Creating a Bot
To create a bot, navigate to:
Certificates → Discovery → Create Bot
This launches the bot creation wizard, which guides you through the required configuration.
Step 1: Configure Bot Settings
Description
Enter a clear and descriptive name for the bot. The name should reflect the environment, region, or purpose where the bot will operate.
Examples:
EU Production Web Servers
US Internal Cluster Scan
Azure VPC Discovery Bot
Meaningful naming is strongly recommended, especially in environments where multiple bots are deployed across different networks.
Fig: Configure bot settings – Description
Activation Window (Days)
Specify the number of days for which the bot token remains valid.
For security, activation tokens are temporary. If the bot is not deployed within this period, the token expires and cannot be used to register the bot with CERTInext. In such cases, a new bot must be created from the portal to generate a new activation token.
Typical values range from 15 to 90 days, depending on organizational security policies.
Add Custom Tags
Optional tags can be added to classify or group bots.
Tags are commonly used to represent:
Region
Environment (Prod, Test, UAT)
Ownership or team
Functional purpose
These tags help filter and manage bots at scale.
You need to enter a Tag Name and Tag Value.
Fig: Custom Tags
Step 2: Bot Purpose
Select how the bot will be used.[KS1] [SM2]
Discovery
Use this option when the goal is to scan systems and build a certificate inventory.
In this mode, the bot:
Scans servers, devices, load balancers, and applications
Identifies TLS certificates
Reports discovered certificates back to CERTInext
No certificate lifecycle actions are performed in this mode.
Provisioning
Use this option when the bot is intended to manage certificates.
In this mode, the bot:
Issues certificates
Renews certificates
Replaces certificates
Deploys certificates to endpoints
This mode is used when certificate lifecycle automation is required.
Discovery and Provisioning (Combined)
This mode enables both discovery and lifecycle management.
It is recommended when:
Full visibility is required
Certificates should be automatically managed end-to-end
Fig: Bot Purpose
Step 3: Bot Connection Configuration
This section defines how the bot connects to your network and to CERTInext.
Network Environment Type
Simple Network (Single Location)
Select this option when all target systems are accessible from a single location without network segmentation.
Characteristics:
One bot instance
Flat or centralized network
Suitable for smaller environments or single data centers
Fig: Bot Connection Configuration - Simple Network
Complex Network (Multiple Segments)
Select this option for distributed or segmented environments such as:
Multiple data centers
DMZ-segmented networks
Hybrid cloud and on-prem environments
Multiple VPCs
When this option is selected:
An additional field appears to specify the number of allowed connections
Multiple bot instances can be deployed under the same configuration
This allows each bot instance to manage a separate network segment.
Fig: Bot Connection Configuration - Complex Network
Proxy Configuration
Does this bot need a proxy to access the internet
Select No if the bot can connect directly to the internet and communicate with the CERTInext API.
Fig: Proxy Configuration - No
• Select Yes if outbound traffic must pass through an enterprise proxy.
Fig: Proxy Configuration - Yes
When Yes is selected, the following details are required:
Proxy type
Proxy host
Proxy port
Proxy authentication credentials if applicable
Conditional behavior
When Yes is selected for proxy configuration, the Internet Access question is skipped, as the bot is assumed to have outbound connectivity through the configured proxy.
Isolated Network Without Internet Access
Does this bot need a proxy to access the internet?
Select No if the bot has outbound connectivity to CERTInext.
In this case:
The bot communicates directly with the CERTInext API
No chaining configuration is required
Fig: Internet Access - No
Select Yes if the bot operates in a restricted network with no internet access
In this case:
The bot operates in offline mode
Data is forwarded through a chained relay bot that has internet access
Bot Chaining Settings
This section is displayed only when Yes is selected for the No Internet Access option.
Bot chaining allows an offline bot to forward its discovery or provisioning data through another CERTInext bot that has outbound internet connectivity. In this section, select the appropriate connector bot that will act as the relay for internet communication.
Fig: Internet Access - Yes
When yes is selected here it takes the API endpoint URL configuration of an already existing bot that has outbound internet connectivity.
API Endpoint URL
Default API URL (Recommended)
Use this option when connecting to CERTInext Cloud.
No additional configuration is required.
This option is recommended for most SaaS deployments.
Fig: Default API URL
Custom API URL
Select this option when connecting to:
On-prem CERTInext deployment
Private cloud instance
UAT or sandbox environments
Enter the full API endpoint URL provided by your administrator.
Fig: Custom API URL
Final Step: Create Bot
After completing all required fields, click Create Bot.
CERTInext generates a unique bot token. This token is required during installation and is used by the bot to authenticate with the CERTInext platform.
Bot Deployment and Installation
Once the bot is created, CERTInext displays the deployment screen confirming that the bot is ready for installation.
Bot Deployment Summary
This section displays:
Bot name
Token expiry date
Number of allowed endpoints
Connection type
Bot purpose
Administrators should review this information before proceeding.
Fig: Bot Deployment Summary
Last updated