Skip to main content

Service mode

When run as a service, TrustEdge allows for continuous secure communication, authentication, and lifecycle management of IoT devices through DigiCert​​®​​ Device Trust Manager. The overall steps include downloading the bootstrap configuration, initializing the service, and starting the service.

Step 1: Initialize TrustEdge service mode

Before running TrustEdge service mode, it must be initialized to connect and authenticate to Device Trust Manager. This involves downloading the device’s bootstrap configuration zip file from Device Trust Manager.

  1. In Device Trust Manager, go to Device management > Devices and select the device.

  2. On the Device details page, select the Configuration tab and click Download Bootstrap configuration file to download the bootstrap configuration zip file (<guid>.zip).

    Note

    The bootstrap configuration zip file (<guid>.zip) contains everything TrustEdge service mode needs to connect and authenticate the device to Device Trust Manager. This includes bootstrap_config.json, bootstrap certificate and private key, and bundle of trusted certificates.

  3. Use a USB drive, secure copy (scp), or another method to transfer the zip file to your device.

    scp <guid>.zip device@<device_ip_address>:~/.
    
  4. Log in to the device and run the following command to initialize the service using the bootstrap zip file:

    /etc/digicert/scripts/configure_trustedge.sh --bootstrap-zip ./<guid>.zip
    

Step 2: Start TrustEdge service mode

  1. Start TrustEdge service mode with the following command:

    sudo trustedge agent
    
  2. To see the policies that have been successfully downloaded and applied, use:

    cat /etc/digicert/conf/applied_policy.json
    
  3. To view the policies that have failed to apply, use:

    cat /etc/digicert/conf/failed_policy.json
    
  4. (Optional) To reset the service, use:

    sudo trustedge agent --reset