Create a collector token
In the left-hand menu go to Settings → Collectors and click Add collector. Give it a descriptive name (e.g. Office network or DMZ scanner) and click Save. Copy the generated token — it starts with cwc_. You will need this in step 4.
Download the agent JAR
Download the agent from Settings → Collectors → Download agent. The file is a self-contained JAR — no installation needed, just Java 17 or newer on the host.
To check your Java version on the target server:
Copy the JAR to your server
Transfer the JAR to the server you want to scan from — this should be a machine that has network access to the internal hosts you want to monitor.
Run the agent
Start the agent with your collector token and the URL of your CertControl instance:
--certops.collector-token=cwc_YOUR_TOKEN \
--certops.platform-url=https://app.certcontrol.pro
The agent will start scanning reachable hosts and push results back to the platform. The first scan typically completes within a few minutes depending on network size.
Run as a service (recommended)
For production use, run the agent as a systemd service so it restarts automatically and runs on a schedule:
Verify in the platform
Go to Settings → Collectors and check that your collector shows a green status and a recent "last seen" timestamp. Discovered endpoints will begin appearing under Endpoints with a collector source tag.