Skip to main content

Part 4: Connect a Linux device

Being able to connect Linux-based device to DigiCert® Device Trust Manager is essential for managing and securing the device. This guide walks you through setting up TrustEdge, running TrustEdge agent, and configuring your device to communicate with Device Trust Manager.

Objectives

  • Install and configure TrustEdge on a Linux device.

  • Use TrustEdge agent to connect the device to Device Trust Manager to enable secure management, monitoring, and policy enforcement.

Before you begin

  • Completed all steps in Part 3: Set up device management to ensure the device is registered in Device Trust Manager.

  • Access to a supported Linux device.

  • A user account with the Solution Administrator, Device Administrator, or Device Creator role.

Let op

Device management is available in the Advanced plan or higher. See Licensing and plans.

Step 1: Download bootstrap configuration file

To connect a Linux device, you need to install TrustEdge, which includes TrustEdge agent. You can then configure the device with a bootstrap file that contains the necessary credentials and endpoint information.

  1. Sign in to DigiCert® ONE as an Account Administrator.

  2. In DigiCert ONE, in the Manager menu (grid at top right), select Device Trust.

  3. In the Device Trust Manager menu, select Device management.

  4. Select the device created in Part 3: Set up device management.

  5. On the Configuration tab, select Download Bootstrap configuration file and save the compressed file. This <guid>.zip file includes the credentials and endpoint information needed for TrustEdge agent to connect to Device Trust Manager.

  6. Transfer the downloadedBootstrap configuration zip file to the device securely. For example, using scp or a USB drive.

Step 2: Install TrustEdge

  1. Download TrustEdge for your architecture (ARM32, ARM64, or x64).

  2. Transfer the downloaded trustedge_<version>-<platform>.deb package to your Linux device using a secure method. For example, scp or USB drive.

  3. On the Linux device, navigate to the directory where the trustedge_<version>-<platform>.deb file is located and run the following command to install TrustEdge:

     sudo dpkg -i trustedge_<version>-<platform>.deb
    
  4. At the license agreement prompt, scroll to read the agreement. When done, press q and then type yes if you accept the license terms.

Step 3: Configure TrustEdge and initialize TrustEdge agent

TrustEdge includes several CLI tools, including TrustEdge agent. One function of TrustEdge agent is to manage initial device provisioning and communication with Device Trust Manager.

Opmerking

For additional information about TrustEdge features and command-line tools, see TrustEdge documentation.

  1. Configure TrustEdge with the device’s Bootstrap configuration zip file.

    sudo trustedge agent --configure --trustedge-user trustedge --trustedge-group trustedge --bootstrap-zip ./<guid.zip> 

    Opmerking

    If TrustEdge is already running as a service, this command will not take effect and will display a warning indicating that the service needs to be stopped. To proceed, stop the TrustEdge service, run the command to initialize it, and then restart the service.

  2. Initialize TrustEdge agent.

    sudo trustedge agent

    Let op

    What this command does: TrustEdge agent connects to Device Trust Manager, retrieves any pending policies, processes them, and then exits. For continuous operation, TrustEdge agent can also be configured to run as a background service. See TrustEdge service mode.

Step 4: Verify device connection and applied policies

  1. On the device, verify that policies have been applied by checking the configuration file.

    cat /etc/digicert/conf/*policy.json

    The output should confirm that the operational certificate policy was executed as part of the provisioning process.

  2. In the Device Trust Manager menu, select Device management.

  3. In the devices table, locate the device and confirm that the Device state is Provisioned and the Connection status is Connected.

  4. Select the device to view its details.

  5. On the Certificates tab, confirm the presence of both the operational and bootstrap certificates.

Review your progress

At this stage, your Linux device is securely connected to Device Trust Manager and configured with TrustEdge. You should now have:

  • A Linux device with TrustEdge installed and ready for secure communication.

  • The device registered and provisioned within Device Trust Manager, enabling management, monitoring, and policy enforcement.

What’s next?

Continue to Part 5: Deploy a device update to learn how to create and deploy updates to your managed devices.