azure-iot-hubazure-iot-sdkazure-iot-hub-device-managementazure-iot-dps

Device provisioned with DPS always shown as "X509 self-signed" instead of "Certificate Authority"


I try to set an Azure DPS with the authentication type "x509 CA certificate". Everything works except the IoT hub shows devices provisioned with DPS as "X509 self-signed" instead of "Certificate Authority".

pic

With devices directly created on IoT Hub (NOT via DPS), authenticated types are set to Certificate Authority. This is the behavior I want to reproduce with devices created from DPS.

pic

My DPS enrollment group settings:

pic

For testing, I'm using the IoT-Sdk-CSharp and follow this sample.

Do you know what I have to change in DPS for my devices to appear with the "Certificate Authority" authentication type?

Thank you for your help. Have a nice day.


Solution

  • The authentication for the devices will show as "X509 CA Signed" rather than "Self-Signed X509 Certificate" once you obtain a legitimate certificate from a reliable Certified Authority. Please refer to this resource X.509 certificate attestation. (or) We need to add the root CA certificate to the IoT Hub. You can add the root CA certificate by selecting + Add in the Certificates section of the IoT Hub and uploading the root CA certificate file. Make sure to select the box next to Set certificate status to verified on upload. If you didn't choose to automatically verify the certificate during upload, you can manually prove possession by generating a verification code and creating a certificate that contains the verification code. You can then upload the verification certificate to your provisioning service in the Certificate Details dialog and select Verify.

    az iot dps enrollment-group compute-device-key -g {resourcegroupname} --dps-name {dpsname} --enrollment-id {enrollmentid} --registration-id {registrationid}

    enter image description here