Manage Certificates with DigiCert IoT Trust Manager Integration

note the digicert iot trust manager integration is available for litmus edge manager 2 21 0 and later in this use case, you will integrate digicert iot trust manager with litmus edge manager (lem) to manage certificates for all your edge devices first, you will set up the digicert iot trust manager integration from your litmus edge manager admin console then, you will configure the certificate authority (ca) for both litmus edge manager and litmus edge (le) devices finally, you will verify if the digicert certificates are applied to your litmus edge devices before you begin ensure you have at least one edge device activated in your litmus edge manager see activate an edge device docid\ tdj648wjgatvqzyx79uwb for more information ensure you have access to the digicert iot trust manager to obtain the required configuration parameters if you are not a digicert iot trust manager customer, visit https //www digicert com/device trust manager https //www digicert com/device trust manager to sign up step 1 access digicert iot trust manager integration to access the digicert iot trust manager integration pane log in to the litmus edge manager admin console at the following url https //\[lem ip address] 8446 from the navigation panel, select integration integration's kafka pane by default appears from integration's navigation sub panel, select digicert in tegration's digicert pane appears you will see three fields for configuration url , profile id , and passcode by default, placeholder values will be in these fields in the next step, you will retrieve these configuration parameters from the digicert iot trust manager step 2 set up integration with d igicert to retrieve the url, profile id, and passcode parameters from the digicert iot trust manager, follow the steps below open a new browser and log in to your digicert one platform at https //one digicert com https //one digicert com/ select iot trust manager from the switcher icon at the top right corner from the navigation panel, select enrollment configurations the enrollment profiles page opens click the desired enrollment profile name the enrollment profile details page appears note 1\ for this use case, the enrollment profile is already created see create an enrollment profile to learn more 2\ set up the enrollment profile method for rest api, as it is the integrated method with litmus edge manager configure the keypair generation settings to be used after creating the enrollment profile, edit the enrollment profile scroll to the bottom of the enrollment profile details page and create a passcode copy and save this passcode to a secure location see also enrollment passcodes to generate the passcode for authenticating to the rest api you can retrieve the url , profile id , and passcode parameters from the enrollment profile details page as follows url this is the digicert server url navigate to api section and copy request url link profile id copy this from the enrollment profile id passcode this was generated and shown when you created the passcode above enter the retrieved parameters into the digicert integration fields in the litmus edge manager admin console click save a confirmation message will appear indicating that the digicert settings are saved step 3 set up certificate authority for litmus edge manager to set up the certificate authority for litmus edge manager from the litmus edge manager admin console, navigate to settings > domain/ssl from the ssl settings panel, choose the digicert option click save the page reload required dialog box appears click yes, and refresh the page ssl settings are saved and the page is reloaded after updating the certificate settings for proper system functioning step 4 issue a certificate for litmus edge from litmus edge manager user ui to issue a certificate for litmus edge device from litmus edge manager user ui log in to litmus edge manager and navigate to certificates tab the list of current certificates for your edge devices along with their details appears to issue a new certificate, click the action button for an edge device and select issue a new certificate from the issue a new certificate dialog box, configure the following certificate authority from the dropdown menu, select digicert iot trust manager as the new certificate authority (optional) keep default settings for the other fields click issue certificate the certificate has been added to the litmus edge device along with the issuer details step 5 verify certificate for litmus edge device to verify that the certificate has been added to the litmus edge device navigate to the specific edge device instance where you applied the certificate and log in go to systems > network and find the device certificates panel you can verify the certificate details and ensure that the new certificate has been added note refresh the screen if necessary to see the updated certificate and issuer details reboot is required to see the certificate update on browser tab