Agent Deployment and Management

CERTInext agents (Bots) are secure, lightweight components deployed within enterprise environments to perform certificate discovery, provisioning, renewal, and deployment tasks. Proper deployment and management of these agents is critical to maintaining continuous certificate visibility and automation across on-prem, cloud, and hybrid infrastructures.

Agents operate within local network boundaries and communicate securely with the CERTInext platform using authenticated tokens.

Purpose

Agent deployment and management enables organizations to:

• Discover certificates across internal systems

• Automate issuance and renewal

• Deploy certificates to servers and applications

• Maintain lifecycle visibility

• Operate in restricted or air-gapped environments

Agents ensure automation happens inside the enterprise boundary while maintaining centralized orchestration.

Types of Agents

CERTInext supports:

• Discovery Bots – Scan infrastructure and build certificate inventory

• Provisioning Bots – Perform issuance, renewal, and deployment

• Combined Bots – Support both discovery and provisioning

The bot purpose is defined during creation.

Deployment Process

To deploy an agent:

1. Navigate to Certificates → Discovery or Certificates → Provisioning

2. Click Create Bot

3. Configure:

   • Bot Name

   • Activation Window

   • Purpose (Discovery / Provisioning / Both)

   • Network Type (Simple or Complex)

   • API Endpoint

   
4. Generate Bot Token

5. Install agent on target system using:

   • Automated installation script (Recommended)

   • Manual installation package

After installation, the agent registers with CERTInext and appears as Active in the dashboard.

System Requirements

Agent host systems must:

• Run supported Windows or Linux OS

• Have outbound HTTPS (port 443) connectivity

• Have administrator/root privileges

• Maintain synchronized system time (NTP enabled)

• Allow required internal ports for target system access

Agent Management Dashboard

Navigate to:

Certificates → Discovery → Bots or Certificates → Provisioning → Bots

Administrators can:

• View bot status and version

• Monitor last communication timestamp

• Filter by purpose or status

• Export bot inventory

• Suspend or deactivate bots

• Configure bot parameters

Operational Monitoring

Key status indicators include:

• Active

• Pending

• Stopped

• Inactive

If a bot stops communicating:

• Verify network connectivity

• Check token validity

• Restart bot service

• Review local logs

Scaling and Segmentation

Best practices include:

• Deploy separate agents per network segment

• Use distinct bots for Dev, QA, and Production

• Assign meaningful names reflecting environment or region

• Use Complex Network configuration for multi-segment environments

This improves fault isolation and operational clarity.

Security Controls

• Use time-bound activation tokens

• Restrict outbound communication to CERTInext endpoints

• Use least-privilege service accounts

• Store tokens securely

• Rotate tokens if compromised

Agents do not require inbound internet exposure.

Air-Gapped and Restricted Environments

For isolated networks:

• Use manual installation packages

• Transfer installer securely

• Configure proxy if required

• Ensure outbound relay connectivity where permitted

Agents queue tasks locally if temporary connectivity issues occur.

Updating and Decommissioning

Administrators can:

• Monitor bot version for upgrade requirements

• Reconfigure or edit bot settings

• Deactivate unused bots

• Delete bots after host decommissioning

Before deleting, ensure no active certificates are linked.

Best Practices

• Monitor agent health regularly

• Keep agent versions updated

• Validate connectivity after firewall changes

• Enable alerts for inactive bots

• Document agent placement across environments