Skip to main content

Enrollment profiles

iot-core-concepts-diagram-enrollment-profile-01.png

When preparing for DigiCert​​®​​ IoT Trust Manager device certificate operations, you'll need an enrollment profile. This profile acts as your tailored form for certificate requests. As you set it up, you'll set necessary and optional fields, default settings, and both fixed and request-specific values. You can craft different profiles for each deployment or one for various deployments.

The Enrollment Profiles in IoT Trust Manager detail how devices ask for certificate requests, their reception, and the associated protocols and authentication.

Key features

  • Request Methods Set how devices ask for certificates, whether via a Portal or specified APIs.

  • Request Type Choose between individual or grouped certificate requests based on your organization's approach.

  • Protocol Options Indicate allowable protocols for certificate issuance, including:

    • EST

    • SCEP

    • REST

  • Authentication Steps Specify which authentication methods devices should use during requests, such as:

    • Device birth certificates

    • EST enrollment codes

  • Certificate Authority Choice The Enrollment Profile lets you pick the Certificate Authority (CA) for signing.

  • Approval Process Set up a certificate approval mechanism to ensure only valid requests proceed.

  • Access Limitations Add protective measures like:

    • Permitted IP addresses

    • Allowed time periods

    • Specific date ranges

  • Coordinated Configurations The Enrollment Profile integrates:

    • Device Profile

    • Certificate Profile

    • Chosen CA