Understanding private key agents

The private key agent enables you to securely archive and back up the private keys of SSL/TLS certificates to a supported private key store (PKS). Once a private key is stored in the PKS, you can download the certificate in .p12, .jks, and .pem formats.

Additionally, the private key agent simplifies SSL/TLS certificate renewal. When a certificate with a private key contained in a PKS is renewed, SCM automatically retrieves the existing CSR and issues a new certificate. A new private key is generated for this new certificate and is retained in the PKS.

Private keys can be uploaded to the PKS in one of the following ways:

Auto generation of CSR — When enrolling for a certificate through the built-in enrollment wizard, you can select Auto generation of CSR to instruct the private key agent to generate a CSR and a key pair with your selected signature algorithm and key size. The private key agent stores the private key and uploads only the CSR to SCM.

For instructions on enrolling certificates with an active private key agent, see section 3.2.3.2.2 Automatic generation of CSR in the Sectigo Certificate Manager administrator’s guide.
Manual upload — Using the Certificate Details dialog, you can upload the private key of any SCM-managed certificate that doesn’t have a corresponding private key in the PKS. SCM instructs the private key agent to save a copy of the key and then SCM deletes its own copy.

Private key agents can be managed on the Integrations Private Key Agent page.

The following table describes the controls on the Private Key Agent page.

Control	Description
Private Key Store controls
Add	Adds a new private key agent with a unique installation token and package download links
Refresh	Refreshes the information presented on the page
Edit	Opens the Edit Agent Hostname/IP Address dialog where you can change the hostname or IP address for the private key agent
Commands	Opens the Commands dialog where you can view commands executed by the private key agent
View Audit	Opens the Private Key Agent Audit dialog where you can view or download audit logs
Backup controls
Backup	Initiates an on-demand backup of the private keys
Restore	Opens the Restore Existing Private Keys Store From Backup dialog where you can provide your SFTP information to restore private keys from the latest backup
Edit	Opens the Backup Settings dialog where you can edit SFTP details and backup frequency

Control

Description

Private Key Store controls

Add

Adds a new private key agent with a unique installation token and package download links

Refresh

Refreshes the information presented on the page

Edit

Opens the Edit Agent Hostname/IP Address dialog where you can change the hostname or IP address for the private key agent

Commands

Opens the Commands dialog where you can view commands executed by the private key agent

View Audit

Opens the Private Key Agent Audit dialog where you can view or download audit logs

Backup controls

Backup

Initiates an on-demand backup of the private keys

Restore

Opens the Restore Existing Private Keys Store From Backup dialog where you can provide your SFTP information to restore private keys from the latest backup

Edit

Opens the Backup Settings dialog where you can edit SFTP details and backup frequency