CertWatch Agent

The CertWatch Agent is a lightweight monitoring daemon that runs on your infrastructure to monitor SSL/TLS certificates that aren’t publicly accessible.

Why Use the Agent?

Private Endpoints

Monitor certificates on internal services, VPNs, and private networks that CertWatch can’t reach from the cloud.

Behind Firewalls

No need to open inbound ports. The agent connects outbound to sync data.

On-Premise

Perfect for air-gapped environments, data centers, and compliance-restricted networks.

Real-time Sync

Certificate data syncs to your CertWatch dashboard automatically.

How It Works

Features

Single Binary - No dependencies, just download and run
Config-Driven - Define certificates in a simple YAML file
Interactive Setup - cw-agent init wizard guides configuration
State Persistence - Agent ID survives restarts
Secure - Runs without root, uses TLS for all communication
Lightweight - Minimal CPU and memory footprint

Quick Start

Install

curl -sSL https://certwatch.app/install.sh | bash

Configure

cw-agent init

Start

cw-agent start -c certwatch.yaml

Full Installation Guide

See all installation options including Docker, Homebrew, and manual download.

Getting Started

CLI Reference

Deployment

Advanced

Why Use the Agent?

Private Endpoints

Behind Firewalls

On-Premise

Real-time Sync

How It Works

Features

Quick Start

Full Installation Guide

Getting Started

CLI Reference

Deployment

Advanced

​Why Use the Agent?

Private Endpoints

Behind Firewalls

On-Premise

Real-time Sync

​How It Works

​Features

​Quick Start

Full Installation Guide

Why Use the Agent?

How It Works

Features

Quick Start