Understanding private key agents

The private key agent enables you to securely archive and back up the private keys of SSL/TLS certificates to a supported private key store (PKS). Once a private key is stored in the PKS, you can download the certificate in .p12, .jks, and .pem formats.

Additionally, the private key agent simplifies SSL/TLS certificate renewal. When a certificate with a private key contained in a PKS is renewed, SCM automatically retrieves the existing CSR and issues a new certificate. A new private key is generated for this new certificate and is retained in the PKS.

Private keys can be uploaded to the PKS in one of the following ways:

  • Auto generation of CSR — When enrolling for a certificate through the built-in enrollment wizard, you can select Auto generation of CSR to instruct the private key agent to generate a CSR and a key pair with your selected signature algorithm and key size. The private key agent stores the private key and uploads only the CSR to SCM.

    For instructions on enrolling certificates with an active private key agent, see section 3.2.3.2.2 Automatic generation of CSR in the Sectigo Certificate Manager administrator’s guide.
  • Manual upload — Using the Certificate Details dialog, you can upload the private key of any SCM-managed certificate that doesn’t have a corresponding private key in the PKS. SCM instructs the private key agent to save a copy of the key and then SCM deletes its own copy.

Private key agents can be managed on the Integrations  Private Key Agent page.

Private Key Agent page

The following table describes the controls on the Private Key Agent page.

Control Description

Private Key Store controls

Add

Adds a new private key agent with a unique installation token and package download links.

Edit

Opens the Edit Agent Hostname/IP Address dialog where you can change the hostname or IP address for the private key agent.

Commands

Opens the Commands dialog where you can view commands executed by the private key agent.

View Audit

Opens the Private Key Agent Audit dialog where you can view or download audit logs.

Other controls

Refresh

Refreshes the information presented on the page.

Backup controls

Backup

Initiates an on-demand backup of the private keys.

Restore

Opens the Restore Existing Private Keys Store From Backup dialog where you can provide your SFTP information to restore private keys from the latest backup.

Edit

Opens the Backup Settings dialog where you can edit SFTP details and backup frequency.