# Installing Bots Once a bot is created, CERTInext generates a deployment token and presents the installation screen.

Fig: Bot Deployment Summary

**Installation Methods** Two installation methods are available. **Automated Install (Recommended)** In this method: * A single command is generated * The command installs and registers the bot automatically Installation steps: * Open PowerShell on Windows as Administrator (For Windows Installation) * Or open Terminal on Linux with root or sudo privileges(For Linux Installation) * Paste the generated command from the CERTInext portal * Execute the command The command includes: * A unique bot token * The configured API endpoint This is the recommended approach as it minimizes errors.

Fig: Automated Installation

**Manual Install** In this method: * Installer files are downloaded manually * Registration commands are executed separately This method is suitable for advanced users or controlled environments. **Platform-Specific Installation** **Windows Installation** **Automated Installation - View Instructions** * Open PowerShell as Administrator * Paste the command provided in the CERTInext portal * Execute the command The bot installs, registers and starts automatically. **Manual Installation** * Download the MSI installe * Open PowerShell as Administrator * Navigate to the download location * Run the MSI installation command with the bot token and API URL **After installation:** * The bot starts automatically * Desktop shortcut is created **View Prerequisites** * Administrator access on the Windows machine * Windows 10 or higher * Minimum 500 MB free disk space * Outbound HTTPS access on port 443 * Firewall allows outbound HTTPS connections * Corporate firewall whitelisting for CERTInext domains if applicable The following ports are required based on the type of operations performed by the bot. Some ports are used only for discovery, while others are required for provisioning and deployment actions. **Ports required for Certificate Discovery** These ports are used by the bot to scan endpoints and discover existing certificates: * Port 8443 for Tomcat or JBoss * Port 22 for SSH * Port 389 or 636 for LDAP * Port 3389 for RDP * Port 445 for SMB **Ports required for Certificate Provisioning** These ports are required when the bot performs certificate deployment, renewal, or lifecycle operations on target systems: * Port 22 for SSH based deployments * Port 3389 for RDP based deployments * Port 445 for SMB based deployments * Application specific ports (for example HTTPS ports on web servers where certificates are installed) **Linux Installation (DEB)** **Automated Install (Recommended)** * Select Automated Install. * Open Linux-Debian → View Instructions * Copy the generated bash script. * Run as root or with sudo. **Manual Installation** * Select Manual Install on the deployment page. * Under Linux-Debian, click Download (.deb). * Open Terminal. * Navigate to Downloads * Install the DEB package following the instructions **Prerequisites** * Root or sudo access * Ubuntu 20.04 LTS or later * Debian 11 or later * Minimum 500 MB free disk space * Outbound HTTPS access on port 443 * Firewall allows outbound HTTPS connections **Linux Installation (RPM)** **Automated Install (Recommended)** * Select Automated Install. * Open Linux-RPM → View Instructions * Copy the generated bash script. * Run as root or with sudo. **Manual Installation** * Select Manual Install on the deployment page. * Under Linux-RPM, click Download (.deb). * Open Terminal. * Navigate to Downloads * Install the RPM package following the instructions **Prerequisites** * Root or sudo access * RHEL 8+, CentOS Stream 8+, Fedora 34+, Oracle Linux 8+ * Minimum 500 MB free disk space * Outbound HTTPS access on port 443 * Firewall allows outbound HTTPS connections **Bot Behavior** This section explains bot behavior during normal operation, new installations and API unavailability. **Bot Startup Behavior** When a bot is already installed: * The bot can be launched from the desktop shortcut or system menu * If the Discovery API is unavailable, the bot displays: “CERTInext bot execution failed. Discovery API is unable to connect.” This indicates the bot is running locally but cannot reach the API. **Behavior During New Bot Creation Using Token** If no bot exists on the system: * If no bot exists on the system, a new bot is installed and a corresponding bot entry is created in the CERTInext portal. * If a bot already exists on the same system, no new bot is created and no additional bot entry appears in the portal. The existing bot is launched instead. Only one CERTInext Bot can exist per system (host machine). **Behavior When Discovery API Is Down During Installation** If the Discovery API is unavailable: * The installer still downloads and installs locally * The bot will be unable to register with CERTInext * The bot displays a connectivity error * The bot becomes operational once the API is reachable **View Bot** The View Bot page displays detailed information about a configured bot and provides visibility into its scan configuration, operational status, and execution history. This page allows administrators to monitor bot health, verify scan settings and review discovery activity. **Bot Summary** The top section displays the core bot details: * **Bot Name** → Unique identifier of the bot instance. * **Computer Name** → Host system on which the bot is running. * **Bot IP Address** → IP address of the host system. * **Bot Version v** → Installed version of the bot agent. * **OS** → Operating system of the host machine. * **Status** → Current operational state of the bot (for example: Active, Inactive). This section provides a quick overview of the bot environment and connectivity. **Scan Configuration** The Scan Configuration section shows the discovery configuration associated with the bot. * **Scan Frequency** → Displays the configured scan schedule (for example: On Demand, Daily, Weekly, Monthly). * **Scan Targets** → Clicking View displays the list of configured targets that the bot scans for certificates. This section allows users to validate which assets are being scanned by the bot. **Scan Logs** The Scan Logs tab displays the execution history of certificate discovery scans performed by the bot. Each entry includes: * Scanned From: Discovery source (for example: Web/App Servers). * Scan Start Date: Timestamp when the scan started. * Scan End Date: Timestamp when the scan completed. * Newly Discovered Certificates: Number of certificates identified in that scan. This section is used to track discovery activity and measure scan effectiveness. **Error Logs** The Error Logs tab displays any errors encountered during scan execution. This includes: * Connection failures * Authentication issues * Target access errors * Scan execution failures This section is primarily used for troubleshooting and operational diagnostics. **Edit Bot** The Edit option allows users to modify the bot configuration, including scan targets and scheduling parameters. **Bot Log Locations** The CERTInext Bot writes operational and error logs locally on the host system to assist with troubleshooting. **Bot Log Types and Visibility** The CERTInext Bot generates multiple types of logs to support troubleshooting, auditing and operational visibility. These logs are maintained both locally on the host system and within the CERTInext platform. **Local Bot Logs (Host System)** On the host system, the bot maintains the following log files: * **info.log**\ Contains high-level operational information such as bot startup, configuration loading, scan initiation, and successful API communications. * **error.log**\ Captures errors encountered during bot execution, including connectivity failures, authentication issues, scan failures, and provisioning errors. * **verbose.log**\ Provides detailed diagnostic output useful for deep troubleshooting and support analysis. This includes extended execution traces and debug-level information. These logs capture startup activity, connectivity errors, API communication issues and provisioning or discovery failures. They should be referenced when diagnosing issues or when sharing details with CERTInext support.

Fig: Bot Log Location(Host System)

These logs are stored at the following locations: **Windows** Users → \ → AppData → Roaming → eMudhra → CERTInextBot → logs **Linux** /opt/certinext-bot/logs Or /tmp/certinext-bot.log (depending on installation mode) **Logs Visible in the CERTInext Portal** In addition to local logs, key bot activities are also reported to the CERTInext platform for centralized visibility. **Audit Logs (Reports → Audit Logs)** These logs capture platform-level activities such as: * Bot registration and status changes * Discovery and provisioning actions * Configuration updates * User-triggered operations

Fig: Error Logs

**Bot Scan Logs** After a bot is configured and executed, scan-related information is available within the bot view: * **Scan Logs** show discovery or provisioning execution details * **Error Logs** display scan-specific failures, if any ![](/files/LJTRxN5Uu2G5HE7kltqG) Fig: Scan Logs

Fig: Error Logs

These can be accessed by navigating to: **Certificates → Discovery → View Bot → Scan Logs / Error Logs** Local logs should be referenced for host-level issues, while portal logs provide operational and audit-level visibility. **CERTInext Bot Utility** After installation, the CERTInext Bot Utility provides a local interface to view bot status and manage configuration synchronization This screen is displayed when the bot is launched on the host system. **Bot Utility Screen Details** The Bot Utility screen displays the following information: * **Bot Type** Indicates whether the bot is configured for Discovery, Provisioning, or Discovery and Provisioning. * **Connection Status** Shows whether the bot is successfully connected to the CERTInext platform. * **Scanning Status** Displays the current operational state of the bot (Idle, Running, etc.). * **Bot Name** Displays the name assigned during bot creation in the CERTInext portal. **Pull Configurations** The Pull Configurations button allows the bot to fetch the latest configuration from the CERTInext platform. * Configuration changes made in the portal are automatically pulled by the bot after saving. * To ensure synchronization, especially after network or configuration changes, users can manually click **Pull Configurations.** This ensures the bot is always operating with the most recent settings. **Check for Updates** The Check for Update option allows the bot to verify whether a newer version is available. * When an update is available, the bot can be upgraded to the latest version. * Keeping the bot updated ensures access to the latest features, fixes, and security enhancements.

Fig: Bot Utility Screen

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.certinext.io/documentation/certificate-lifecycle-management/discovering-certificates/scan-using-bots/installing-bots.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.