weixin_39624816
weixin_39624816
2020-12-28 22:13

Explanation of the individual enrollment X.509 concept

So I followed this guide _https://docs.microsoft.com/de-de/azure/iot-dps/quick-create-simulated-device-x509#simulate-first-boot-sequence-for-the-device__ and I was able to provision my simulated device. What I do not understand is how the DPS knows that this individual enrollment was meant for this device. There is no connection from the device client code other then the ID_SCOPE of the DPS. I'd have expected that I need to provide some kind of individual information for this device to map it to my enrollment? How does the service know which device to provision if I'd executed like 10 different provisioning request from 10 different device at he same time? First come first serve?

This sample in java uses a cert and a private key. Why is this not the case with the above mentioned sample? https://docs.microsoft.com/en-us/azure/iot-dps/quick-create-simulated-device-x509-java#simulate-the-device

该提问来源于开源项目:Azure/azure-iot-sdk-c

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

9条回答

  • weixin_39645019 weixin_39645019 3月前

    for the C-SDK the DPS client is backed by an HSM used to generate certificates. It is designed to call into a either hardware security device or a software simulated security device (when hardware is not available). Currently the C-SDK is out of the box using a simulated device for development purposes, but in production environments it is anticipated the device will use hardware HSM to provide the secrets for the TLS connection. I have decided to create a document detailing how some of this works. I'm not the fastest writer, so look for this document in a few weeks.

    点赞 评论 复制链接分享
  • weixin_39736934 weixin_39736934 3月前

    when can i expect the Document from you .

    点赞 评论 复制链接分享
  • weixin_39736934 weixin_39736934 3月前

    Please upload the Documentation

    点赞 评论 复制链接分享
  • weixin_39735509 weixin_39735509 3月前

    Hi if your looking for Enroll individual device registration with x509 or Group . you have to implement custom HSM module . where you have parse the device certificate & private key & common name pass this information to hsm client

    点赞 评论 复制链接分享
  • weixin_39736934 weixin_39736934 3月前

    Thanks for your clue .

    点赞 评论 复制链接分享
  • weixin_39645019 weixin_39645019 3月前

    we have just created a provisioning client FAQ that explains thing about x509. This is a "living" document so more information will be added. Let us know if you have any more issues.

    点赞 评论 复制链接分享
  • weixin_39710361 weixin_39710361 3月前

    , , , , thank you for your contribution to our open-sourced project! Please help us improve by filling out this 2-minute customer satisfaction survey

    点赞 评论 复制链接分享
  • weixin_39606177 weixin_39606177 3月前

    we have just created a provisioning client FAQ that explains thing about x509. This is a "living" document so more information will be added. Let us know if you have any more issues.

    Could you please share this doc ?

    点赞 评论 复制链接分享
  • weixin_39574065 weixin_39574065 3月前

    Hi if your looking for Enroll individual device registration with x509 or Group . you have to implement custom HSM module . where you have parse the device certificate & private key & common name pass this information to hsm client

    Hi every one, I'm using the iot_sdk_c. Please can you explain how can i create the HSM modul, because I wanna do the enroll group, so I generated the root-certifecate and the device-certificate by using the certGen, and I registered the CA certificate on the provesionning->certificates, but know when I try to run the prov_dev_client_ll_sample I get this / "client_ll_sample Provisioning API Version: 1.3.4 Iothub API Version: 1.3.4 Provisioning Status: PROV_DEVICE_REG_STATUS_CONNECTED Error: Time:Fri Nov 22 16:36:10 2019 File:/home/celadodc-rswl.com/rabie.mekil/Documents/projects/sdk_azure/azure-iot-sdk-c/provisioning_client/src/prov_device_ll_client.c Func:prov_transport_process_json_reply Line:663 Unsuccessful json encountered: {"errorCode":401002,"trackingId":"a24063c9-88ff-484b-9fcd-b183b891ed9e","message":"CA certificate not found.","timestampUtc":"2019-11-22T15:36:10.2620493Z"} Error: Time:Fri Nov 22 16:36:10 2019 File:/home/celadodc-rswl.com/rabie.mekil/Documents/projects/sdk_azure/azure-iot-sdk-c/provisioning_client/src/prov_transport_http_client.c Func:prov_transport_http_dowork Line:941 Unable to process registration reply. Error: Time:Fri Nov 22 16:36:10 2019 File:/home/celadodc-rswl.com/rabie.mekil/Documents/projects/sdk_azure/azure-iot-sdk-c/provisioning_client/src/prov_device_ll_client.c Func:on_transport_registration_data Line:763 Failure retrieving data from the provisioning service Failure encountered on registration PROV_DEVICE_RESULT_DEV_AUTH_ERROR registration failed!"

    Can someone tell me how can I do the group enroll.

    点赞 评论 复制链接分享