Skip to main content

Initialize and start TrustEdge agent

Step 1: Initialize TrustEdge agent

Before running TrustEdge agent, it must be initialized to connect and authenticate to Device Trust Manager. This involves downloading the device’s bootstrap configuration zip file from Device Trust Manager.

  1. In Device Trust Manager, go to Device management > Devices and select the device.

  2. On the Device details page, select the Configuration tab and click Download Bootstrap configuration file to download the bootstrap configuration zip file (<guid>.zip).

    Note

    The bootstrap configuration zip file (<guid>.zip) contains everything TrustEdge agent needs to connect and authenticate the device to Device Trust Manager. This includes bootstrap_config.json, bootstrap certificate and private key, and bundle of trusted certificates.

  3. Use a USB drive, secure copy (scp), or another method to transfer the zip file to your device.

    scp <guid>.zip device@<device_ip_address>:~/.

  4. Log in to the device and run the following command to initialize the service using the bootstrap zip file:

    sudo trustedge agent --configure --trustedge-user trustedge --trustedge-group trustedge --bootstrap-zip ./<guid.zip>

Note

If your device uses just‑in‑time registration (JITR) with EST, SCEP, or CMPv2, you can run the TrustEdge agent directly on the device to download and apply the bootstrap configuration. For more information, see Use TrustEdge agent with JITR.

Step 2: Start TrustEdge agent

  1. Start TrustEdge agent with the following command:

    sudo systemctl start trustedge.service

  2. To see the policies that have been successfully downloaded and applied, use:

    cat /etc/digicert/conf/applied_policy.json

  3. To view the policies that have failed to apply, use:

    cat /etc/digicert/conf/failed_policy.json
In this section: