Skip to main content

Part 4: Connect a Linux device

Being able to connect Linux-based device to DigiCert® Device Trust Manager is essential for managing and securing the device. This guide walks you through setting up , running , and configuring your device to communicate with .

Objectives

  • Install and configure on a Linux device.

  • Use to connect the device to to enable secure management, monitoring, and policy enforcement.

Before you begin

Avis

Device management is available in the Advanced plan or higher. See Licensing and plans.

Step 1: Download bootstrap configuration file

To connect a Linux device, you need to install TrustEdge, which includes TrustEdge agent. You can then configure the device with a bootstrap file that contains the necessary credentials and endpoint information.

  1. Sign in to DigiCert® ONE as a Solution Administrator, Device Creator, or Device Administrator.

  2. In DigiCert ONE, in the Manager menu (grid at top right), select Device Trust.

  3. In the menu, select .

  4. Select the device created in Part 3: Set up device management.

  5. On the Configuration tab, select Download Bootstrap configuration file and save the compressed file. This <guid>.zip file includes the credentials and endpoint information needed for to connect to .

  6. Transfer the downloadedBootstrap configuration zip file to the device securely. For example, using scp or a USB drive.

Step 2: Install

  1. Download TrustEdge for your architecture (ARM32, ARM64, or x64).

  2. Transfer the downloaded trustedge_<version>-<platform>.deb package to your Linux device using a secure method. For example, scp or USB drive.

  3. On the Linux device, navigate to the directory where the trustedge_<version>-<platform>.deb file is located and run the following command to install :

     sudo dpkg -i trustedge_<version>-<platform>.deb
    
  4. At the license agreement prompt, scroll to read the agreement. When done, press q and then type yes if you accept the license terms.

Step 3: Configure and initialize

includes several CLI tools, including . One function of is to manage initial device provisioning and communication with .

Note

For additional information about features and command-line tools, see TrustEdge documentation.

  1. Configure with the device’s Bootstrap configuration zip file.

    sudo trustedge agent --configure --trustedge-user trustedge --trustedge-group trustedge --bootstrap-zip ./<guid.zip>

    Note

    If is already running as a service, this command will display a warning indicating that the service needs to be stopped. To proceed, stop the service, and then run the above command.

  2. Initialize .

    sudo systemctl start trustedge.service

    Avis

    What happens when this command is run? connects to to retrieve pending certificates or software updates, processes them, and enters a sleep state. will then periodically repeat this process according to the settings specified in the trustedge.json configuration file.

Step 4: Verify device connection and applied policies

  1. On the device, verify that policies have been applied by checking the configuration file.

    cat /etc/digicert/conf/*policy.json

    The output should confirm that the operational certificate policy was executed as part of the provisioning process.

  2. In the menu, select .

  3. In the devices table, locate the device and confirm that the Device state is Provisioned and the Connection status is Connected.

  4. Select the device to view its details.

  5. On the Certificates tab, confirm the presence of both the operational and bootstrap certificates.

Review your progress

At this stage, your Linux device is securely connected to and configured with . You should now have:

  • A Linux device with installed and ready for secure communication.

  • The device registered and provisioned within , enabling management, monitoring, and policy enforcement.

What’s next?

Continue to Part 5: Deploy a device update to learn how to create and deploy updates to your managed devices.