Manage Certificates with DigiCert IoT Trust Manager Integration

note the digicert iot trust manager integration is available for belden horizon data manager 2 21 0 and later in this use case, you will integrate digicert iot trust manager to manage certificates for all your edge devices first, you will set up the digicert iot trust manager integration from your belden horizon data manager (bhdm) admin console then, you will configure the certificate authority (ca) for both bhdm and edge devices finally, you will verify if the digicert certificates are applied to your bhdo devices before you begin ensure you have at least one edge device activated in your bhdm see docid\ bbgh94p0zhjuz0juao6by for more information ensure you have access to the digicert iot trust manager to obtain the required configuration parameters if you are not a digicert iot trust manager customer, visit https //www digicert com/device trust manager to sign up step 1 access digicert iot trust manager integration to access the digicert iot trust manager integration pane log in to the bhdm admin console at the following url https //\[bhdm ip address] 8446 from the navigation panel, select integration integration's kafka pane by default appears from integration's navigation sub panel, select digicert integration's digicert pane appears you will see three fields for configuration url , profile id , and passcode by default, placeholder values will be in these fields in the next step, you will retrieve these configuration parameters from the digicert iot trust manager step 2 set up integration with digicert to retrieve the url, profile id, and passcode parameters from the digicert iot trust manager, follow the steps below open a new browser and log in to your digicert one platform at https //one digicert com/ select iot trust manager from the switcher icon at the top right corner from the navigation panel, select enrollment configurations the enrollment profiles page opens click the desired enrollment profile name the enrollment profile details page appears note 1\ for this use case, the enrollment profile is already created see https //docs digicert com/en/iot trust manager/enrollment profiles/create enrollment profiles/create an enrollment profile html to learn more 2\ set up the enrollment profile method for rest api, as it is the integrated method with bhdm configure the keypair generation settings to be used after creating the enrollment profile, edit the enrollment profile scroll to the bottom of the enrollment profile details page and create a passcode copy and save this passcode to a secure location see also https //docs digicert com/en/iot trust manager/enrollment passcodes html to generate the passcode for authenticating to the rest api you can retrieve the url , profile id , and passcode parameters from the enrollment profile details page as follows url this is the digicert server url navigate to api section and copy request url link profile id copy this from the enrollment profile id passcode this was generated and shown when you created the passcode above enter the retrieved parameters into the digicert integration fields in the bhdm admin console click save a confirmation message will appear indicating that the digicert settings are saved step 3 set up certificate authority for bhdm to set up the certificate authority for bhdm from the bhdm admin console, navigate to settings > domain/ssl from the ssl settings pane, choose the digicert option click save the page reload required dialog box appears click yes, and refresh the page ssl settings are saved and the page is reloaded after updating the certificate settings for proper system functioning step 4 issue a certificate for bhdo device from bhdm user ui to issue a certificate for bhdo device from bhdm user ui log in to bhdm and navigate to certificates tab the list of current certificates for your edge devices along with their details appears to issue a new certificate, click the action button for an edge device and select issue a new certificate from the issue a new certificate dialog box, configure the following certificate authority from the dropdown menu, select digicert iot trust manager as the new certificate authority (optional) keep default settings for the other fields click issue certificate the certificate has been added to the bhdo device along with the issuer details step 5 verify certificate for bhdo device to verify that the certificate has been added to the bhdo device navigate to the specific edge device instance where you applied the certificate and log in go to systems > network and find the device certificates panel you can verify the certificate details and ensure that the new certificate has been added note refresh the screen if necessary to see the updated certificate and issuer details reboot is required to see the certificate update on browser tab