I try to set an Azure DPS with the authentication type "x509 CA certificate". Everything works except the IoT hub shows devices provisioned with DPS as "X509 self-signed" instead of "Certificate Authority".
With devices directly created on IoT Hub (NOT via DPS), authenticated types are set to Certificate Authority. This is the behavior I want to reproduce with devices created from DPS.
My DPS enrollment group settings:
For testing, I'm using the IoT-Sdk-CSharp and follow this sample.
Do you know what I have to change in DPS for my devices to appear with the "Certificate Authority" authentication type?
Thank you for your help. Have a nice day.
The authentication for the devices will show as "X509 CA Signed" rather than "Self-Signed X509 Certificate" once you obtain a legitimate certificate from a reliable Certified Authority. Please refer to this resource X.509 certificate attestation. (or) We need to add the root CA certificate to the IoT Hub. You can add the root CA certificate by selecting + Add in the Certificates section of the IoT Hub and uploading the root CA certificate file. Make sure to select the box next to Set certificate status to verified on upload. If you didn't choose to automatically verify the certificate during upload, you can manually prove possession by generating a verification code and creating a certificate that contains the verification code. You can then upload the verification certificate to your provisioning service in the Certificate Details dialog and select Verify.
Sample example Provision X.509 devices to Azure IoT Hub using a DPS enrollment group
-- Used this link for az iot dps enrollment-group
from MSDOC.
Replace the your resourcegroupname, dpsname, enrollment_id, registration_id. It gives derived-device-key
or PROVISIONING_SYMMETRIC_KEY
.
az iot dps enrollment-group compute-device-key -g {resourcegroupname} --dps-name {dpsname} --enrollment-id {enrollmentid} --registration-id {registrationid}
Above steps are for Provision a simulated symmetric key device
Code reference Provision multiple X.509 devices using enrollment groups