Get started
This guide is designed to help you connect your Raspberry Pi 4 device to Device Trust Manager.
Before you begin
注記
DigiCert® Device Trust Manager is currently in development and not all features are available in this early access environment. Learn more about Device Trust Manager early access functionality.
Before starting this guide, ensure you have completed the following steps:
Prepare your Raspberry Pi:
Make sure your Raspberry Pi is powered on and can connect to the Device Trust Manager rendezvous service over TCP port 1883/8883.
Verify that you can SSH into your Raspberry Pi. You should have the IP address and login credentials ready.
Check your email:
Check your email address (the one you gave us) for instructions on how to sign in to your DigiCert ONE® Device Trust Manager early access account.
By completing these steps, you’ll be ready to proceed with the device registration and configuration process.
Sign in to your DigiCert ONE® Device Trust Manager account.
In DigiCert ONE, in the Manager menu (top right), select DigiCert® Device Trust Manager.
To manage, monitor, and update a device, you must first register the device with Device Trust Manager.
ヒント
A registered device allows you to search, filter, group, and obtain device and device connection information.
To register a device, complete the following:
In Device Trust Manager, go to Device management > Devices.
Select Register devices > Register single device.
On the Device information step:
Enter a Device name.
(Optional) Enter a Description.
In the Device group dropdown, select rpi-device-trust-manager-group.
(Optional) Enter Key/Value pairs for device attributes.
Click Next.
On the Certificate policies step:
For the Bootstrap certificate policy, select Bootstrap DTM API.
Under Who generates key pairs? Select DigiCert ONE will generate the keypairs, and then select the desired Key type.
Provide a Common name, Organization, and Organization unit.
注記
An Operational certificate policy has already been configured for the selected device group and will be configured during rendezvous.
Click Register device.
Click Download to save the generated private key. (This cannot be retrieved after this step.)
To connect the Raspberry Pi to Device Trust Manager, the device bootstrap configuration needs to be downloaded and applied on the device.
Download bootstrap configuration
In Device Trust Manager, go to Device management > Devices.
Select the registered device.
On the Device details page, select Configuration.
Click Download Bootstrap configuration file to save the bootstrap zip file.
Rendezvous with Device Trust Manager
重要
Make sure your Raspberry Pi is connected to the network and can access the Device Trust Manager Rendezvous service (drzgp.demo.one.digicert.com) over TCP port 1883 and 8883.
SSH into the Raspberry Pi.
Copy the Bootstrap Configuration zip file to the Raspberry Pi.
Option 1: Download the archive on your local host and transfer it using SCP.
scp <filepath from local computer>.zip devices@hostname:~/Option 2: Transfer the archive to a USB drive and mount it on the Raspberry Pi.
Apply the Bootstrap Configuration.
/etc/digicert/scripts/configure_trustedge.sh --bootstrap-zip ./[bootstrap_uuid].zipInitiate TrustEdge Agent.
sudo trustedge agentVerify the applied policy.
cat /etc/digicert/conf/*policy.jsonVerify the directory where the keys and certificates are located.
cat /etc/digicert/trustedge.json
The device is now able to communicate with Device Trust Manager via the Rendezvous service. In Device Trust Manager, go to Device management > Devices to see that the device state has changed to “Provisioned”.
With the device provisioned in Device Trust Manager, you can now push a software update to the device.
In Device Trust Manager, go to Software updates > Release.
On the Release page, you will see a pre-created release for you. Select this release to view its details.
On the Release details page on the right side, click the ellipsis icon.
Select Create a deployment.
On the General information step:
Enter a Deployment name.
(Optional) Enter a Description.
Keep the default division selection.
Select a Device group.
Click Next.
On the Deployment settings step:
Choose to start the deployment immediately or schedule it for a later date. (Deploy now is the only option available in the demo).
(Optional) Select a timeout limit. Timeout determines the number of attempts the platform will make to re-deploy the update.
(Optional) Select Force update to re-deploy the same release even if it has already been deployed on the device.
Click Create deployment.
The deployment will appear in the deployment lists (Software updates > Deployments) with the status “Active”. You can select the deployment to view additional deployment details.
Verify software update
To verify the device received the update, SSH into the Raspberry Pi and run the following command:
sudo dpkg -l "digicert*"
# Example output
||/ Name Version Architecture Description
+++-=====================-============-============-=================================
ii digicert-demo-package 1.0 all Digicert demo application
Thinking about expanding your device network? Installing the TrustEdge agent on an additional Raspberry Pi 4 lets you seamlessly integrate it with Device Trust Manager.
System Requirements
Ensure the Raspberry Pi meets the minimum system requirements before installation:
Architecture: aarch64
Device: Raspberry Pi 4
Operating System: Debian GNU/Linux 12 (Bookworm)
Installation steps
Download the TrustEdge Debian package.
Transfer the package to your Raspberry Pi device using SCP or a USB drive.
Connect to your Raspberry Pi via SSH.
Install the TrustEdge package.
sudo dpkg -i trustedge_4.1.24-Rpi.aarch64.debThe installation directory will be
/usr/bin/trustedge.
By completing these steps, your new Raspberry Pi device will be equipped with the TrustEdge agent and ready to connect with the Device Trust Manager rendezvous service. Follow the steps you completed with your original Raspberry Pi device to finish setting up your new device.
Modify a device
For an existing device, this early access environment allows you to:
Rename a device
In Device Trust Manager, go to Device management > Devices.
Locate and select the device to rename.
On the Device details page, click the edit icon (top right).
Enter a new Device name and select Update.
Change device attributes
In Device Trust Manager, go to Device management > Devices.
On the Device details page, select the Device attributes tab.
On the Device attributes tab, click Add device attribute.
Enter the desired Key/Value pair.
Select Save.
ヒント
To delete an attribute, click the trash icon next to an existing Key/Value pair.
View device details
In Device Trust Manager, go to Device management > Devices.
Locate and select the device to view.
On the Device details page, select a tab to view detailed information:
Certificates tab displays information about the device’s certificates.
Configuration tab allows you to download (in JSON) the device’s configuration file.
Jobs tab displays previously executed or upcoming jobs that run on the device.
Device attributes tab displays existing device attributes. You can also add device attributes.
API tab displays supported endpoint information, including a sample body.
Understand devices table
In Device Trust Manager, go to Device management > Devices.
Review the Devices table:
Column | Description |
|---|---|
Device name | Displays the user-configured name of the registered device. |
Job status | Displays the status of any corresponding job that is running for the device. |
Device group | Displays the associated device group. Every registered device is associated with a device group. |
Device state | Displays the state of the device, which can be:
|
Connection status | Displays the device’s connection status with DigiCert ONE, which can be:
|
Date registered | Displays the date and time that the device was registered by the user. |