Device Trust Manager

Added support for embedding the organization name in issued certificate fields.

All certificate fields are included in the certificate object and are searchable, making it easier to filter and track certificates.

Added support for server-side key generation of batch MAC keys.

This enhancement enables secure device provisioning at scale.

Support the ability to export certificates and generate periodic exports.

Added support to renew Individual certificates directly.

Japanese language support is now available in the user interface.

DigiCert® Device Trust Manager now provides visibility into essential licensing details under Dashboard > Plans and licenses. This enhancement provides users with a clear and consolidated view of all supported licensing models of Device Trust Manager.

This enhancement improves transparency and empowers Solution Administrators with self-service access to entitlement details, making license management more efficient and intuitive within Device Trust Manager.

DigiCert​​®​​ gateway acts as a trusted intermediary between internal devices and DigiCert® Device Trust Manager, performing the following functions:

This new feature provides a secure, protocol-aware proxy service that doesn’t require any client changes on the device. Devices interact with the DigiCert gateway using standard certificate management protocols.

CA connectors allow you to issue certificates from external CA services while still using Device Trust Manager as your central platform for certificate requests and management.

Device Trust Manager now supports CA connectors, enabling seamless integration with external certificate authorities. This release includes built-in support for DigiCert CertCentral® and EJBCA, allowing Device Trust Manager to issue and manage certificates through these external services without custom development.

This new feature expands compatibility and makes it easier to align with the existing PKI ecosystems.

The Device Trust Manager dashboard has been enhanced to provide greater visibility into the cloud platform policy and device onboarding activity. In the Cloud platform policies tab of the Dashboard, you can now view a summary of devices that have been successfully onboarded, a breakdown of device status (In progress, Completed, Failed), and a list of recently assigned cloud platform policies.

These enhancements offer valuable insights to help you monitor device onboarding and ensure successful policy application.

Device Trust Manager now supports message chunking for large deployments, enabling the reliable delivery of artifacts up to 256 MB by automatically splitting them into smaller, encrypted chunks. These chunks are then reassembled by the TrustEdge agent, with built-in support for retries, failure, timeout handling, and detailed logging and monitoring of the entire process.

This enhancement ensures secure and efficient delivery of large updates, improving the scalability and robustness of software updates and deployment.

Device Trust Manager now supports assigning a Cloud platform policy directly when creating a Device group.

This enhancement enables Solution Administrators to streamline onboarding by selecting the applicable cloud platform policies alongside certificate management policies.

You can now view detailed information about the Cloud platform policy applied to a device directly within the Device Details page. This includes visibility into the assigned cloud platform policy and the MQTT broker associated with it.

This enhancement improves operational clarity and helps you verify device-to-cloud assignments at a glance.

Added an automated process to roll over Elasticsearch for indices and partition data by time or size.

This enhancement improves long-term performance, scalability, and maintainability of telemetry and audit logs.

Made improvements to the Device Trust Manager UI for a more consistent and user-friendly experience across workflows, including visual refinements and standardized layouts.

These simplify navigation and improve user experience.

Implemented full support for Certificate Management over CMS (CMC) operations, including revocation and rekey.

Added support for internal API helper utilities.

To ensure consistency and improve the developer experience, all field names across the Device Trust Manager APIs have been standardized to use snake_case formatting.

This change aligns with common API design best practices and ensures uniformity across all endpoints.

Device Trust Manager now supports Cloud platform policy for automated integration with Azure Event Grid.

Added full Certificate Management over CMS (CMC) to the EST protocol. A new checkbox has been introduced under the EST section of the Certificate management policy wizard.

This enhancement supports advanced workflows and improved compliance with client-specific PKI requirements.

The endpoint GET /.well-known/est/{enrollment-profile-id}/cacerts now returns TLS certificates specific to the current environment.

The maximum number of lines in a downloadable report has increased from 50,000 to 500,000, allowing for significantly larger data exports.

MAC addresses generated during batch MAC key creation are now written in uppercase to improve consistency and readability.

The certificate generation process now includes support for two additional subject distinguished name (DN) attributes - Organization Identifier and the User Identifier.

These attributes can now be configured and included as part of the certificate template.

Organization Identifier:

User Identifier:

Device Trust Manager now supports Trust Bundles, a new feature for managing and distributing collections of trusted certificates, including Root CAs, Issuing CAs, and required intermediate certificates. This new capability allows users to easily create, edit, download, disable, and delete trust bundles and securely share them via a DigiCert-hosted link. With Trust Bundles, populating and updating device trust stores across fleets becomes more simplified.

Device Trust Manager now supports registered values, enabling stricter validation rules for certificate subject fields during issuance. When integrated into a certificate management policy, registered values can define allow lists or apply regular expressions for complex validation criteria. If a certificate request violates these conditions, issuance is automatically blocked. Additionally, Registered Values containers can be created, edited, disabled, or deleted, offering flexible policy enforcement.

A new option in certificate templates and profiles enables certificates to be issued with a start date in the past. When enabled in the template and configured in the certificate profile, this option allows users to define how far back the certificate's validity period should commence. This functionality is particularly useful for aligning certificates with device activation times or resolving time synchronization issues during provisioning.

Device Trust Manager now includes support for Post-Quantum Cryptography (PQC) algorithms SLH-DSA (SPHINCS+) and FN-DSA (FALCON). These algorithms enable the issuance and validation of PQC-ready certificates, helping organizations proactively prepare for a quantum-resistant future.

Device Trust Manager now provides visibility into certificate requests with a dedicated List and Details page. Users can view and filter requests based on certificate values, policy, status, type, and date. Each request provides essential metadata, including the requester, timestamp, and the complete request payload with the CSR. This feature empowers administrators with deeper insights and enhanced traceability for certificate issuance activities.

Descriptions now appear when hovering over certificate requests on the certificate management page.

The Refresh functionality has been enhanced to update the Device Logs and summary page, as well as Device Status, Operational Status, and Connection Status.

When registering a single device through a v2/certificate API call, the Device Group ID is displayed so that CPS can track the device group for which the certificate was issued.

If a certificate management policy contains only TRUST_EDGE as an enrollment method, the API rejects the request with a validation error.

You can now request a single certificate with a choice between two licensing tiers.

You can now request certificates in bulk with a choice between two licensing tiers.

New logging capabilities enable you to monitor software update progress and troubleshoot issues during device deployments. This feature provides real-time visibility into the update process.

You can now define custom inventory attributes beyond the default set. This addition allows for a more tailored and flexible inventory management experience.

You can now assign an authentication policy to both device groups and certificate management policies. This update secures device registration and certificate management by ensuring the correct authentication is enforced.

The EST CA Certs endpoint now accurately processes requests that include both the Certificate Management Policy ID and Device Group ID.

A new system template has been added to support Matter-compliant certificate issuance. The “Matter Standard Certificate Template” can be assigned to an account by an account manager.

The EST enrollment and re-enrollment endpoints now return a detailed 401 Unauthorized response when credentials are missing. The response now lists supported authentication methods. For example, Basic and Client Authentication.

Configuration helper texts have been revamped to improve accessibility and clarity.

The following pages and wizards have been updated with these changes: Register many devices wizard, Certificates list page, Request single device certificate, Request single certificate, Certificate management policy wizard.

The division creation wizard now allows you to configure primary and secondary Rendezvous Zones during division creation. This improvement simplifies the setup process and enhances division configuration flexibility.

The Certificate management policy wizard now enforces an Authentication policy selection during the initial configuration step.

You can now update the assigned Authentication policy directly within the Certificate management policy details.

Added several improvements to API reference material, calls, and handling.

The Rendezvous service now validates the signing certificate (p12 file) during PAT uploads.

The ordering of “Connected” and “Disconnected” events has been corrected by updating the timestamp precision.

The MQTT-to-Kafka transformer has been updated to correctly route certificate renewal messages:

With Device Trust Manager, organizations can build a secure IoT ecosystem by managing device identities and ensuring trusted connections throughout their lifecycles. To get started, see the Device Trust Manager Get Started guide for setup instructions and usage tips.

For additional details, visit our Device Trust Manager documentation.