Manage Certificates with DigiCert IoT Trust Manager Integration

note the digicert iot trust manager integration is available for manufacturing connect 2 21 0 and later in this use case, you will integrate digicert iot trust manager with manufacturing to manage certificates for all your edge devices first, you will set up the digicert iot trust manager integration from your manufacturing connect admin console then, you will configure the certificate authority (ca) for both manufacturing connect and manufacturing connect edge devices finally, you will verify if the digicert certificates are applied to your manufacturing connect edge devices before you begin ensure you have at least one edge device activated in your manufacturing connect see activate an edge device docid\ m2du1twvne9kz1he r222 for more information ensure you have access to the digicert iot trust manager to obtain the required configuration parameters if you are not a digicert iot trust manager customer, visit https //www digicert com/device trust manager https //www digicert com/device trust manager to sign up step 1 access digicert iot trust manager integration to access the digicert iot trust manager integration pane log in to the manufacturing connect admin console at the following url https //\[mc ip address] 8446 from the navigation panel, select integration integration's kafka pane by default appears from integration's navigation sub panel, select digicert integration's digicert pane appears you will see three fields for configuration url , profile id , and passcode by default, placeholder values will be in these fields in the next step, you will retrieve these configuration parameters from the digicert iot trust manager step 2 set up integration with digicert to retrieve the url, profile id, and passcode parameters from the digicert iot trust manager, follow the steps below open a new browser and log in to your digicert one platform at https //one digicert com https //one digicert com/ select iot trust manager from the switcher icon at the top right corner from the navigation panel, select enrollment configurations the enrollment profiles page opens click the desired enrollment profile name the enrollment profile details page appears note 1\ for this use case, the enrollment profile is already created see create an enrollment profile to learn more 2\ set up the enrollment profile method for rest api, as it is the integrated method with manufacturing connect configure the keypair generation settings to be used after creating the enrollment profile, edit the enrollment profile scroll to the bottom of the enrollment profile details page and create a passcode copy and save this passcode to a secure location see also enrollment passcodes to generate the passcode for authenticating to the rest api you can retrieve the url , profile id , and passcode parameters from the enrollment profile details page as follows url this is the digicert server url navigate to api section and copy request url link profile id copy this from the enrollment profile id passcode this was generated and shown when you created the passcode above enter the retrieved parameters into the digicert integration fields in the manufacturing connect admin console click save a confirmation message will appear indicating that the digicert settings are saved step 3 set up certificate authority for manufacturing connect to set up the certificate authority for manufacturing connect from the manufacturing connect admin console, navigate to settings > entry points from the entry points panel, choose the digicert option click save the page reload required dialog box appears click yes, and refresh the page ssl settings are saved and the page is reloaded after updating the certificate settings for proper system functioning step 4 issue a certificate for manufacturing connect edge from manufacturing connect user ui to issue a certificate for manufacturing connect edge device from manufacturing connect user ui log in to manufacturing connect and navigate to certificates tab the list of current certificates for your edge devices along with their details appears to issue a new certificate, click the action button for an edge device and select issue a new certificate from the issue a new certificate dialog box, configure the following certificate authority from the dropdown menu, select digicert iot trust manager as the new certificate authority (optional) keep default settings for the other fields click issue certificate the certificate has been added to the manufacturing connect edge device along with the issuer details step 5 verify certificate for manufacturing connect edge device to verify that the certificate has been added to the manufacturing connect edge device navigate to the specific edge device instance where you applied the certificate and log in go to systems > network and find the device certificates panel you can verify the certificate details and ensure that the new certificate has been added note refresh the screen if necessary to see the updated certificate and issuer details reboot is required to see the certificate update on browser tab