F5 Renewal Agent Integration Guide

Prerequisites

To get the F5 Renewal Agent working smoothly with your deployed instance of CertSecure Manager, you’ll need a few key things.

  1. Administrative privileges

    You must be logged in as a local administrator on the target machine where you want to install the agent.

  2. F5 Account with Advanced Shell access

    To set up the renewal agent you also need a F5 account with advanced shell access permission.

    Steps:

    1. Navigate to the User List
      • Login to F5 as an Admin.
      • On the left sidebar, click on System.
      • Go to Users and then User List.
    2. Create an account with the required permissions

      Provide the required details and select Advanced Shell from the dropdown menu for Terminal Access and click on Finished.

      Advanced Shell
  3. Connectivity

    CertSecure Manager must be accessible from the machine running the webserver. To validate, try visiting https://your-certsecure-backend-url/check using a browser.

    You must also be able to SSH into your deployed F5 instance from the target machine; therefore, ensure that port 22 is open and accessible.

Installation

After confirming the prerequisites, you can set up the renewal agent using the installer.

  1. Configuration and Installation

    Run the Renewal agent installer as an administrator and choose the F5 renewal agent for installation.

    F5 Renewal Agent Installer

    Steps:

    1. Mention the required details
      • Provide a unique name for the agent.
      • Provide the desired F5 SSL profile name to which you want the certificate to be bound.
      • Provide the hostname/IP address of your deployed F5 instance.

      • Provide the URL for your CertSecure Manager backend.

        Configuring agent settings
    2. Register and run the agent
      • On the CertSecure Manager UI, go to Utilities ➡ Agents and then click on Create Registration token.
      • Provide the registration token when the installer prompts to do so.
      • Now mention the F5 account credentials.

      • Wait for the installer to finalise the installation and then close the installer.

        Token generation in CertSecure Manager
        Agent Registration Key

Validation

After the installation has finished, you can validate the installation by following these steps:

  • On the CertSecure Manager UI, go to Utilities ➡ Agents. You can see a renewal agent with the name provided during installation.

    CertSecure Renewal Agents Route
    F5 renewal agent service

  • On the target machine, run services.msc and look for EC_F5_Renewal_Agent, you can monitor and manage the renewal agent from here.

  • You can also monitor the agent logs by accessing the log file at C:/CertSecure/logs.