Part 4: Connect a Linux device
Being able to connect Linux-based device to DigiCert® Device Trust Manager is essential for managing and securing the device. This guide walks you through setting up , running , and configuring your device to communicate with .
Objectives
Install and configure on a Linux device.
Use to connect the device to to enable secure management, monitoring, and policy enforcement.
Before you begin
Completed all steps in Part 3: Set up device management to ensure the device is registered in .
Access to a supported Linux device. See TrustEdge system requirements.
A user account with the Solution Administrator, Device Administrator, or Device Creator role.
Avis
Device management is available in the Advanced plan or higher. See Licensing and plans.
Step 1: Download bootstrap configuration file
To connect a Linux device, you need to install TrustEdge, which includes TrustEdge agent. You can then configure the device with a bootstrap file that contains the necessary credentials and endpoint information.
Sign in to DigiCert® ONE as a Solution Administrator, Device Creator, or Device Administrator.
In DigiCert ONE, in the Manager menu (grid at top right), select Device Trust.
In the menu, select .
Select the device created in Part 3: Set up device management.
On the Configuration tab, select Download Bootstrap configuration file and save the compressed file. This <guid>.zip file includes the credentials and endpoint information needed for to connect to .
Transfer the downloadedBootstrap configuration zip file to the device securely. For example, using
scp
or a USB drive.
Step 2: Install
Download TrustEdge for your architecture (ARM32, ARM64, or x64).
Transfer the downloaded
trustedge_<version>-<platform>.deb
package to your Linux device using a secure method. For example,scp
or USB drive.On the Linux device, navigate to the directory where the
trustedge_<version>-<platform>.deb
file is located and run the following command to install :sudo dpkg -i trustedge_<version>-<platform>.deb
At the license agreement prompt, scroll to read the agreement. When done, press q and then type
yes
if you accept the license terms.
Step 3: Configure and initialize
includes several CLI tools, including . One function of is to manage initial device provisioning and communication with .
Note
For additional information about features and command-line tools, see TrustEdge documentation.
Configure with the device’s Bootstrap configuration zip file.
sudo trustedge agent --configure --trustedge-user trustedge --trustedge-group trustedge --bootstrap-zip ./<guid.zip>
Note
If is already running as a service, this command will display a warning indicating that the service needs to be stopped. To proceed, stop the service, and then run the above command.
Initialize .
sudo systemctl start trustedge.service
Avis
What happens when this command is run? connects to to retrieve pending certificates or software updates, processes them, and enters a sleep state. will then periodically repeat this process according to the settings specified in the trustedge.json configuration file.
Step 4: Verify device connection and applied policies
On the device, verify that policies have been applied by checking the configuration file.
cat /etc/digicert/conf/*policy.json
The output should confirm that the operational certificate policy was executed as part of the provisioning process.
In the menu, select .
In the devices table, locate the device and confirm that the Device state is Provisioned and the Connection status is Connected.
Select the device to view its details.
On the Certificates tab, confirm the presence of both the operational and bootstrap certificates.
Review your progress
At this stage, your Linux device is securely connected to and configured with . You should now have:
A Linux device with installed and ready for secure communication.
The device registered and provisioned within , enabling management, monitoring, and policy enforcement.
What’s next?
Continue to Part 5: Deploy a device update to learn how to create and deploy updates to your managed devices.