Part 4: Connect a Linux device
Being able to connect Linux-based device to DigiCert® Device Trust Manager is essential for managing and securing the device. This guide walks you through setting up TrustEdge, running TrustEdge agent, and configuring your device to communicate with Device Trust Manager.
Objectives
Install and configure TrustEdge on a Linux device.
Use TrustEdge agent to connect the device to Device Trust Manager to enable secure management, monitoring, and policy enforcement.
Before you begin
Completed all steps in Part 3: Set up device management to ensure the device is registered in Device Trust Manager.
Access to a supported Linux device. See TrustEdge system requirements.
A user account with the Solution Administrator, Device Administrator, or Device Creator role.
Let op
Device management is available in the Advanced plan or higher. See Licensing and plans.
Step 1: Download bootstrap configuration file
To connect a Linux device, you need to install TrustEdge, which includes TrustEdge agent. You can then configure the device with a bootstrap file that contains the necessary credentials and endpoint information.
Sign in to DigiCert® ONE as a Solution Administrator, Device Creator, or Device Administrator.
In DigiCert ONE, in the Manager menu (grid at top right), select Device Trust.
In the Device Trust Manager menu, select Device management.
Select the device created in Part 3: Set up device management.
On the Configuration tab, select Download Bootstrap configuration file and save the compressed file. This <guid>.zip file includes the credentials and endpoint information needed for TrustEdge agent to connect to Device Trust Manager.
Transfer the downloadedBootstrap configuration zip file to the device securely. For example, using
scp
or a USB drive.
Step 2: Install TrustEdge
Download TrustEdge for your architecture (ARM32, ARM64, or x64).
Transfer the downloaded
trustedge_<version>-<platform>.deb
package to your Linux device using a secure method. For example,scp
or USB drive.On the Linux device, navigate to the directory where the
trustedge_<version>-<platform>.deb
file is located and run the following command to install TrustEdge:sudo dpkg -i trustedge_<version>-<platform>.deb
At the license agreement prompt, scroll to read the agreement. When done, press q and then type
yes
if you accept the license terms.
Step 3: Configure TrustEdge and initialize TrustEdge agent
TrustEdge includes several CLI tools, including TrustEdge agent. One function of TrustEdge agent is to manage initial device provisioning and communication with Device Trust Manager.
Opmerking
For additional information about TrustEdge features and command-line tools, see TrustEdge documentation.
Configure TrustEdge with the device’s Bootstrap configuration zip file.
sudo trustedge agent --configure --trustedge-user trustedge --trustedge-group trustedge --bootstrap-zip ./<guid.zip>
Opmerking
If TrustEdge agent is already running as a service, this command will display a warning indicating that the service needs to be stopped. To proceed, stop the TrustEdge agent service, and then run the above command.
Initialize TrustEdge agent.
sudo systemctl start trustedge.service
Let op
What happens when this command is run? TrustEdge agent connects to Device Trust Manager to retrieve pending certificates or software updates, processes them, and enters a sleep state. TrustEdge agent will then periodically repeat this process according to the settings specified in the trustedge.json configuration file.
Step 4: Verify device connection and applied policies
On the device, verify that policies have been applied by checking the configuration file.
cat /etc/digicert/conf/*policy.json
The output should confirm that the operational certificate policy was executed as part of the provisioning process.
In the Device Trust Manager menu, select Device management.
In the devices table, locate the device and confirm that the Device state is Provisioned and the Connection status is Connected.
Select the device to view its details.
On the Certificates tab, confirm the presence of both the operational and bootstrap certificates.
Review your progress
At this stage, your Linux device is securely connected to Device Trust Manager and configured with TrustEdge. You should now have:
A Linux device with TrustEdge installed and ready for secure communication.
The device registered and provisioned within Device Trust Manager, enabling management, monitoring, and policy enforcement.
What’s next?
Continue to Part 5: Deploy a device update to learn how to create and deploy updates to your managed devices.