# Architecture Overview

The CERTInext Architecture Overview illustrates how the platform enables centralized certificate lifecycle management across on-premises systems, cloud environments, and third-party platforms while integrating with public and private Certification Authorities (CAs).

At the infrastructure layer, CERTInext Bots are deployed within enterprise environments. These bots connect to internal assets such as HSMs, LDAP directories, certificate stores, SSH keys, file systems, and application servers (Server A). They also support agentless discovery and provisioning for remote systems like Windows (via SMB) and Linux (via SSH) servers. Additionally, bots integrate with third-party platforms including F5, Cloudflare, AWS ACM, Kubernetes, Palo Alto, FortiGate, and Akamai through secure API-based communication.

All bots communicate securely with the CERTInext platform hosted in AWS Cloud over HTTPS (Port 443). Within the cloud layer, CERTInext exposes multiple APIs and protocol endpoints including REST, SCEP, EST, WAEP, and ACME, enabling automation and DevOps integration. Core functional modules include Discovery, Provisioning, Managed PKI, Secure Key Management, Vulnerability Assessment, Certificate/Key Compliance, Scheduling, and CT Log discovery. The platform is multi-tenant, with a Master Database and logically separated tenant environments.

On the CA integration side, CERTInext connects to eMudhra’s data center for emSign (public CA) and emCA (private PKI) via dedicated APIs. It also integrates with external public CAs such as DigiCert and Sectigo through CA APIs. This allows automated certificate issuance, renewal, revocation, and trust validation.

Overall, the architecture demonstrates a secure, scalable, API-driven, and multi-tenant design that bridges enterprise infrastructure, cloud platforms, and certification authorities into a unified certificate lifecycle management ecosystem.

<figure><img src="/files/pFnmjn5CaZlX1KxCFWSH" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.certinext.io/documentation/getting-started/architecture-overview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.