Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Home
  • Knowledge base
  • Contact Us
  • Home
  • Configuration in the Web UI
  • DigiCert IoT Trust Manager

Device enrollment into DigiCert ONE IoT Trust Manager for certificate management

Learn how to configure SIA Connect to enrollment and renew certificates from DigiCert ONE IoT Trust Manager

Written by Mads Mikkelsen

Updated at November 22nd, 2024

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Installation & Technical information
    Introduction SIA Connect Standalone SIA Connect ANY-Ware Cellular & WiFi connectivity
  • Configuration in the Web UI
    Getting started with the UI Connectors Instances Items Mapping Data System Network Tools & Add-ons DigiCert IoT Trust Manager
  • Connectors
    Siemens S7 Azure IoT Ethernet/IP Mitsubishi MELSEC OPC-UA Server SQL MQTT Omron Host Link REST API Omron FINS Keyence Beckhoff TwinCAT BACnet Virtual OPC-UA Client MS SQL File M-Bus Modbus
  • Scripting & Variables
    Data formatting
  • Developers
    API documentation Shadow API
  • Tutorials & Guides
    InfluxDB AWS IoT Core - Amazon Web Services Microsoft Power BI KaaIoT Siemens S7 AVEVA Insight SIA Connect Demo Rack Grafana Azure
  • General
+ More

Table of Contents

Get or Create an Enrollment Profile from DigiCert ONE IoT Trust Manager Setting up the Enrollment to DigiCert ONE IoT Trust in SIA Connect Certificate Signing Request (CSR) Enrollment information

IoT Trust Manager is a tool provided by DigiCert in their ONE platform to manage certificate distribution at scale on IoT devices. It is called a Public Key Infrastructure (PKI) and distributes the certificates for the IoT devices which can be used for authentication to for example OPC-UA servers, MQTT brokers, Azure and so forth.

By enrolling your SIA Connect into DigiCert ONE IoT Trust you will ensure the certification are automatically renewed and up to date to enhance security and ease management of authentication in a scalable manner.

Your browser does not support HTML5 video.

 

Get or Create an Enrollment Profile from DigiCert ONE IoT Trust Manager

To set up PKI enrollment, the first thing you need is an account on DigiCert ONE with access to the Trust Manager tool. You will then need to create an enrollment profile for your devices. The enrollment profile defines the rules for certificate issuance and specifies the authentication methods the device can use to authorize against the PKI responsible for issuing the certificate.

To get or create the enrollment profile, follow these steps:

  • Login to DigiCert ONE account at http://one.digicert.com
  • In the upper-right corner, click the tiles icon, which provides access to all the DigiCert ONE Managers, and select IoT Trust.
  • In the IoT Trust Manager, go to Enrollment Configurations.
  • Click Create Enrollment Profile, or if you already have an enrollment profile, click on it and copy the Enrollment Profile ID.
    • For details on how to create the enrollment profile please refer to DigiCerts Docs: Create an Enrollment profile

 

Setting up the Enrollment to DigiCert ONE IoT Trust in SIA Connect

To setup SIA Connect to enroll and renew certificates from DigiCert ONE IoT Trust follow these steps:

  • In the portal go to Tools → Certificate Management. Click the button with IoT Trust to open the configuration page.
  • Fill in the enrollment details. Below is an overview of the parameters and some information

 

Certificate Signing Request (CSR)

The CSR will by default be generated on SIA Connect and sent to DigiCert ONE IoT Trust to be used for generating the certificate. Therefore for highest security when creating the Enrollment Profile in IoT Trust select “I will generate the keypairs and provide CSRs or public keys” under the Manage Key generation section in the Enrollment Profile configuration

 

 

Parameter Description
Account

DigiCert account name. If any, then it can be found as the subdomain of https://XYZ.one.digicert.com (e.g. https://demo.one.digicert.com where demo is the account name)

Default: Empty
Enrollment profile

Enrollment profile to enroll into in DigiCert ONE IoT Trust. See previous section to learn how to create an enrollment profile or get the ID of an existing one.

Example: IOT_c80924a8-c8cd-4679-82e7-eef32128198d
Device name

The name of the device that is being shown IoT Trust after enrollment. This will also be the CN of the issued certificate from IoT Trust.

Example: sia-connect_19b65c
Authentication

Select the authentication type for the enrollment profile you entered. You can find the authentication type in the Digicert ONE IoT Trust Manager under the Enrollment methods

You can select between the following authentication options:

  • Passcode
  • API key
  • Certificates

If you select certificates you will need to upload the authentication certificate and key for the enrollment profile. 
Renewal window

When a certificate is being issued for the device from IoT Trust it will have an expire time. The renewal window is the amount of days before this expiry the device should request a renewal of the certificate. This parameter is given in days.

Default: 31 days

 

Enrollment information

After a successful enrollment and issuing of certificate all the fields in the table below are populated. If the fields is populated it means the device has successfully enrolled and got an issued certificate from IoT Trust which can now be used across SIA Connect.

Parameter Description
Start date

Start date of when the certificate is valid from.

Example: 2024-09-20T15:22:12.000Z
Expiry date

Date of when the issued certificate will expire.

Example: 2024-12-19T15:22:12.000Z
Certificate

Name of the certificate on SIA Connect which was issued.

Example: sia-connect_19b65c.crt
Key

Name of the private key on SIA Connect which was used to generate the Certificate Signing Request (CSR) sent to IoT Trust for issuing the certificate.

Example: digicert_key.key
Certificate ID

ID of the certificate which is being issued from IoT Trust. This is the certificate ID generated by IoT Trust.

Example: f2d5cb77-c043-465b-be1e-1a31d47f7fb5
digicert pki device enrollment certificate management authentication iot trust

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Get started with SIA Connect: A Step-By-Step guide
  • Supported Industrial & Buildings devices

0
0
Expand