Skip to content
QCecuring

Agents

Agents

Section titled “Agents”

SSL CLM Agents execute certificate operations on remote systems (VMs, servers, containers) and securely communicate with the central platform.

Agent Monitoring Dashboard

Section titled “Agent Monitoring Dashboard”

Agent Dashboard

Provides a real-time overview of:

  • Online / Offline agents
  • Disabled agents
  • Expired agent certificates
  • Safe mode status
  • Total registered agents

Includes:

  • Status distribution chart
  • Recent alerts
  • Recent agent activity

Agent Registration (Bootstrap)

Section titled “Agent Registration (Bootstrap)”

Agent Registration

Steps:

  1. Enter hostname
  2. Generate one-time bootstrap token
  3. Install agent on target machine
  4. Complete secure mTLS bootstrap

Bootstrap token:

  • One-time use
  • Time-limited
  • Used to establish initial trust

After bootstrap, the agent receives a client certificate for ongoing authentication.

Agents List

Section titled “Agents List”

Agents List

Displays:

  • Agent ID
  • Hostname
  • Status (ONLINE, OFFLINE, BOOTSTRAPPING)
  • Bootstrap status
  • Last heartbeat
  • Certificate expiry
  • Version

Supports:

  • Search by hostname or ID
  • Status filtering
  • Manual refresh

Agent Details

Section titled “Agent Details”

Agent Details

Detailed view includes:

Agent Information

Section titled “Agent Information”
  • Agent ID
  • Hostname
  • Status
  • Bootstrap completion
  • Last heartbeat
  • Created timestamp

Certificate Information

Section titled “Certificate Information”
  • mTLS certificate fingerprint
  • Expiry date
  • Days until expiration

Version Information

Section titled “Version Information”
  • Version
  • Build date
  • Git commit

Capabilities

Section titled “Capabilities”
  • Supported operations reported by agent

Metrics

Section titled “Metrics”
  • System metrics (if enabled)
  • Job execution metrics

Communication Model

Section titled “Communication Model”
  • Mutual TLS (mTLS)
  • Certificate-based identity
  • Encrypted task execution
  • Heartbeat reporting

Agents poll the platform for:

  • Deployment tasks
  • Renewal tasks
  • Validation jobs
  • Discovery execution

Agent Status Lifecycle

Section titled “Agent Status Lifecycle”
  • BOOTSTRAPPING – Registration in progress
  • ONLINE – Actively connected and healthy
  • OFFLINE – No recent heartbeat
  • DISABLED – Manually disabled
  • EXPIRED – Agent certificate expired
  • SAFE MODE – Restricted operation

Security Model

Section titled “Security Model”
  • One-time bootstrap token
  • mTLS authentication
  • Scoped task authorization
  • Full audit logging of agent actions

Agents never expose private keys externally unless explicitly configured.

Operational Flow

Section titled “Operational Flow”
  1. Register agent
  2. Complete bootstrap
  3. Agent connects via mTLS
  4. Platform assigns tasks
  5. Agent executes locally
  6. Results and logs reported back

Agents provide secure, distributed execution for certificate lifecycle operations.