Agent installation and deployment

Overview

This guide provides comprehensive instructions for installing and uninstalling the Redtrust agent in Windows environments. It includes steps for standard installations, silent installations (automated setups with minimal user interaction), and server installations (for enterprise environments). This guide is intended for system administrators or anyone responsible for deploying and configuring Redtrust.

By the end of this guide, you will have installed the Redtrust agent and be able to set up the platform.

Background

These are the details of the three types of installation:

Type	Description
Standard installation	Installs the agent with a guided setup.
Server installation	Designed for unattended environments where Windows server-based applications need centralized certificates without user interactions. Key features include: No process run in user space, ensuring minimal resource usage. No system tray icon, for an unobtrusive setup. Support for LocalUsers and ActivationCode authentication methods. Command-line configuration for credentials. Certificates served via local store, making them globally accessible across the entire system. Consistent application of policies, mirroring user-mode behavior.
Silent installation	Runs the installation in the background without accessing the wizard or requiring user input.

Before you start

If you are installing Redtrust on Windows, ensure you have the installation package, including an installer (MSI) file and a batch file (bat).

If you install Redtrust on macOS and want to use Firefox, make sure you have the RedtrustPKCS11.dylib file. If you can’t find it on your system, contact the support team.

To view system requirements, select an installation type.

System requirements

Standard installation

Windows

• Microsoft Windows 8.1, 10, or 11 (32/64-bit).
• .NET Framework 4.8.
• Microsoft .NET Runtime 8.0.0 (x86).
• Administrator privileges (required only during installation).

macOS

Redtrust supports ARM processors. The installation of the agent requires a license.

Silent installation

32-bit Machine:

• Visual C++ Redistributable for Visual Studio 2015-2022 x86 (VC_redist.x86.exe) (NO_REDIST option to skip).
• SQL Server Compact 4.0 x86 (SSCERuntime_x86-ENU.exe) (NO_SQLCOMPACT option to skip).
• Microsoft .NET Runtime 8.0.0 (x86) (dotnet-runtime-8.0.0-win-x86.msi).

64-bit Machine:

• Visual C++ Redistributable for Visual Studio 2015-2022 x64 (VC_redist.x64.exe) (NO_REDIST option to skip).
• SQL Server Compact 4.0 x64 (SSCERuntime_x64-ENU.exe) (NO_SQLCOMPACT option to skip).
• Microsoft .NET Runtime 8.0.0 (x64) (dotnet-runtime-8.0.0-win-x64.msi).

Server installation

• Microsoft Windows Server 2022, 2019, 2016, or 2012.
• .NET Framework 4.8.
• Microsoft .NET Runtime 8.0.0 (x86).
• Administrator privileges.

Windows installation

Step 1: Install the agent

Standard installation

The Redtrust agent is provided as an MSI package, accepting multiple parameters listed in the parameters page. Two versions are available: one for 32-bit and one for 64-bit systems.

An example of agent installation can be the following:

On-premise option

msiexec /i rt-agent-x64-1.82.1-1949-MS.msi
    
RTPRIMARY="RTServerPrimary" RTSECONDARY="RTServerSecondary"
    
CLIENTID="gps90IsdWqH7jVP7kiOukBrtpqwvYsvc=" LANGUAGE="en-US"
    
AuthMode=ActiveDirectory

Cloud option

msiexec /i rt-agent-x64-1.82.1-1949-MS.msi LANGUAGE="en-EN" DEFAULTDOMAIN=”redtrust”

The installation process is guided through a wizard where you can specify the directory where the product will be stored. The process will take only a few seconds.

Silent installation

Use the msiexec command for silent installation. For a completely silent setup, run:

msiexec /i rt-agent-x64-1.82.1-1949-MS.msi

RTPRIMARY="RTServerPrimary" RTSECONDARY="RTServerSecondary"

CLIENTID="gps90IsdWqH7jVP7kiOukBrtpqwvYsvc=" LANGUAGE="es-ES"

AuthMode=ActiveDirectory​ ​ ​/qn

note

If silent installation fails due to prerequisites, install vc_redist and SSCERuntime_x-ENU separately, then rerun the installer with the NO_REDIST and NO_SQLCOMPACT options.

Server installation

For unattended environments, set the AGENTMODE parameter to SERVER.

Once installed in the Redtrust installation folder (by default c:\Program Files\Redtrust) use the rtsetup.exe tool to configure Redtrust.

> rtsetup

This command returns:

  Tool to configure the Redtrust Server Agent.
  Usage:
    rtsetup.exe -authMode=[LocalUsers|Ldap] -username=[username] -password=[password]
    or
    rtsetup.exe -authMode=ActivationCode -code=[activation code]

  Optional parameters:
    -primaryServer=[IP or hostname]
    -secondaryServer=[IP or hostname]
    -servicePort=[Port] (default value: 443)

  Note: Both need to be set at once. Port is only updated when servers are set.

  Use this tool in order to:
    Set RedTrust credentials for agent (local users or activation code).
    Set Redtrust server addresses.

  After tool execution, service RTService needs to be restarted in order to refresh configuration.

info

For information about supported parameters, see the installation parameters page. Running the installer without parameters installs the agent with default configurations.

Step 2: Configure the browser

After installing the agent, configure browsers to enable Redtrust certificate management. Follow the steps defined in How to configure your browser.

Step 3: Verify the installation

Test the installation by uploading and using a certificate, as explained in the initial configuration tutorial.

macOS installation

warning

Note that due to operating system limitations, the macOS agent is only compatible with local users, SAML and OAuth. In addition, when using the macOS agent, you won't be able to audit URLs or processes.

info

Redtrust is only compatible with Autofirma 1.8.4 or higher.

Step 1: Installation

1. Download the agent through the App Store. Once installed:

On-premise and MSP options

2. Select Choose a custom config.
3. In the form, enter your information.

Cloud option

2. Select Beta cloud.

info

For information about supported parameters, see the installation parameters page. Running the installer without parameters installs the agent with default configurations.

Step 2: Configure Firefox

To be able to use your certificates in Firefox, as well as relevant applications such as Autofirma, you have to load the PKCS11 library using Firefox.

1. Click the Redtrust agent in the taskbar and then click Connect. Log in with your credentials.
2. Click the Firefox ☰ menu and navigate to Settings > Privacy & security.
3. Go to Certificates and click Security devices.
4. In the list of security devices, select Redtrust PKCS11 and click Load.
5. Select the RedtrustPKCS11.dylib file from your device and click Ok.

Step 3: Verify the installation

Test the installation by uploading and using a certificate, as explained in the initial configuration tutorial.

Troubleshooting

To monitor the operation of the agent in server mode and detect any configuration issues, the agent generates a series of events in the Windows event log.

These events are categorized as application events named Redtrust and include:

Event	Level	Description
Login success	Info	Login established with the server
Login failed	Info	Login attempt failed. It's retried automatically.
Wrong configuration/InvalidLogin	Error	The configuration type isn't compatible with the server mode. The supported modes are LocalUsers, LDAP, and ActivationCode.
Invalid credentials	Error	Redtrust user credentials aren't configured or incorrect. Use rtsetup to correct them.
Connection problems with servers	Error	An error occurred while connecting to the server. Check the HTTPS connectivity to the configured port (by default 443).
Server Manager Agent System Exception	Error	An internal error has occurred. Contact Redtrust support service indicating the content of this event.
Login Failed: Unexpected error	Error	An unexpected error has ocurred while authenticating. Contact Redtrust support service indicating the content of this event.
Login Failed: You must change password	Error	Attempt to login with a user who must change the password. Make the change from a non-server agent.

Uninstallation

You can unistall Redtrust in two ways:

Interactive uninstallation

Use the standard Windows Programs and Features interface to remove Redtrust.

Unattended uninstallation

For unassisted uninstallation, use the msiexec command:

msiexec /x {5F567E45-9801-4122-9213-1731DBC44E11} /q

To retrieve the installed agent's Globally Unique Identifier (GUID)—for example, {5F567E45-9801-4122-9213-1731DBC44E11}— run the following PowerShell command:

> Get-WmiObject -class Win32_Product | ? {$_.Name -eq "redtrust"}

This command will output details such as:

IdentifyingNumber : {5F567E45-9801-4122-9213-1731DBC44E11}
Name              : RedTrust
Vendor            : Evolium Technologies
Version           : 4.10.5
Caption           : RedTrust

IdentifyingNumber is the agent GUID to be supplied to msiexec.

Otherwise, you can find the GUID in the Windows registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\. Search for the entry associated with Redtrust to locate the GUID.