The Azure IoT documentation has guides on setting up certifications for production use. That documentation showcases how to properly setup using certificate authorities to generate proof of possession. For development purposes, you may want to use self signed certificates.
- Assuming the original key and cert were created with the following commands (Azure IoT reports unverified if you upload it):
# Create root key
openssl genrsa -out iotHubRoot.key 2048
# Create root cert
openssl req -new -x509 -key iotHubRoot.key -out iotHubRoot.cer -days 500
- Then generate the verification cert (pay attention to fill in common name with verification code):
# Create verification key and csr
openssl genrsa -out verification.key 2048
openssl req -new -key verification.key -out verification.csr
#It will prompt for cert fields.
#IMPORTANT: The Common Name needs to be your Verification Code (generate and copy that from portal)
# Create verification pem
openssl x509 -req -in -verification.csr -CA iotHubRoot.cer -CAkey iotHubRoot.key -CAcreateserial -out verification.pem -days 500 -sha256
- Upload pem file to portal to verify certificate
Visited 1 times, 1 visit(s) today
Azure Azure IoT Edge Azure IoT Hub IoT openssl X509
Last modified: January 28, 2020
[…] Azure IoT Hub – OpenSSL – Generate proof of possession (Jared Rhodes) […]
[…] Azure IoT Hub – OpenSSL – Generate proof of possession (Jared Rhodes) […]
Jared, i owe you a beer if you are ever in Copenhagen.
You have one small typo : “openssl x509 -req -in -verification.csr ….” should be “openssl x509 -req -in verification.csr ..”. There is a – in front of verification.csr.
This has helped me quite a lot, paired with this guide https://docs.microsoft.com/bs-latn-ba/azure/iot-hub/iot-hub-security-x509-get-started. The MS guide slips by how to do the process exactly, and you may want to emphasise that the verification code comes from the intial csr file (step 1) that can be uploaded to the IoT Hub, and then the verification code can be generated and the remaining steps can be done as you describe.
Jared, i owe you a beer if you are ever in Copenhagen.
You have one small typo : “openssl x509 -req -in -verification.csr ….” should be “openssl x509 -req -in verification.csr ..”. There is a – in front of verification.csr.
This has helped me quite a lot, paired with this guide https://docs.microsoft.com/bs-latn-ba/azure/iot-hub/iot-hub-security-x509-get-started. The MS guide slips by how to do the process exactly, and you may want to emphasise that the verification code comes from the intial csr file (step 1) that can be uploaded to the IoT Hub, and then the verification code can be generated and the remaining steps can be done as you describe.
Thanks for this! This is much faster than my older method of creating self-signed certificates.
Thanks for this! This is much faster than my older method of creating self-signed certificates.
Thanks a lot mate, this helps a lot
PS : for the last line command there is a dash next to verification that should be deleted
Thanks a lot mate, this helps a lot
PS : for the last line command there is a dash next to verification that should be deleted
Thanks Jared, helps a lot.
Thanks Jared, helps a lot.