Understanding PKS agents

The PKS agent enables you to securely archive and back up the private keys of SSL/TLS certificates. Once a private key is stored in the PKS, you can download the certificate in .p12 format.

Additionally, the PKS simplifies SSL/TLS certificate renewal. When a certificate with a private key managed by the PKS is renewed, SCM automatically retrieves the existing CSR from the PKS and issues a new certificate. A new private key is generated for this new certificate and is retained in the PKS.

Private keys can be uploaded to the PKS in one of the following ways:

  • Auto generation of CSR — When enrolling for a certificate through the built-in enrollment wizard, you can select Auto generation of CSR to instruct the PKS agent to generate a CSR and a key pair with your selected signature algorithm and key size. The agent stores the private key and uploads only the CSR to SCM.

    For instructions on enrolling certificates with an active PKS agent, see section Automatic generation of CSR in the Sectigo Certificate Manager administrator’s guide.
  • Manual upload — Using the Certificate Details dialog, you can upload the private key of any SCM-managed certificate that doesn’t have a corresponding private key in the PKS. SCM instructs the PKS agent to save a copy of the key and then SCM deletes its own copy.

PKS agents can be managed on the Integrations  Private Key Agent page.

Private Key Agent page

The following table describes the controls on the Private Key Agent page.

Control Description

Download Agent

Opens the Download dialog where you can download an agent for your OS


Refreshes the information presented on the page

Private Key Store controls


Opens the Edit Agent Hostname/IP Address dialog where you can change the hostname or IP address for the agent


Opens the Commands dialog where you can view commands executed by the PKS agent

View Audit

Opens the Private Key Agent Audit dialog where you can view or download audit logs

Backup controls


Initiates an on-demand backup of the private keys


Opens the Restore Existing Private Keys Store From Backup dialog where you can provide your SFTP information to restore the PKS from the latest backup


Opens the Backup Settings dialog where you can edit SFTP details and backup frequency