Certificate issue in Azure IoT Hub

0 votes

I'm trying to publish some data on the Azure IoT hub using Mqtt. I've succesfully published some data, using a SAS token.

But my customer wants a x509 self generated & self signed certificate. Azure is supporting this, but doesn't give much information about it. (https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-security#supported-x509-certificates)

A self-generated and self-signed X-509 certificate. A device manufacturer or in-house deployer can generate these certificates and store the corresponding private key (and certificate) on the device. You can use tools such as OpenSSL and Windows SelfSignedCertificate utility for this purpose.

Note IoT Hub does not require or store the entire X.509 certificate, only the thumbprint.

What I've done is created a CA certificate and key.

$openssl req -newkey rsa:2048 -x509 -nodes -sha256 -days 365 -extensions v3_ca -keyout ca.key -out ca.crt

Created a client key and signing request

$openssl genrsa -out client.key 2048

$openssl req -new -sha256 -out client.csr -key client.key

Signed the request and created the certificate

$openssl x509 -req -sha256 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -CAserial ca.srl -out client.crt -days 365

I've uploaded the client key and certificate to the modem. And inserted the thumbprint of the client certificate.

My modem can succesfully connect to myhub.azure-devices.net/deviceId (port 8883) But when new data arrives it can't decode it.

Any help will be much appreciated..!!

Oct 11, 2018 in IoT (Internet of Things) by Matt
• 2,260 points
471 views

1 answer to this question.

0 votes

I've fixed this problem:

The configured CA certificate must be the azure certificate: CA Root Certificate Azure SDK. I've used the Baltimore root certificate.

The client certificate and key are correct. The SHA1 thumbprint of the client certificate must be communicated to the Azure IoT hub.

I've used Paho as Mqtt client.

Finally I've had a modem error on connecting to the server. The time inside the modem was still at default (1-1-2004) apparently, and the modem checks the time of the certificate with the current time (1-1-2004), which was invalid, so no connection could be made.

answered Oct 11, 2018 by anonymous2
• 4,260 points

Related Questions In IoT (Internet of Things)

0 votes
1 answer

TCP in Azure IoT Hub

The default Protocol Gateway samples are indeed ...READ MORE

answered Oct 11, 2018 in IoT (Internet of Things) by DataKing99
• 8,100 points
383 views
0 votes
1 answer

Testing if messages from my Device is reaching the Azure IoT Hub?

Download the Device Explorer open source tool ...READ MORE

answered Aug 10, 2018 in IoT (Internet of Things) by DataKing99
• 8,100 points
493 views
0 votes
1 answer

Create Azure IoT using ARM Template in Azure

It is not recommended to deploy the ...READ MORE

answered Sep 5, 2018 in IoT (Internet of Things) by anonymous2
• 4,260 points
149 views
0 votes
1 answer
0 votes
1 answer

Displaying Table Schema using Power BI with Azure IoT Hub

Answering your first question, Event Hubs are ...READ MORE

answered Aug 1, 2018 in IoT (Internet of Things) by nirvana
• 3,060 points
69 views
0 votes
1 answer

How to use the data I receive from Azure IoT Hub?

The payload you receive will be a ...READ MORE

answered Aug 1, 2018 in IoT (Internet of Things) by DataKing99
• 8,100 points
75 views
0 votes
1 answer

Azure - What service to use for Arduino data (iot)

That's because the two services do completely ...READ MORE

answered Aug 1, 2018 in IoT (Internet of Things) by anonymous2
• 4,260 points
77 views
0 votes
2 answers

Azure IoT Hub Operations Monitoring

Hi, Can you tell which device you ...READ MORE

answered Jan 4 in IoT (Internet of Things) by Varul
• 140 points
162 views
0 votes
1 answer
0 votes
1 answer

Control LED Blinking Using Java in Azure IoT Hub

Your description of what you did is ...READ MORE

answered Sep 5, 2018 in IoT (Internet of Things) by anonymous2
• 4,260 points
119 views