- DigiCert developer portal
- TrustEdge
- Install and configure
- Configure TrustEdge
Configure TrustEdge
TrustEdge uses several configuration files to manage its settings and credentials. Understanding these files allows you to customize TrustEdge according to your needs.
trustedge.json: Main configuration file defining directory paths, proxy settings, TrustEdge agent behavior, and logging.bootstrap_config.json: Provides TrustEdge agent with Device Trust Manager endpoints and credentials.
trustedge.json
Location:
/etc/digicert/trustedge.jsonPurpose: Defines key configuration settings used by TrustEdge.
Example content:
{
"directory_paths": {
"bin_dir": "/usr/bin",
"lib_dir": "/usr/lib",
"conf_dir": "/etc/digicert/conf",
"keystore_dir": "/etc/digicert/keystore"
},
"proxy": {
"url": null
},
"agent": {
"bootstrap": "/etc/digicert/conf/bootstrap_config.json",
"workspace_dir": "/tmp",
"enforce_token": false
},
"certificate": {
"service_dir": "/etc/digicert/service",
"polling_interval": "1",
"renewal_hours": "360",
"mode": "scep"
},
"service": {
"mode": "certificate"
},
"log": {
"loglevel": "error"
}
}Key | Type | Description | Default value |
|---|---|---|---|
|
| Container for binaries, libraries, configuration files, and the default keystore filepaths. | |
|
| Directory where the TrustEdge binary is installed. |
|
|
| Directory where TrustEdge libraries are stored. |
|
|
| Directory containing configuration files. |
|
|
| Default keystore directory for storing certificates, keys, and requests. |
|
|
| Defines the proxy settings for TrustEdge. | |
|
| URL of the proxy server. If |
|
|
| Container for settings related to TrustEdge agent configuration. | |
|
| Path to the bootstrap configuration file for initializing the TrustEdge agent. |
|
|
| Directory used for temporary files and workspace data during TrustEdge operations. |
|
|
| Indicates if the token enforcement is enabled or not. |
|
|
| Time, in seconds, that the agent stays connected to the broker. |
|
|
| Time, in seconds, for MQTT keep-alive messages ( |
|
|
| Time, in seconds, for the agent to sleep before attempting to connect again. |
|
|
| Container for certificate management and renewal settings. | |
|
| Directory where the certificate service files are stored. |
|
|
| Time, in seconds, for polling the certificate service. |
|
|
| Time, in hours, to wait before attempting certificate renewal. |
|
|
| Certificate management mode. Allowed values: |
|
|
| Contain for service mode and reconnection behavior settings. | |
|
| Operation mode for the service. Allowed values: |
|
|
| Time interval, in seconds, to start the backoff timer for reconnection. |
|
|
| Defines logging configuration for TrustEdge. | |
|
| Logging level. Allowed values: |
|
bootstrap_config.json
Warning
Do not edit the bootstrap_config.json file. Modifying this file may cause unexpected behavior or disrupt Device Trust Manager communications.
Location:
/etc/digicert/conf/bootstrap_config.jsonPurpose: Provides the agent with Device Trust Manager MQTT endpoints and credentials.
Example content:
{
"configuration": {
"device_id": "<device_id>",
"account_id": "<account_id>",
"division_id": "<division_id>",
"device_group_id": "<device_group_id>",
"rendezvous_configuration": {
"mqtt_endpoint": {
"primary": ["mqtt://demo.one.digicert.com:1883"]
},
"persist_connection": false
},
"system_attributes": [
{ "key": "location" },
{ "key": "hardware_model" },
{ "key": "serial_number" },
{ "key": "operating_system" },
{ "key": "firmware_version" },
{ "key": "mac_address" },
{ "key": "ip_address" }
],
"authentication": [
{
"method": "x509",
"key_source": "SW",
"certificate_serial_number": "111111111111111111",
"certificate_issuer": "RSA 2048 ICA",
"cert_alias": "device1.crt",
"key_alias": "device1-key.crt"
}
]
}
}Field | Type | Description | Required |
|---|---|---|---|
|
| Unique identifier for the device. Used as the device ID when connecting to Device Trust Manager. Used as the client ID with MQTT communications. | Yes |
|
| The account ID associated with the device. | Yes |
|
| Identifier for the division to which the device belongs. | Yes |
|
| Identifier for the device group to which the device belongs. | Yes |
|
| Contains connection settings for the rendezvous service. | Yes |
|
| MQTT endpoint configuration details. | Yes |
|
| Fully qualified domain name (FQDN) of the primary MQTT endpoint. | Yes |
|
| Array of strings representing backup MQTT endpoints for redundancy. | No |
|
| Array of objects containing authentication credentials required to connect to the rendezvous service. | Yes |
|
| Authentication method, e.g., | Yes |
|
| PEM encoded private key in PKCS #8 format. | Yes |
|
| PEM encoded certificate. | Yes |
|
| Determines if the connection to the rendezvous endpoint should be persistent ( | Yes |
|
| Array of key-value pairs representing device-specific attributes. | No |
|
| Attribute key, e.g., | Yes |
|
| Attribute value, e.g., | Yes |
|
| Array of key-value pairs representing system-specific attributes. | No |
|
| System attribute key, e.g., | Yes |
|
| Optional attribute value. If not provided, the device will attempt to populate it; if unsuccessful, it’s skipped. | No |
|
| Array of key-value pairs representing user-defined attributes. | No |
|
| User-defined attribute key, e.g., | Yes |
|
| User-defined attribute value, e.g., | Yes |
|
| Array of key-value pairs representing default attributes. | No |
|
| Default attribute key, e.g., | Yes |
|
| Default attribute value, e.g., | Yes |