search

Installing Bots

Once a bot is created, CERTInext generates a deployment token and presents the installation screen.

Fig: Bot Deployment Summary

Installation Methods

Two installation methods are available.

Automated Install (Recommended)

In this method:

  • A single command is generated

  • The command installs and registers the bot automatically

Installation steps:

  • Open PowerShell on Windows as Administrator (For Windows Installation)

  • Or open Terminal on Linux with root or sudo privileges(For Linux Installation)

  • Paste the generated command from the CERTInext portal

  • Execute the command

The command includes:

  • A unique bot token

  • The configured API endpoint

This is the recommended approach as it minimizes errors.

Fig: Automated Installation

Manual Install

In this method:

  • Installer files are downloaded manually

  • Registration commands are executed separately

This method is suitable for advanced users or controlled environments.

Platform-Specific Installation

Windows Installation

Automated Installation - View Instructions

  • Open PowerShell as Administrator

  • Paste the command provided in the CERTInext portal

  • Execute the command

The bot installs, registers and starts automatically.

Manual Installation

  • Download the MSI installe

  • Open PowerShell as Administrator

  • Navigate to the download location

  • Run the MSI installation command with the bot token and API URL

After installation:

  • The bot starts automatically

  • Desktop shortcut is created

View Prerequisites

  • Administrator access on the Windows machine

  • Windows 10 or higher

  • Minimum 500 MB free disk space

  • Outbound HTTPS access on port 443

  • Firewall allows outbound HTTPS connections

  • Corporate firewall whitelisting for CERTInext domains if applicable

The following ports are required based on the type of operations performed by the bot. Some ports are used only for discovery, while others are required for provisioning and deployment actions.

Ports required for Certificate Discovery

These ports are used by the bot to scan endpoints and discover existing certificates:

  • Port 8443 for Tomcat or JBoss

  • Port 22 for SSH

  • Port 389 or 636 for LDAP

  • Port 3389 for RDP

  • Port 445 for SMB

Ports required for Certificate Provisioning

These ports are required when the bot performs certificate deployment, renewal, or lifecycle operations on target systems:

  • Port 22 for SSH based deployments

  • Port 3389 for RDP based deployments

  • Port 445 for SMB based deployments

  • Application specific ports (for example HTTPS ports on web servers where certificates are installed)

Linux Installation (DEB)

Automated Install (Recommended)

  • Select Automated Install.

  • Open Linux-Debian → View Instructions

  • Copy the generated bash script.

  • Run as root or with sudo.

Manual Installation

  • Select Manual Install on the deployment page.

  • Under Linux-Debian, click Download (.deb).

  • Open Terminal.

  • Navigate to Downloads

  • Install the DEB package following the instructions

Prerequisites

  • Root or sudo access

  • Ubuntu 20.04 LTS or later

  • Debian 11 or later

  • Minimum 500 MB free disk space

  • Outbound HTTPS access on port 443

  • Firewall allows outbound HTTPS connections

Linux Installation (RPM)

Automated Install (Recommended)

  • Select Automated Install.

  • Open Linux-RPM → View Instructions

  • Copy the generated bash script.

  • Run as root or with sudo.

Manual Installation

  • Select Manual Install on the deployment page.

  • Under Linux-RPM, click Download (.deb).

  • Open Terminal.

  • Navigate to Downloads

  • Install the RPM package following the instructions

Prerequisites

  • Root or sudo access

  • RHEL 8+, CentOS Stream 8+, Fedora 34+, Oracle Linux 8+

  • Minimum 500 MB free disk space

  • Outbound HTTPS access on port 443

  • Firewall allows outbound HTTPS connections

Bot Behavior

This section explains bot behavior during normal operation, new installations and API unavailability.

Bot Startup Behavior

When a bot is already installed:

  • The bot can be launched from the desktop shortcut or system menu

  • If the Discovery API is unavailable, the bot displays: “CERTInext bot execution failed. Discovery API is unable to connect.”

This indicates the bot is running locally but cannot reach the API.

Behavior During New Bot Creation Using Token

If no bot exists on the system:

  • If no bot exists on the system, a new bot is installed and a corresponding bot entry is created in the CERTInext portal.

  • If a bot already exists on the same system, no new bot is created and no additional bot entry appears in the portal. The existing bot is launched instead.

Only one CERTInext Bot can exist per system (host machine).

Behavior When Discovery API Is Down During Installation

If the Discovery API is unavailable:

  • The installer still downloads and installs locally

  • The bot will be unable to register with CERTInext

  • The bot displays a connectivity error

  • The bot becomes operational once the API is reachable

View Bot

The View Bot page displays detailed information about a configured bot and provides visibility into its scan configuration, operational status, and execution history. This page allows administrators to monitor bot health, verify scan settings and review discovery activity.

Bot Summary

The top section displays the core bot details:

  • Bot Name → Unique identifier of the bot instance.

  • Computer Name → Host system on which the bot is running.

  • Bot IP Address → IP address of the host system.

  • Bot Version v → Installed version of the bot agent.

  • OS → Operating system of the host machine.

  • Status → Current operational state of the bot (for example: Active, Inactive).

This section provides a quick overview of the bot environment and connectivity.

Scan Configuration

The Scan Configuration section shows the discovery configuration associated with the bot.

  • Scan Frequency → Displays the configured scan schedule (for example: On Demand, Daily, Weekly, Monthly).

  • Scan Targets → Clicking View displays the list of configured targets that the bot scans for certificates.

This section allows users to validate which assets are being scanned by the bot.

Scan Logs

The Scan Logs tab displays the execution history of certificate discovery scans performed by the bot.

Each entry includes:

  • Scanned From: Discovery source (for example: Web/App Servers).

  • Scan Start Date: Timestamp when the scan started.

  • Scan End Date: Timestamp when the scan completed.

  • Newly Discovered Certificates: Number of certificates identified in that scan.

This section is used to track discovery activity and measure scan effectiveness.

Error Logs

The Error Logs tab displays any errors encountered during scan execution.

This includes:

  • Connection failures

  • Authentication issues

  • Target access errors

  • Scan execution failures

This section is primarily used for troubleshooting and operational diagnostics.

Edit Bot

The Edit option allows users to modify the bot configuration, including scan targets and scheduling parameters.

Bot Log Locations

The CERTInext Bot writes operational and error logs locally on the host system to assist with troubleshooting.

Bot Log Types and Visibility

The CERTInext Bot generates multiple types of logs to support troubleshooting, auditing and operational visibility. These logs are maintained both locally on the host system and within the CERTInext platform.

Local Bot Logs (Host System)

On the host system, the bot maintains the following log files:

  • info.log Contains high-level operational information such as bot startup, configuration loading, scan initiation, and successful API communications.

  • error.log Captures errors encountered during bot execution, including connectivity failures, authentication issues, scan failures, and provisioning errors.

  • verbose.log Provides detailed diagnostic output useful for deep troubleshooting and support analysis. This includes extended execution traces and debug-level information.

These logs capture startup activity, connectivity errors, API communication issues and provisioning or discovery failures. They should be referenced when diagnosing issues or when sharing details with CERTInext support.

Fig: Bot Log Location(Host System)

These logs are stored at the following locations:

Windows

Users → <Logged-in User> → AppData → Roaming → eMudhra → CERTInextBot → logs

Linux

/opt/certinext-bot/logs

Or

/tmp/certinext-bot.log

(depending on installation mode)

Logs Visible in the CERTInext Portal

In addition to local logs, key bot activities are also reported to the CERTInext platform for centralized visibility.

Audit Logs (Reports → Audit Logs)

These logs capture platform-level activities such as:

  • Bot registration and status changes

  • Discovery and provisioning actions

  • Configuration updates

  • User-triggered operations

Fig: Error Logs

Bot Scan Logs

After a bot is configured and executed, scan-related information is available within the bot view:

  • Scan Logs show discovery or provisioning execution details

  • Error Logs display scan-specific failures, if any

Fig: Scan Logs

Fig: Error Logs

These can be accessed by navigating to:

Certificates → Discovery → View Bot → Scan Logs / Error Logs

Local logs should be referenced for host-level issues, while portal logs provide operational and audit-level visibility.

CERTInext Bot Utility

After installation, the CERTInext Bot Utility provides a local interface to view bot status and manage configuration synchronization

This screen is displayed when the bot is launched on the host system.

Bot Utility Screen Details

The Bot Utility screen displays the following information:

  • Bot Type Indicates whether the bot is configured for Discovery, Provisioning, or Discovery and Provisioning.

  • Connection Status Shows whether the bot is successfully connected to the CERTInext platform.

  • Scanning Status Displays the current operational state of the bot (Idle, Running, etc.).

  • Bot Name Displays the name assigned during bot creation in the CERTInext portal.

Pull Configurations

The Pull Configurations button allows the bot to fetch the latest configuration from the CERTInext platform.

  • Configuration changes made in the portal are automatically pulled by the bot after saving.

  • To ensure synchronization, especially after network or configuration changes, users can manually click Pull Configurations.

This ensures the bot is always operating with the most recent settings.

Check for Updates

The Check for Update option allows the bot to verify whether a newer version is available.

  • When an update is available, the bot can be upgraded to the latest version.

  • Keeping the bot updated ensures access to the latest features, fixes, and security enhancements.

Fig: Bot Utility Screen

PreviousCreating a BotNextConfiguring Bots

Last updated