Fig: Configure bot settings – Description
**Activation Window (Days)** Specify the number of days for which the bot token remains valid. For security, activation tokens are temporary. If the bot is not deployed within this period, the token expires and cannot be used to register the bot with CERTInext. In such cases, a new bot must be created from the portal to generate a new activation token. Typical values range from 15 to 90 days, depending on organizational security policies.Fig: Custom Tags
**Step 2: Bot Purpose** Select how the bot will be used.\[KS1] \[SM2] * **Discovery** Use this option when the goal is to scan systems and build a certificate inventory. In this mode, the bot: * Scans servers, devices, load balancers, and applications * Identifies TLS certificates * Reports discovered certificates back to CERTInext No certificate lifecycle actions are performed in this mode. * **Provisioning** Use this option when the bot is intended to manage certificates. In this mode, the bot: * Issues certificates * Renews certificates * Replaces certificates * Deploys certificates to endpoints This mode is used when certificate lifecycle automation is required. * **Discovery and Provisioning (Combined)** This mode enables both discovery and lifecycle management. It is recommended when: * Full visibility is required * Certificates should be automatically managed end-to-endFig: Bot Purpose
**Step 3: Bot Connection Configuration** This section defines how the bot connects to your network and to CERTInext. **Network Environment Type** **Simple Network (Single Location)** Select this option when all target systems are accessible from a single location without network segmentation. Characteristics: * One bot instance * Flat or centralized network * Suitable for smaller environments or single data centersFig: Bot Connection Configuration - Simple Network
**Complex Network (Multiple Segments)** Select this option for distributed or segmented environments such as: * Multiple data centers * DMZ-segmented networks * Hybrid cloud and on-prem environments * Multiple VPCs When this option is selected: * An additional field appears to specify the number of allowed connections * Multiple bot instances can be deployed under the same configuration This allows each bot instance to manage a separate network segment.Fig: Bot Connection Configuration - Complex Network
**Proxy Configuration** **Does this bot need a proxy to access the internet** * Select **No** if the bot can connect directly to the internet and communicate with the CERTInext API.Fig: Proxy Configuration - No
• Select **Yes** if outbound traffic must pass through an enterprise proxy.Fig: Proxy Configuration - Yes
When Yes is selected, the following details are required: * Proxy type * Proxy host * Proxy port * Proxy authentication credentials if applicable **Conditional behavior** When **Yes** is selected for proxy configuration, the Internet Access question is skipped, as the bot is assumed to have outbound connectivity through the configured proxy. **Isolated Network Without Internet Access** **Does this bot need a proxy to access the internet?** Select **No** if the bot has outbound connectivity to CERTInext. In this case: * The bot communicates directly with the CERTInext API * No chaining configuration is requiredFig: Internet Access - No
Select **Yes** if the bot operates in a restricted network with no internet access In this case: * The bot operates in offline mode * Data is forwarded through a chained relay bot that has internet access **Bot Chaining Settings** This section is displayed only when **Yes** is selected for the **No Internet Access** option. Bot chaining allows an offline bot to forward its discovery or provisioning data through another CERTInext bot that has outbound internet connectivity. In this section, select the appropriate connector bot that will act as the relay for internet communication.Fig: Internet Access - Yes
When yes is selected here it takes the API endpoint URL configuration of an already existing bot that has outbound internet connectivity. **API Endpoint URL** **Default API URL (Recommended)** Use this option when connecting to CERTInext Cloud. No additional configuration is required. This option is recommended for most SaaS deployments.Fig: Default API URL
**Custom API URL** Select this option when connecting to: * On-prem CERTInext deployment * Private cloud instance * UAT or sandbox environments Enter the full API endpoint URL provided by your administrator.Fig: Custom API URL
**Final Step: Create Bot** After completing all required fields, click Create Bot. CERTInext generates a unique bot token. This token is required during installation and is used by the bot to authenticate with the CERTInext platform. **Bot Deployment and Installation** Once the bot is created, CERTInext displays the deployment screen confirming that the bot is ready for installation. **Bot Deployment Summary** This section displays: * Bot name * Token expiry date * Number of allowed endpoints * Connection type * Bot purpose Administrators should review this information before proceeding.Fig: Bot Deployment Summary
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.certinext.io/documentation/certificate-lifecycle-management/discovering-certificates/scan-using-bots/creating-a-bot.md?ask=