Service mode
When run as a service, TrustEdge allows for continuous secure communication, authentication, and lifecycle management of IoT devices through DigiCert® Device Trust Manager. The overall steps include downloading the bootstrap configuration, initializing the service, and starting the service.
Step 1: Initialize TrustEdge service mode
Before running TrustEdge service mode, it must be initialized to connect and authenticate to Device Trust Manager. This involves downloading the device’s bootstrap configuration zip file from Device Trust Manager.
In Device Trust Manager, go to Device management > Devices and select the device.
On the Device details page, select the Configuration tab and click Download Bootstrap configuration file to download the bootstrap configuration zip file (
<guid>.zip
).Note
The bootstrap configuration zip file (
<guid>.zip
) contains everything TrustEdge service mode needs to connect and authenticate the device to Device Trust Manager. This includes bootstrap_config.json, bootstrap certificate and private key, and bundle of trusted certificates.Use a USB drive, secure copy (scp), or another method to transfer the zip file to your device.
scp <guid>.zip device@<device_ip_address>:~/.
Log in to the device and run the following command to initialize the service using the bootstrap zip file:
/etc/digicert/scripts/configure_trustedge.sh --bootstrap-zip ./<guid>.zip
Step 2: Start TrustEdge service mode
Start TrustEdge service mode with the following command:
sudo trustedge agent
To see the policies that have been successfully downloaded and applied, use:
cat /etc/digicert/conf/applied_policy.json
To view the policies that have failed to apply, use:
cat /etc/digicert/conf/failed_policy.json
(Optional) To reset the service, use:
sudo trustedge agent --reset