Install and configure ISC CertAgent for Windows
Perform the following tasks to install and configure the CertAgent and verify that it works properly.
The Internet Explorer and Firefox browsers support the web-based interface used by CertAgent.
Perform the following steps to install and configure CertAgent:
Double-click the Certagent.7.0.5.x64.exe file and follow the instructions in the setup wizard.
The setup wizard prompts for the listening port for the HyperSQL database to be created. If 9001 is already in use, you can also use 9002 or 9003.
CertAgent prompts you to create TLS ports and Admin and Public web interface credentials.
Provide the following information:
PKCS11 library path
Select [ Browse ] and select the path for the fxpkcs11.dll file. The default FXPKCS11 installation location is C:/Program Files/Futurex.
HSM Partition
Prompt to select one of the partitions found in the
HSM PIN
This is the identity password configured inside the <CRYPTO-OPR-PASS> tag in the fxpkcs11.cfg file.
Common Name (CN)
Common Name (CN) for the CA Root certificate created by CertAgent
Organization Name
Organization Name for the CA Root certificate created by CertAgent
PKCS #12 Password
Password to be used for PKCS #12 files generated by CertAgent and the
Make note of the PKCS #12 password, admin TLS port (<admin port>) and public TLS port (<public port>) you enter during installation. This information is required to import the Certificates for the web browsers to access the CertAgent sites (Administrator Site, Public Site, CA Site).
Set the SA password and a user account with a password for the CertAgent database. Be sure to take note of these for future use.
The installer creates the credentials and will finalize the installation process.
At the end of the installation, CertAgent creates a README.txt file. We strongly recommend that you read and follow the instructions for the Post-Installation steps.
This section verifies that CertAgent is communicating correctly with the .
The following requires the certificates installed by CertAgent to be added to the trusted list of your web browser.
After the installation completes, log in to the web UI to verify the keys have successfully been generated.
You can also use the Command Line Interface (FXCLI) to validate the installation. After you connect, run the following commands to verify the keys exist on the .
If all six keys are present, the installation succeeded.
Open a command terminal and go to the installation location of CertAgent. Then, run the command certagent setpin.
Go to the System PIN Entry page shown in the README.txt. Follow the link in the file.
In the web portal, you can use the displayed links to access the following sites:
- The System Administrative Site
- Admin controls over the system and server, including configuration settings. Must connect with the Admin certificate.
- The CA Account Site
- Allows the certificate enrollment, management, CRL, and other settings to be set when connected with the Admin certificate.
- Allows CSRs to be approved, signed, revoked, and other certificate enrollment tasks to be completed when connected with the Operations certificate.
- The Public Site
- Allows users to enroll, upload, and retrieve certificates to and from the when connected with the Client certificate.
Using the Public Site, send a certificate signing request using the Enroll function. Using Internet Explorer, you can generate a key for a certificate to be signed by the . Firefox cannot generate a key for you.
After sending in a CSR, log in to the CA Account Site by using the Operations certificate, find the certificate in the pending section, and issue it.
Proper configuration of the application with the enables you to issue the certificate and retrieve all from the web.