Device creator guide
This role is intended for users registering devices individually or in batches. It is commonly assigned to production managers or staff at manufacturing facilities where devices are initialized and registered.
Suggerimento
To learn more about devices, device properties, device attributes, and so on, see Device.
Issuing a single device certificate request will be associated with a device record.
Before you begin:
Ensure that your Solution Administrator has already completed the following:
A device group is already created.
A certificate management policy has been created.
A CSV file containing device-specific details such as device name, description, and subject common name is present.
Sign in to DigiCert® ONE as a Device administrator.
In the DigiCert ONE, in the Manager menu (grid at top right), select Device Trust.
In the Device Trust Manager menu, select Certificate management.
Click Request certificate.
From the Request certificate dropdown, select Request single device certificate.
From the Device Group dropdown menu, select an appropriate device group.
From the Certificate management policy dropdown menu, select the certificate management policy associated with the device group.
On the Key generation type step:
Nota
The Key generation type option is displayed based on your selection of the Device group and the Certificate management policy.
I have the keypairs and will provide the CSRs or public keys in the request:
Upload a CSV file or a zipped CSV containing the device data. You can download the provided template for formatting guidance.
Key pairs will be generated server side by this application, and the private key and certificate will be included in response:
Select the Key generation type dropdown menu.
Provide a Common name for the certificate.
Optionally, provide an Organization name.
Click Add Value to provide an organization unit value (optional).
Provide a Description (optional).
Click Submit certificate request.
Download the certificate after successful submission of the certificate request.
Issuing a single certificate request will not be associated with a device record.
Before you begin:
A device group is already created.
A certificate management policy has been created.
A CSV file containing device-specific details such as device name, description, and subject common name.
Sign in to DigiCert® ONE as a Device administrator.
In the DigiCert ONE, in the Manager menu (grid at top right), select Device Trust.
In the Device Trust Manager menu, select Certificate management.
Click Request certificate.
From the Request certificate dropdown, select Request single certificate.
From the Certificate management policy dropdown menu, select an appropriate policy.
On the Key generation type step:
Nota
The Key generation type option is displayed based on your selection of the Certificate management policy.
I have the keypairs and will provide the CSRs or public keys in the request:
Upload a CSV file or a zipped CSV containing the device data. You can download the provided template for formatting guidance.
Key pairs will be generated server side by this application, and the private key and certificate will be included in response:
Select the Key generation type dropdown menu.
Provide a Common name for the certificate.
Optionally, provide an Organization name.
Click Add Value to provide an organization unit value (optional).
Provide a Description (optional).
Click Submit certificate request.
Download the certificate after successful submission of the certificate request.
Device registration
Devices can be registered individually or in batches using a CSV template, with batch registrations processed as jobs. During registration, attributes and device group assignment are specified, ensuring that each device is properly categorized and managed.
Registration method | Description |
---|---|
Single device | Devices can be manually registered one by one in Device Trust Manager. Devices can also be registered using EST, SCEP, or CMPv2. |
Many devices | Multiple devices can be registered at once using a CSV file that defines the device properties, including key/value pairs and group assignment. |
Suggerimento
You can also register a single device or multiple devices using Device Trust Manager Management REST API.
Before you begin
To complete these steps, make sure you have:
What’s next?
Register a single device
Sign in to DigiCert® ONE as a Solution Administrator, Device Creator, or Device Administrator.
In DigiCert ONE, in the Manager menu (grid at top right), select Device Trust.
In the Device Trust Manager menu, select Device management.
Select Devices > Register devices > Register single device.
On the Device information step:
Enter a Device name.
Optionally, provide a Description.
From the Device group dropdown menu, choose the device group to which the registered device will be assigned.
Select Next.
On the Certificate management policies step:
Expand the Bootstrap certificate management policy for the device.
From the Bootstrap certificate management policy dropdown menu, select the Bootstrap certificate policy to use for this device.
Nota
The dropdown options display only those certificate management policies for the device group that uses the Register single device method.
The disabled fields are inherited from the chosen certificate management policy. These settings are predefined and cannot be modified here.
Under Certificate variables, enter the Common name for the certificate.
Add additional details as needed.
Click Register device.
If you selected DigiCert ONE to generate the keypairs, download the private key of the device and save it securely.
The registered device appears in the devices table with a Device state of Registered and a Connection status of Disconnected.
Register multiple devices
Sign in to DigiCert® ONE as a Solution Administrator, Device Creator, or Device Administrator.
In DigiCert ONE, in the Manager menu (grid at top right), select Device Trust.
In the Device Trust Manager menu, select Device management.
In the Device management menu, select Devices > Register devices > Register many devices.
On the General settings step:
Enter a Batch Job name and, optionally, a Job description.
From the Device group dropdown menu, choose the device group to which the registered devices will be assigned.
Avviso
Ensure that the selected device group has an assigned certificate management policy configured for Batch certificate request through Portal or API with policy usage set to Bootstrap.
Select Next.
On the Certificate request options step:
From the Bootstrap certificate management policy dropdown menu, select the Bootstrap certificate policy to use for the devices.
Optionally, select Assign certificate management policy to this device group to open the Assign certificate management policy pane.
Enter the Name of the policy assignment.
From the Assign Certificate management policy dropdown menu, choose a certificate management policy.
Expand the Device field mapping and map the inventory attributes to certificate fields.
Nota
If a certificate management policy uses EST, SCEP, or CMPv2 as the management method, then device field mapping is required.
For bootstrap certificate management policies, field mapping provides the values for identity attributes, which are obtained during certificate requests.
For operational certificate management policies, field mapping provides device identification using the CSR during the certificate issuance request process.
Optionally, choose an Authentication policy to assign to the device group.
Click Assign certificate management policy.
Select the Key type from the dropdown menu.
From the Private key encryption in batch response step, perform one of the following:
Select Encrypt using an authentication certificate from my Account Manager user profile and then select an appropriate certificate from the dropdown menu.
Select Provide a certificate for encryption and then provide your own certificate.
Alternatively, Generate a new certificate within your profile by specifying the required fields.
On the Batch request options step
Upload a CSV file or a zipped CSV file containing the device data. See the CSV format for registering multiple devices template for formatting guidance.
Optionally, add email addresses to receive notifications when the batch request is completed.
If necessary, select the Allow users without a login to this portal to download the batch file checkbox.
If necessary, select the Require passcode to download the batch file checkbox.
Select Start request to begin the batch registration job.
Click submit batch job request to begin the batch registrations.
The batch device registration job will start. You can monitor the job progress on the Jobs page. Once completed, the registered devices will appear on the Devices page.