Certificates
Device Trust Manager issues x.509 certificates to devices to establish secure communication and authenticate with the platform. During provisioning, a device receives a bootstrap certificate, which verifies the device's identity and initiates secure communication with Device Trust Manager. As the device continues to operate, it may request operational certificates for short-term, specific operations as needed throughout its lifecycle.
Use case | |
---|---|
Bootstrap certificate | |
Operational certificate |
Certificate issuance and renewal
Device Trust Manager uses a range of protocols for certificate issuance and renewal, supporting both single and batch requests, as well as automatic renewals.
EST
SCEP
CMPv2
ACME
TrustEdge agent
Issuing a single device certificate request will be associated with a device record.
Before you begin:
Ensure that your Solution Administrator has already completed the following:
A device group is already created.
A certificate management policy has been created.
A CSV file containing device-specific details such as device name, description, and subject common name is present.
Sign in to DigiCert® ONE as a Device administrator.
In the DigiCert ONE, in the Manager menu (grid at top right), select Device Trust.
In the Device Trust Manager menu, select Certificate management.
Click Request certificate.
From the Request certificate dropdown, select Request single device certificate.
From the Device Group dropdown menu, select an appropriate device group.
From the Certificate management policy dropdown menu, select the certificate management policy associated with the device group.
On the Key generation type step:
Note
The Key generation type option is displayed based on your selection of the Device group and the Certificate management policy.
I have the keypairs and will provide the CSRs or public keys in the request:
Upload a CSV file or a zipped CSV containing the device data. You can download the provided template for formatting guidance.
Key pairs will be generated server side by this application, and the private key and certificate will be included in response:
Select the Key generation type dropdown menu.
Provide a Common name for the certificate.
Optionally, provide an Organization name.
Click Add Value to provide an organization unit value (optional).
Provide a Description (optional).
Click Submit certificate request.
Download the certificate after successful submission of the certificate request.
Issuing a single certificate request will not be associated with a device record.
Before you begin:
A device group is already created.
A certificate management policy has been created.
A CSV file containing device-specific details such as device name, description, and subject common name.
Sign in to DigiCert® ONE as a Device administrator.
In the DigiCert ONE, in the Manager menu (grid at top right), select Device Trust.
In the Device Trust Manager menu, select Certificate management.
Click Request certificate.
From the Request certificate dropdown, select Request single certificate.
From the Certificate management policy dropdown menu, select an appropriate policy.
On the Key generation type step:
Note
The Key generation type option is displayed based on your selection of the Certificate management policy.
I have the keypairs and will provide the CSRs or public keys in the request:
Upload a CSV file or a zipped CSV containing the device data. You can download the provided template for formatting guidance.
Key pairs will be generated server side by this application, and the private key and certificate will be included in response:
Select the Key generation type dropdown menu.
Provide a Common name for the certificate.
Optionally, provide an Organization name.
Click Add Value to provide an organization unit value (optional).
Provide a Description (optional).
Click Submit certificate request.
Download the certificate after successful submission of the certificate request.