Understanding PKS agents

The PKS agent enables you to securely archive and back up the private keys of SSL/TLS certificates. Once a private key is stored in the PKS, you can download the certificate in .p12 format.

Additionally, the PKS simplifies SSL/TLS certificate renewal. When a certificate with a private key managed by the PKS is renewed, SCM automatically retrieves the existing CSR from the PKS and issues a new certificate. A new private key is generated for this new certificate and is retained in the PKS.

Private keys can be uploaded to the PKS in one of the following ways:

Auto generation of CSR — When enrolling for a certificate through the built-in enrollment wizard, you can select Auto generation of CSR to instruct the PKS agent to generate a CSR and a key pair with your selected signature algorithm and key size. The agent stores the private key and uploads only the CSR to SCM.

For instructions on enrolling certificates with an active PKS agent, see section 3.2.3.2.2 Automatic generation of CSR in the Sectigo Certificate Manager administrator’s guide.
Manual upload — Using the Certificate Details dialog, you can upload the private key of any SCM-managed certificate that doesn’t have a corresponding private key in the PKS. SCM instructs the PKS agent to save a copy of the key and then SCM deletes its own copy.

PKS agents can be managed on the Integrations Private Key Agent page.

The following table describes the controls on the Private Key Agent page.

Control	Description
Download Agent	Opens the Download dialog where you can download an agent for your OS
Refresh	Refreshes the information presented on the page
Private Key Store controls
Edit	Opens the Edit Agent Hostname/IP Address dialog where you can change the hostname or IP address for the agent
Commands	Opens the Commands dialog where you can view commands executed by the PKS agent
View Audit	Opens the Private Key Agent Audit dialog where you can view or download audit logs
Backup controls
Backup	Initiates an on-demand backup of the private keys
Restore	Opens the Restore Existing Private Keys Store From Backup dialog where you can provide your SFTP information to restore the PKS from the latest backup
Edit	Opens the Backup Settings dialog where you can edit SFTP details and backup frequency

Control

Description

Download Agent

Opens the Download dialog where you can download an agent for your OS

Refresh

Refreshes the information presented on the page

Private Key Store controls

Edit

Opens the Edit Agent Hostname/IP Address dialog where you can change the hostname or IP address for the agent

Commands

Opens the Commands dialog where you can view commands executed by the PKS agent

View Audit

Opens the Private Key Agent Audit dialog where you can view or download audit logs

Backup controls

Backup

Initiates an on-demand backup of the private keys

Restore

Opens the Restore Existing Private Keys Store From Backup dialog where you can provide your SFTP information to restore the PKS from the latest backup

Edit

Opens the Backup Settings dialog where you can edit SFTP details and backup frequency