for Token authentication.

Required when authtype is set to Token.

--rootpath

The root path for the secret in the credential store.

--roleid

The HashiCorp AppRole RoleID.

Required when --authtype is set to AppRoleSecret or AppRoleFile.

--secretid

The HashiCorp AppRole SecretID.

Required when --authtype is set to AppRoleSecret.

--secretfile

The path of a file containing the HashiCorp AppRole SecretID.

Required when --authtype is set to AppRoleFile.

--appwrapped

Whether the AppRole SecretId is token wrapped or not.

Options are Yes or No.

Required when authtype is set to AppRoleSecret or AppRoleFile.

--verify

(Optional) The path of the secret used to verify its existence.

Required for all authtype options.

Run the modified installation command.

Update a CyberArk Vault credential store

Windows ( CLI )
Linux
Docker

In a command prompt window, navigate to the network agent install location.

Modify the following command to include the mandatory --storename and any options you want to update.

sectigona-config.exe credstore update cyberark --storename <store-name> --appid <app-id> --ccpurl <ccp-url>  --authcert <authcert-file-path> --certpass <password-of-authcert> --verify <query-string>

Option Description

--storename

The name of your CyberArk credential store.

--appid

The application ID for CyberArk authentication.

--ccpurl

The URL of your CyberArk Central Credential Provider.

--authcert

The file path for the authentication certificate.

--certpass

The password of the authentication certificate.

Required when authcert is used.

--verify

(Optional) The query string of the secret used to verify its existence.

Run the modified installation command.

In a terminal, navigate to the network agent install location.

Modify the following command to include the mandatory --storename and any options you want to update.

sudo sectigona-config credstore update cyberark --storename <store-name> --appid <app-id> --ccpurl <ccp-url>  --authcert <authcert-file-path> --certpass <password-of-authcert> --verify <query-string>

Option Description

--storename

The name of your CyberArk credential store.

--appid

The application ID for CyberArk authentication.

--ccpurl

The URL of your CyberArk Central Credential Provider.

--authcert

The file path for the authentication certificate.

--certpass

The password of the authentication certificate.

Required when authcert is used.

--verify

(Optional) The query string of the secret used to verify its existence.

Run the modified installation command.

Modify the following command to include the mandatory --storename and any options you want to update.

docker exec sectigo-network-agent credstore update cyberark --storename <store-name> --appid <app-id> --ccpurl <ccp-url>  --authcert <authcert-file-path> --certpass <password-of-authcert> --verify <query-string>

Option Description

--storename

The name of your CyberArk credential store.

--appid

The application ID for CyberArk authentication.

--ccpurl

The URL of your CyberArk Central Credential Provider.

--authcert

The file path for the authentication certificate.

--certpass

The password of the authentication certificate.

Required when authcert is used.

--verify

(Optional) The query string of the secret used to verify its existence.

Run the modified installation command.

Update a Delinea Secret Server credential store

Windows ( CLI )
Linux
Docker

In a command prompt window, navigate to the network agent install location.

Modify the following command to include the mandatory --storename and any options you want to update.

sectigona-config credstore update delinea-secret-server -storename <store-name> --url <server-url> --username <username> --password <password>  --verify <secret-id>

Option Description

--storename

The name of your Delinea Secret Server credential store.

--url

The URL of your Delinea Secret Server.

--username

The username for the user account used by the network agent to authenticate to the Secret Server.

--password

The password for the user account used by the network agent to authenticate to the Secret Server.

--verify

(Optional) The secret id used to verify its existence.

Run the modified installation command.

In a terminal, navigate to the network agent install location.

Modify the following command to include the mandatory --storename and any options you want to update.

sudo sectigona-config credstore update delinea-secret-server -storename <store-name> --url <server-url> --username <username> --password <password>  --verify <secret-id>

Option Description

--storename

The name of your Delinea Secret Server credential store.

--url

The URL of your Delinea Secret Server.

--username

The username for the user account used by the network agent to authenticate to the Secret Server.

--password

The password for the user account used by the network agent to authenticate to the Secret Server.

--verify

(Optional) The secret id used to verify its existence.

Run the modified installation command.

Modify the following command to include the mandatory --storename and any options you want to update.

docker exec sectigo-network-agent credstore update delinea-secret-server -storename <store-name> --url <server-url> --username <username> --password <password>  --verify <secret-id>

Option Description

--storename

The name of your Delinea Secret Server credential store.

--url

The URL of your Delinea Secret Server.

--username

The username for the user account used by the network agent to authenticate to the Secret Server.

--password

The password for the user account used by the network agent to authenticate to the Secret Server.

--verify

(Optional) The secret id used to verify its existence.

Run the modified installation command.

Viewing credential stores and credentials

View credential stores

Windows ( CLI )
Linux
Docker

In a command prompt window, navigate to the network agent install location.
View all credential stores associated with the network agent.
```
sectigona-config.exe credstore list
```

In a terminal, navigate to the network agent install location.
View all credential stores associated with the network agent.
```
sudo sectigona-config credstore list
```

View all credential stores associated with the network agent.
```
docker exec sectigo-network-agent credstore list
```

View credentials

Windows ( CLI )
Linux
Docker

In a terminal, navigate to the network agent install location.

View credentials in a specific credential store.

List all credentials from a local credential store.

sectigona-config.exe credstore credentials list --storename <store-name>

Get specific credentials from a credential store.

sectigona-config.exe credstore credentials get --storename <store-name> --id <id>

Option Description

--storename

The name of the credential store.

--id

The unique identifier of the credential.

CyberArk Vault — The ID is a set of key value pairs, separated by semicolons, that would typically go in a query parameter string used to retrieve a specific credential from the CyberArk Central Credential Provider.

The ID format should be similar to the following:
```
--id "<param1>=<value>;<param2>=<value>;..."
```
HashiCorp Vault — The ID is the path of the required secret in HashiCorp vault. This path is relative to the --rootpath specified when adding the credential store.
Delinea Secret Server — The ID is the unique Secret ID of the Delinea secret.
Local credential store — The ID is the unique identifying string of the credential in the local credential store.

In a terminal, navigate to the network agent install location.

View credentials in a specific credential store.

List all credentials in a specific local store.

sudo sectigona-config credstore credentials list --storename <store-name>

Get specific credentials from a credential store.

sudo sectigona-config credstore credentials get --storename <store-name> --id <id>

Option Description

--storename

The name of the credential store.

--id

The unique identifier of the credential.

CyberArk Vault — The ID is a set of key value pairs, separated by semicolons, that would typically go in a query parameter string used to retrieve a specific credential from the CyberArk Central Credential Provider.

The ID format should be similar to the following:
```
--id "<param1>=<value>;<param2>=<value>;..."
```
HashiCorp Vault — The ID is the path of the required secret in HashiCorp vault. This path is relative to the --rootpath specified when adding the credential store.
Delinea Secret Server — The ID is the unique Secret ID of the Delinea secret.
Local credential store — The ID is the unique identifying string of the credential in the local credential store.

View credentials in a specific credential store.

List all credentials in a specific local store.

docker exec sectigo-network-agent credstore credentials list --storename <store-name>

Get specific credentials from a credential store.

docker exec sectigo-network-agent credstore credentials get --storename <store-name> --id <id>

Option Description

--storename

The name of the credential store.

--id

The unique identifier of the credential.

CyberArk Vault — The ID is a set of key value pairs, separated by semicolons, that would typically go in a query parameter string used to retrieve a specific credential from the CyberArk Central Credential Provider.

The ID format should be similar to the following:
```
--id "<param1>=<value>;<param2>=<value>;..."
```
HashiCorp Vault — The ID is the path of the required secret in HashiCorp vault. This path is relative to the --rootpath specified when adding the credential store.
Delinea Secret Server — The ID is the unique Secret ID of the Delinea secret.
Local credential store — The ID is the unique identifying string of the credential in the local credential store.

Remove a credential store

Windows ( CLI )
Linux
Docker

In SCM, verify that the credential store you want to remove is not in use by an added server.
In a command prompt window, navigate to the network agent install location.
Modify the following command to include the mandatory --storename of the credential store you want to remove.
```
sectigona-config.exe credstore remove -storename <name>
```
The default local credential store sectigo-store cannot be removed.
Run the modified installation command.

In SCM, verify that the credential store you want to remove is not in use by an added server.
In a terminal, navigate to the network agent install location.
Modify the following command to include the mandatory --storename of the credential store you want to remove.
```
sudo sectigona-config credstore remove -storename <name>
```
The default local credential store sectigo-store cannot be removed.
Run the modified installation command.

In SCM, verify that the credential store you want to remove is not in use by an added server.
Modify the following command to include the mandatory --storename of the credential store you want to remove.
```
docker exec sectigo-network-agent credstore remove -storename <name>
```
The default local credential store sectigo-store cannot be removed.
Run the modified installation command.

Uninstall a network agent

Windows
Linux Self-Extracting
Linux APT ( DEB )
Linux DNF ( RPM )

Navigate to Settings Apps & features.
Search for Sectigo Network Agent.
Select the Sectigo Network Agent and click Uninstall.
(Optional) Delete the files and logs associated with the network agent.
1. Navigate to C:\ProgramData\Sectigo.
2. Delete the Network Agent folder.
  
  This cannot be undone. Only delete this folder if you want to completely remove all files and logs related to the agent.
In SCM, navigate to Integrations Network Agents.
Select the agent you want to delete.
Click the Delete icon.
Click Delete again.

Stop the network agent service.
```
sudo service sectigo-network-agent stop
```
Navigate to the /etc/init.d directory.
Delete the sectigo-network-agent directory.
Delete the network agent installation files.
1. Navigate to the /opt directory.
2. Delete the sectigo-network-agent directory.
(Optional) Delete the files and logs associated with the network agent.
1. Navigate to the /var/opt directory.
2. Delete the sectigo-network-agent directory.
  
  This cannot be undone. Only delete this directory if you want to completely remove all files and logs related to the agent.
In SCM, navigate to Integrations Network Agents.
Select the agent you want to delete.
Click Delete.
Click Delete again.

Remove the network agent.
```
sudo apt remove sectigo-network-agent
```

Remove the JRE.

sudo apt remove sectigo-network-agent-jre

(Optional) Delete the files and logs associated with the network agent.
1. Navigate to the /var/opt directory.
2. Delete the sectigo-network-agent directory.
  
  This cannot be undone. Only delete this directory if you want to completely remove all files and logs related to the agent.
In SCM, navigate to Integrations Network Agents.
Select the agent you want to delete.
Click Delete.
Click Delete again.

Remove the network agent.
```
sudo dnf remove sectigo-network-agent
```

Remove the JRE.

sudo dnf remove sectigo-network-agent-jre

(Optional) Delete the files and logs associated with the network agent.
1. Navigate to the /var/opt directory.
2. Delete the sectigo-network-agent directory.
  
  This cannot be undone. Only delete this directory if you want to completely remove all files and logs related to the agent.
In SCM, navigate to Integrations Network Agents.
Select the agent you want to delete.
Click Delete.
Click Delete again.

Network agent service commands

Windows
Linux ( SysVinit )
Linux ( systemd )

Command Description

Start

Start a network agent:

sc start SectigoNetworkAgent

Stop

Stop a network agent:

sc stop SectigoNetworkAgent

Query

Query the status of a network agent:

sc query SectigoNetworkAgent

Command Description

Start

Start a network agent:

sudo service sectigo-network-agent start

Stop

Stop a network agent:

sudo service sectigo-network-agent stop

Restart

Restart a network agent:

sudo service sectigo-network-agent restart

Status

Query the status of a network agent:

sudo service sectigo-network-agent status

Command Description

Start

Start a network agent:

sudo systemctl start sectigo-network-agent

Stop

Stop a network agent:

sudo systemctl stop sectigo-network-agent

Restart

Restart a network agent:

sudo systemctl restart sectigo-network-agent

Status

Query the status of a network agent:

sudo systemctl status sectigo-network-agent