Since DigiCert® acquired Mocana in 2022, we have been investing in our IoT solutions to ensure we help connected product manufacturers build secure devices and ensure compliance with industry regulations. These include:
Mocana Embedded Trust Manager for IoT device management.
DigiCert® IoT Trust Manager for IoT certificate management.
When speaking with customers, it was clear they wanted a simplified, single pane of glass experience that encompassed functionality from both platforms. Therefore, we are merging these existing solutions into a single, consolidated solution called DigiCert® Device Trust Manager, built on the robust DigiCert ONE platform.
Over time, Device Trust Manager will encompass all the features of IoT Trust Manager, along with the added benefits of Cassandra and Elasticsearch for greater scalability and performance. The existing IoT Trust Manager functionality will be accessible under the Certificate Management section in the Device Trust Manager , alongside new features such as Device Management and over-the-air (OTA) Software Updates.
Rest assured, the capabilities you rely on today, including the support for EST, SCEP, REST, ACME, CMPv2, single and batch certificate issuance, will continue to be supported in Device Trust Manager . Additionally, almost all IoT Trust Manager concepts, such as certificate templates, will be fully supported in Device Trust Manager. For more information on this, see Concepts.
New capabilities are also being added to Device Trust Manager such as free-to-download TrustEdge agent for devices and post-quantum cryptographic (PQC) algorithms throughout the platform.
Our goal is to ensure a smooth transition for all our customers to Device Trust Manager. These include the ability to perform customer-initiated migration and API-endpoint backward compatibility.
In summary, Device Trust Manager will unify the functionalities of IoT Trust Manager and Embedded Trust Manager into a comprehensive solution. It also provides the foundations for our future Device Trust investments, such as improved scale, performance, threat management, and support for PQC.
Will Device Trust Manager include all capabilities of IoT Trust Manager?
Yes. Over time, we will add all IoT Trust Manager capabilities to Device Trust Manager to ensure feature-parity.
Will Device Trust Manager include all capabilities of Embedded Trust Manager?
Mostly yes, with the exception being support for Microsoft Azure Device Provisioning Service and IoT Hub. Microsoft is no longer investing in these services and they do not support TLS 1.3 (required for PQC support). We are currently evaluating whether to support these services and would appreciate customer feedback on this. We do plan to support modern IoT platforms such as Microsoft Azure Event Grid MQTT broker and others.
Are the existing IoT Trust Manager concepts remain the same?
Yes, with two exceptions:
IoT Trust Manager Enrollment profiles are now Certificate Management Policies in Device Trust Manager.
IoT Trust Manager uses Enrollment profiles to manage both credentials and certificate issuance. Device Trust Manager separates these functions into an Authentication policy, which handles device authentication, and a Certificate Management Policy, which controls certificate handling. This change allows the same credentials to be applied across multiple certificate management policies, offering greater flexibility and control.
How and when will I be migrated?
We plan to offer a self-migration wizard experience within the IoT Trust Manager portal to allow customers to choose when to migrate. This migration will be non-disruptive, and the existing IoT Trust Manager APIs will remain available for continued use after the migration. However, to utilize the new features of Device Trust Manager, we would encourage customers to adopt the Device Trust Manager APIs.
For more information, see: