weixin_39876514
weixin_39876514
2020-12-25 19:39

Failed to register simulated device with X.509 Certificate created using dice_device_enrollment tool

  • OS and version used: Ubuntu 18.04.1 LTS

  • SDK version used: 1.2.8

  • Description of the issue:

I have downloaded and compiled C SDK on Ubuntu system (cmake -Duse_prov_client:BOOL=ON ..). Following approach was implemented to register my sample device using provisioning service.

./[cmake folder]/]provisioning_client/tools/dice_device_enrollment/dice_device_enrollment Generated a certificate (second entry) and created a device.cert file. In Azure portal, I enrolled the device using this device.cert file. The registration ID I see is riot-signer-core when enrolled successfully. In the ../provisioning_client/samples/prov_dev_client_sample/prov_dev_client_sample.c, updated global_prov_uri, id_scope and hsm_type = SECURE_DEVICE_TYPE_X509; Compiled the sample again and executed it to register my device.

  • Code sample exhibiting the issue: I am using the default code.

  • Console log of the issue:

Provisioning API Version: 1.2.9

Registering Device

Provisioning Status: PROV_DEVICE_REG_STATUS_CONNECTED Provisioning Status: PROV_DEVICE_REG_STATUS_ASSIGNING Provisioning Status: PROV_DEVICE_REG_STATUS_ASSIGNING Error: Time:Mon Oct 8 11:52:01 2018 File:/home/jeevan/linuxSDK/azure-iot-sdk-c/provisioning_client/src/prov_device_ll_client.c Func:prov_transport_process_json_reply Line:459 Provisioning Failure: OperationId: 4.87f7851aaaa18ed1.f79a3c23-1120-43df-8202-4c4ad29072b7 - Date: 2018-10-08T06:21:50.0194288Z - Msg: Invalid certificate Error: Time:Mon Oct 8 11:52:01 2018 File:/home/jeevan/linuxSDK/azure-iot-sdk-c/provisioning_client/src/prov_transport_mqtt_common.c Func:prov_transport_common_mqtt_dowork Line:946 Unable to process registration reply. Error: Time:Mon Oct 8 11:52:01 2018 File:/home/jeevan/linuxSDK/azure-iot-sdk-c/provisioning_client/src/prov_device_ll_client.c Func:on_transport_registration_data Line:552 Failure retrieving data from the provisioning service

Failure registering device: PROV_DEVICE_RESULT_DEV_AUTH_ERROR Press enter key to exit:

I have 2 questions here:

Question 1: I am doing this exercise for first time and I am facing the issue. Are my steps correct?

Question 2: In case I want to use a self signed X.509 certificate generated outside code, what is the procedure to use? I am under impression that I can set the certificate in certs.c (char *certificates) and enable. I have tried it, but no success here. I am getting same error as above. Note that I enrolled the device with device my self signed X509 certificate.

该提问来源于开源项目:Azure/azure-iot-sdk-c

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

4条回答

  • weixin_39645019 weixin_39645019 3月前

    I just ran through it and I did see an issue with the certificate that the dice_device_enrollment tool returned. It is adding two certs in the cert file instead of 1. I will update this and get it checked in. In the mean time you can use the first certificate that is printed (the first BEGIN_CERTIFICATE till END_CERTIFICATE) which should be riot-device-cert and this should fix your issue.

    点赞 评论 复制链接分享
  • weixin_39876514 weixin_39876514 3月前

    Thanks a lot for help. It worked for me.

    Regarding my second question, I did not get the purpose of using the certificate in certs.c file.

    I want to use a self signed x.509 certificate which is in .pfx format. From the documentation I read so far, I find that I would need to implement HSM interfaces to accommodate my self signed certificate.

    Once you are done with check-in, please do post to me.

    点赞 评论 复制链接分享
  • weixin_39645019 weixin_39645019 3月前

    I was able to check in a new version of the dice_device_enrollment tool let me know if you see any more issues with it.

    Yes, if you want to use a pfx certificate it will require for you to create a custom HSM and you'll have to edit the x509_schannel.c file to handle the passing of pfx format.

    If you have any more question or comments either reopen this issue or create a new one.

    Thanks.

    点赞 评论 复制链接分享
  • weixin_39710361 weixin_39710361 3月前

    , thank you for your contribution to our open-sourced project! Please help us improve by filling out this 2-minute customer satisfaction survey

    点赞 评论 复制链接分享