URL Scanner Deployment¶
This guide walks you through deploying the CertMS URL Scanner container to monitor internal certificates within your network.
Prerequisites¶
- Active CertMS instance
- Docker or compatible container runtime installed
- Administrative access to your CertMS instance
Deployment Steps¶
Step 1: Log In to Your CertMS Instance¶
Navigate to your CertMS instance URL and log in with your credentials.
Step 2: Navigate to Scanner Settings¶
- Click Settings in the left-hand navigation menu
- Select Scanners from the settings options
- You will see one default scanner called Local Scanner
Step 3: Create a New Scanner¶
- Click Create New Scanner
- Provide a Name for the scanner (required)
- Optionally add a Description to identify the scanner's purpose
- Click Create Scanner
Step 4: Copy the Scanner ID¶
Once the scanner is created, you will be taken to the scanner details page.
Save This Now
Copy and save the Scanner ID displayed on this page. You will need it when deploying the container.
Step 5: Create an API Key¶
- Click Settings in the left-hand navigation menu
- Select API Keys
- Click Create New API Key
- Complete the configuration:
| Field | Configuration |
|---|---|
| Name | Descriptive name (e.g., URL Scanner API Key) |
| Description | Optional — describe the key's purpose |
| Roles | ✅ URL Monitor Admin (required) |
| ✅ Scanner Admin (required) | |
| ✅ Cert Admin (required) | |
| Expiration Date | Any future date — you'll need a new key when this expires |
| Active | ✅ Checked (default) |
- Click Create API Key
Critical
The API key is displayed only once. Copy it immediately and store it in a password manager or secure location — it cannot be retrieved again.
Step 6: Gather Your Environment Variables¶
You now have the three values needed to deploy the container:
| Variable | Description | Where to Find It |
|---|---|---|
BASE_URL |
Your CertMS instance URL | e.g., https://yourcompany.certms.com/certms |
API_KEY |
The API key created above | Copied in Step 5 |
SCANNER_ID |
The scanner's unique ID | Copied in Step 4 |
Step 7: Deploy the Container¶
Choose one of the following deployment methods.
Option A: Docker Run¶
docker run -d \
--name certms-urlscanner \
-e BASE_URL="https://yourcompany.certms.com/certms" \
-e API_KEY="your-api-key-here" \
-e SCANNER_ID="your-scanner-id-here" \
mikewconsulting/certms-urlscanner:latest
Option B: Docker Compose¶
Create a docker-compose.yml file with the following content:
version: '3.8'
services:
certms-scanner:
image: mikewconsulting/certms-urlscanner:latest
container_name: certms-urlscanner
restart: unless-stopped
environment:
- BASE_URL=https://yourcompany.certms.com/certms
- API_KEY=your-api-key-here
- SCANNER_ID=your-scanner-id-here
Then start the container:
docker-compose up -d
Replace all placeholder values with your actual BASE_URL, API_KEY, and SCANNER_ID before running.
Verification¶
Check Container Logs¶
Confirm the container is running without errors:
docker logs certms-urlscanner
Look for successful connection messages and no error output.
Verify in CertMS¶
- Navigate to Settings → Scanners
- Find your newly created scanner in the list
- Check the Last Check-in time — it should reflect recent activity
Troubleshooting¶
If the scanner is not checking in:
| Issue | What to Check |
|---|---|
| Environment variables incorrect | Re-verify BASE_URL, API_KEY, and SCANNER_ID values |
| Container errors | Run docker logs certms-urlscanner and review output |
| Network access | Ensure the container can reach your CertMS instance on port 443 |
| Expired API key | Check the key's expiration date in Settings → API Keys |
| Incorrect roles | Confirm the key has URL Monitor Admin, Scanner Admin, and Cert Admin roles |
Security Best Practices¶
- Rotate API keys before their expiration date to avoid scanner downtime
- Use descriptive scanner names to easily identify each scanner's purpose and location
- Monitor check-in times regularly to detect connectivity or configuration issues
- Review container logs periodically for errors or warnings
Need help? Contact support at support@certms.com.