Manage Certificates with DigiCert IoT Trust Manager Integration
Note: The DigiCert IoT Trust Manager integration is available for Litmus Edge Manager 2.21.0 and later.
In this use case, you will integrate DigiCert IoT Trust Manager with Litmus Edge Manager (LEM) to manage certificates for all your edge devices.
- First, you will set up the DigiCert IoT Trust Manager Integration from your Litmus Edge Manager Admin Console.
- Then, you will configure the Certificate Authority (CA) for both Litmus Edge Manager and Litmus Edge (LE) devices.
- Finally, you will verify if the DigiCert certificates are applied to your Litmus Edge devices.
- Ensure you have at least one Edge device activated in your Litmus Edge Manager. See Activate an Edge Device for more information.
- Ensure you have access to the DigiCert IoT Trust Manager to obtain the required configuration parameters. If you are not a DigiCert IoT Trust Manager customer, visit https://www.digicert.com/device-trust-manager to sign up.
To access the DigiCert IoT Trust Manager integration pane:
- Log in to the Litmus Edge Manager Admin Console at the following URL: https://[LEM IP address]:8446.
- From the Navigation panel, select Integration. Integration's Kafka pane by default appears.
From Integration's navigation sub-panel, select DigiCert. Integration's DigiCert pane appears.
DigiCert IoT Trust Manager Integration pane
You will see three fields for configuration: URL, Profile ID, and Passcode. By default, placeholder values will be in these fields. In the next step, you will retrieve these configuration parameters from the DigiCert IoT Trust Manager.
To retrieve the URL, Profile ID, and Passcode parameters from the DigiCert IoT Trust Manager, follow the steps below:
- Select IoT Trust Manager from the switcher icon at the top right corner.
- From the navigation panel, select Enrollment configurations. The Enrollment profiles page opens.
Click the desired Enrollment profile name. The Enrollment profile details page appears. Note: 1. For this use case, the enrollment profile is already created. See Create an enrollment profile to learn more. 2. Set up the enrollment profile method for REST API, as it is the integrated method with Litmus Edge Manager.
Certificate enrollment methods dialog box
Enrollment profiles pageConfigure the keypair generation settings to be used.
Keypair generation settings- After creating the Enrollment Profile, edit the enrollment profile. Scroll to the bottom of the Enrollment Profile details page and create a passcode. Copy and save this passcode to a secure location. See also Enrollment Passcodes to generate the passcode for authenticating to the REST API.
- You can retrieve the URL, Profile ID, and Passcode parameters from the Enrollment profile details page as follows:
URL: This is the DigiCert server URL. Navigate to API section and copy Request URL link.
Enrollment profile details page - API sectionProfile ID: Copy this from the Enrollment profile ID.
Enrollment profile details page- Passcode: This was generated and shown when you created the passcode above.
- Enter the retrieved parameters into the DigiCert Integration fields in the Litmus Edge Manager Admin Console.
Click Save. A confirmation message will appear indicating that the DigiCert settings are saved.
DigiCert Integration Page
To set up the certificate authority for Litmus Edge Manager:
- From the Litmus Edge Manager Admin Console, navigate to Settings > Domain/SSL.
From the SSL settings panel, choose the DigiCert option.
Domain/SSL Settings Page- Click Save.
The Page Reload Required dialog box appears. Click Yes, and refresh the page. SSL settings are saved and the page is reloaded after updating the certificate settings for proper system functioning.
Page Reload Required dialog box
To issue a certificate for Litmus Edge device from Litmus Edge Manager User UI:
Log in to Litmus Edge Manager and navigate to Certificates tab. The list of current certificates for your edge devices along with their details appears.
Certificates tabTo issue a new certificate, click the Action button for an edge device and select Issue a new certificate.
Certificates Management pane- From the Issue a new certificate dialog box, configure the following:
- Certificate Authority: From the dropdown menu, select DigiCert IoT Trust Manager as the new certificate authority.
- (Optional) Keep default settings for the other fields.
Click ISSUE CERTIFICATE.
Issue a new certificate dialog box
The certificate has been added to the Litmus Edge device along with the issuer details.
To verify that the certificate has been added to the Litmus Edge device:
- Navigate to the specific edge device instance where you applied the certificate and log in.
Go to Systems > Network and find the Device Certificates panel.
Systems > Network page
You can verify the certificate details and ensure that the new certificate has been added.
Note: Refresh the screen if necessary to see the updated certificate and issuer details. Reboot is required to see the certificate update on browser tab.