CertAgent Support Guides

PLEASE NOTE: You must be a registered user to view support documentation. By clicking the link above you will be prompted to login or create an account.

Current Release:



  • Windows Server 2012 R2 or above
  • CentOS 6.7 x86-64 (Linux Kernel 2.6.32-573) or above

Looking to purchase CertAgent?

Hardware Security Modules

For CSfC registration, a CertAgent-based solution must be paired with an approved hardware security module (HSM). While CertAgent should work with any PKCS#11-compatible device, ISC has tested and validated the following HSMs for use with CertAgent:
  • Acala*
  • Engage Black BlackVault HSM
  • Gemalto SafeNet Luna Network, PCIe, and USB HSMs
  • Thales nShield Connect HSMs
  • Envieta QFlex HSM
  • Futurex Vectera Plus HSM
*Acala is a software-based HSM that may be used with an “offline” CA. NOTE: HSM performance can have a direct impact on the responsiveness of CertAgent; slower HSMs may cause long delays and timeouts. This concern may be of critical importance when CertAgent is acting as an OCSP responder as that service requires the HSM to perform at least one additional signature operation for each response. ISC recommends speaking directly with the CSfC program office about your proposed solution before committing to the purchase of any particular HSM model. Information on ADA Section 508 Accessibility and Compatibility Features: To better assist users with accessibility needs, CertAgent should be accessed using a Section 508 compatible browser and have any necessary compatible assistive technologies installed and configured per those products’ guidance.