Integrate manufacturing systems
You can manage certificates and devices directly through Device Trust Manager. For automated workflows, Device Trust Manager also provides APIs that let you integrate with your manufacturing systems. This enables you to automate:
Certificate issuance to devices
Device registration into Device Trust Manager
Integrate certificate issuance
To issue X.509 certificates during manufacturing, use one of the following protocols:
For implementation guidance, see Integrate with certificate issuance APIs.
Integrate device registration
To register devices during or before manufacturing, use the Management REST API. It supports both single and batch registration. For details, see Integrate with management REST APIs.
Choose the right integration approach
The best approach depends on your manufacturing process, available tools, and where private keys are generated and stored:
Your manufacturing process supports device-level customization: Each device must be registered with a unique bootstrap credential, and a must have a device-specific TrustEdge agent JSON configuration file
Your factory has reliable internet: You can register each device as it’s manufactured using the high-performance single-device registration REST API. This method is scalable, but any internet outage may disrupt manufacturing
You are creating some demos or test devices: Ideal when you need to register a small number of devices for testing or product demonstrations
Developer testing: Best suited for registering a small number of development or test devices during early-stage work
You need backward compatibility: Recommended if your systems already use EST, SCEP, CMPv2, or ACME for certificate issuance.
Your manufacturing process supports device-level customization: Each device must be registered with a unique bootstrap credential, and a must have a device-specific TrustEdge agent JSON configuration file
You manufacture at a large scale: Batch device registration lets you pre-register thousands of devices and cache credentials locally before daily production begins. This is ideal when producing tens or hundreds of thousands of units per day.
Your internet connectivity at the factory is limited or unreliable: Batch device registration lets you pre-load thousands of device credentials and certificates to avoid disruptions during manufacturing.
You want to integrate with the Device Trust Manager REST APIs: Batch device registration is supported through the Device Trust Manager portal and REST API. You can register large batches of devices before or during manufacturing by connecting your systems directly to the API.
Your devices include a TPM: The TPM securely generates and stores key pairs, so the device creates and signs the CSR locally. During JIT registration, the device sends the CSR directly to Device Trust Manager using the TrustEdge agent or protocols like EST, SCEP, CMPv2, ACME, or REST
Your factory internet is unavailable: JIT registration can happen after manufacturing—weeks, months, or even years later—when the device is deployed and connects to the internet. Ideal for factories with limited or no connectivity.
Customization isn’t feasible: JIT registration lets you deploy a generic firmware image across all devices of the same type. It includes the TrustEdge agent, a shared bootstrap credential, and a common JSON configuration file—no per-device customization is required
For implementation guidance, see Just-in-time registration and provisioning.