Skip to main content

TrustEdge

DigiCert​​®​​ TrustEdge is a versatile executable designed to facilitate secure communication, device provisioning, and lifecycle management for IoT devices. Built using DigiCert​​®​​ TrustCore SDK, TrustEdge can operate as a running service for devices managed through DigiCert® Device Trust Manager or used as a command line interface (CLI) tool for performing common device tasks.

Key features

TrustEdge combines robust security features with ease of use and flexibility, making it an essential tool for managing and securing IoT devices.

  • Comprehensive security: Ensures secure device authentication, certificate management, and communication through trusted protocols like MQTT (3.1.1 and 5.0), SCEP, and EST.

  • Ease of use: Simplifies the setup and configuration process with straightforward commands and configuration files.

  • Versatility: Functions both as a service managed by Device Trust Manager and as a standalone command line tool, accommodating a variety of use cases.

  • Scalability: Designed to be generic and extensible, suitable for a wide range of environments and use cases.

  • Integration: Seamlessly fits into existing IoT ecosystems, enhancing device management capabilities and security.

  • Single executable: Provides a single executable for both service mode and command-line interface operations.

System support

TrustEdge supports various Linux distributions and architectures, ensuring compatibility across different environments.

  • Operating systems: Debian 11.x and newer, Ubuntu 22.04 and newer, and Raspberry Pi OS versions based on Debian 11.x+.

  • Processor architectures: x64, ARM32, and ARM64.

  • Virtual machine: TrustEdge can be installed on a virtual machine running Ubuntu 22.04 x64 using a MacOS host or a Windows 11 host using Windows Subsystem for Linux (WSL).

Note

To get started using TrustEdge, see Install and configure.

Architecture

TrustEdge’s architecture ensures secure and efficient device management by including core components for key generation, certificate issuance, software updates, and logging. TrustEdge also supports secure communication protocols to easily integrate with DigiCert’s IoT ecosystem.

  • Core Components:

    • API messaging interface: Key generation, certificate issuance, MQTT messaging.

    • Artifact handler: Manages software updates and scripts/binaries.

    • Key certificate store: Manages device certificates and keys.

    • Configuration and logging: Ensures proper device setup and logs activities.

  • Supported Protocols:

    • MQTT (3.1.1 and 5.0)

    • SCEP

    • EST

TrustEdge provides both a service mode and command line interface (CLI) tools. Understanding when to use TrustEdge as a service or TrustEdge command line tools will help you use TrustEdge effectively in your IoT deployments.

TrustEdge as a service

TrustEdge agent tool runs as a service on the device and is designed for comprehensive, ongoing management of IoT devices within an enterprise environment. It acts as the client to Device Trust Manager, ensuring continuous secure communication, authentication, and lifecycle management of devices.

Notice

To use TrustEdge as a service, a Device Trust Manager subscription is required. Learn more about DigiCert Device Trust Manager.

When to use TrustEdge as a service

  • Ongoing device management: For scenarios where devices require continuous monitoring, certificate management, and software updates.

  • Enterprise deployments: In large-scale deployments where multiple devices need to be managed centrally through the Device Trust Manager.

  • Secure communication: When secure, encrypted communication between devices and the cloud is crucial, using protocols like MQTT over TLS.

  • Automation: Ideal for environments that benefit from automated device provisioning, authentication, and policy enforcement.

  • Multi-service support: When multiple services need to connect to TrustEdge to carry out actions on the device.

TrustEdge command line tools

TrustEdge command line tools provide a flexible and straightforward way to perform common device tasks without the need for ongoing management or integration with Device Trust Manager. TrustEdge command line tools is ideal for ad-hoc operations, testing, and prototyping.

Notice

TrustEdge command line tools are free for non-commercial use. For commercial use, a Device Trust Manager subscription is required.

When to use TrustEdge command line tools

  • Prototyping and testing: For quickly setting up and testing IoT devices, generating keys, creating CSRs, and performing MQTT communication.

  • Demos and proof of concept: When demonstrating device capabilities to stakeholders or validating concepts in a controlled environment.

  • Single task execution: For performing specific tasks such as key generation, CSR creation, and certificate requests without needing continuous management.

Choose the right tool

  • Use TrustEdge as a service if:

    • You are using Device Trust Manager for continuous device management and monitoring.

    • Your deployment involves multiple devices requiring centralized management.

    • Secure, automated certificate lifecycle management is critical.

    • Multiple services need to use TrustEdge operations.

  • Use TrustEdge command line tools if:

    • You are in the prototyping or testing phase.

    • You need to perform specific tasks or demonstrations quickly.

    • You need a lightweight solution for performing essential tasks.

Tip

Need a more customizable option? Consider DigiCert​​®​​ TrustCore SDK for the flexibility to develop custom device agents. TrustCore SDK provides robust security features and supports a wide range of chipsets and operating systems, making it a versatile choice for scalable IoT applications.