.png){kind=logo}
CLI Interface - Server Mode
The Windows Agent can be installed in a CLI configuration called Server Mode.
For instructions on using different 3rd party signing tools with the Windows Agent, see Use Cases & Guides.
Notes about Server Mode
As of Signum 4.30.1, it is possible to select which store to install certificates into either the User or Machine store in windows.
Only the LocalUsers is supported as the Domain type at this time.
Login with certificate is supported.
Install the Server Agent
Download the Signum Windows Agent MSI installer.
In the same directory as the MSI installer, create a new plain text file with the extension .bat, for example “signum-agent-config.bat” .
Copy and paste the text below, modifying the properties as needed to match the environment. Ensure the file name of the agent matches the file name of the msi that was downloaded.
msiexec /i kf-agent-x64-4.30.1-456b2f45-MS-WO_Trust.msi /qb ^
RTPRIMARY="Deployment URL" RTSECONDARY="Deployment URL" ^
CLIENTID="The ClientID from the SaaS Portal" ^
AuthMode="LocalUsers" AGENTMODE="SERVER" ^
Language="en-US" ^
echo Exit Code is %errorlevel%With both the .bat file and msi in the same directory, run the .bat file by double clicking in Windows Explorer, and this will launch the Installer.
$env:PATH = "C:\Program Files\KeyFactor\;" + $env:PATH Configure the Server Agent
To configure the agent, you can optionally set parameters, set log in option, and select certificate store.
Sever Mode Parameters
The Server Mode has the following parameter:
Parameter | Setting | Function |
|---|---|---|
NO_RUN_SERVICE | 1 | Optional parameter that can be included when running the MSI installer to stop the Service from automatically starting. This can be useful in situations where the Agent is included in a base VM Image to prevent the same AgentID from being generated and duplicated across different images. |
Use the Setup Tool
With the Agent msi installed, the CLI tool for authenticating users to the service can be found in C:\Program Files\KeyFactor\rtsetup.exe. To run the setup tool in PowerShell, set to PATH for the current terminal:
$env:PATH = "C:\Program Files\KeyFactor\;" + $env:PATHLog In
You can optionally add a password with a -password parameter or, if not supplied, there will be a prompt where it can be entered via STDIN.
rtsetup.exe -authMode=LocalUsers -username="test@domain"Returns:
password:
RTService currently has status Running, the service is stopping
Starting RTService
RTService currently has status Running
RTService restarted.
Warning! Applications that are currently open must be restarted in order to refresh certificates from Signum.Select the Certificate Store
The Signum Agent needs to be 4.30.1 or higher.
Using the -targetStore flag, either the User Certificate Store “MY” can be used or the Local Machine Certificate Store “LocalMachine”. The -targetStore flag places the certificates from Signum in the selected store which can be useful for certain Microsoft Development tools that require the certificates to be stored in a specific location.
Example using the User Certificate Store:
rtsetup.exe -authMode=LocalUsers -username="test@domain" -targetStore=MyExample using the Local Machine Store:
rtsetup.exe -authMode=LocalUsers -"username=test@domain" -targetStore=LocalMachineLogin With Certificate
To enable certificate-based login, set the -authMode flag to Certificate and provide the required certificate thumbprint using the -thumbprint flag. This configuration can be applied using the rtsetup tool. When configured this way, the Windows agent in Server Mode authenticates using the specified certificate.
rtsetup.exe -authMode=Certificate -thumbprint=[certificate thumbprint] store=[My|LocalMachine]Logout
To log out, run the following command:
rtsetup.exe logout