Skip to main content

Use TrustEdge agent with JITR

If your device uses just‑in‑time registration (JITR) with EST, SCEP, or CMPv2, you can run the TrustEdge agent directly on the device to download and apply the bootstrap configuration.

For more details on enabling and provisioning JITR for your devices, see Just-in-time registration and provisioning.

Download-only method

Use this method to retrieve the bootstrap configuration from the Device Trust Manager server without applying it.

trustedge agent --download --devtm-bootstrap-uri <uri> --bootstrap-zip <file> --bootstrap-key <key> --bootstrap-cert <cert>

Command breakdown:

--download: Enables download mode to fetch the bootstrap configuration from the server without applying it.

--devtm-bootstrap-uri <uri>: Specifies the HTTPS URL of the Device Trust Manager server endpoint from which to download the bootstrap configuration.

--bootstrap-zip <file>: Specifies the full path on the device where the bootstrap ZIP file will be saved.

--bootstrap-key <file>: Specifies the path to the client private key file used during the download.

--bootstrap-cert <file>: Specifies the path to the client certificate file used during the download.

Configure-only method

Use this method if you already have the bootstrap zip file downloaded and just want to configure the device.

sudo trustedge agent --download --configure --devtm-bootstrap-uri <uri> --configure --bootstrap-zip <file> --bootstrap-key <key> --bootstrap-cert <cert>

Download and configure method

Use this combined method if you want to fetch the bootstrap configuration and immediately configure the device.

sudo trustedge agent --download --configure --devtm-bootstrap-uri <uri> --configure --bootstrap-zip <file> --bootstrap-key <key> --bootstrap-cert <cert>

Command breakdown:

--bootstrap-zip <file>: Specifies the path where the downloaded bootstrap ZIP file will be saved and extracted during configuration.

--bootstrap-key <file>: Specifies the path to the client private key file used for authentication during download. This option also updates the key_alias field in the bootstrap configuration.

--bootstrap-cert <file>: Specifies the path to the client certificate file used for authentication during the bootstrap download.

--download: Downloads the bootstrap configuration from the specified Device Trust Manager endpoint.

--devtm-bootstrap-uri <uri>: Specifies the HTTPS URL of the Device Trust Manager server endpoint from which to download the bootstrap configuration.

--configure: Extracts and configures the device using the downloaded bootstrap ZIP file.

In this section: