如果创建了多个租户，Azure Sphere设备证书将存储在何处以及如何安排租户证书？ [英] Where does the Azure Sphere device certificates are stored and how tenant certificates are arranged if multiple tenants are created?

问题描述

由于DAA（设备身份验证和证明）服务会创建特定于租户的CA.此处的租户是否参考了在声明之前最初创建的Azure Sphere租户？

如果我使用命令强行在设备上创建第二个租户  

< pre class ="prettyprint"style =""> azsphere tenant create --name< your-2nd-tenant-name> --force 

DAA是否会为此租户创建新的租户证书？

Azure Sphere的短期设备证书在哪里？存储它们是存储在设备本身还是存储在DAA中？

解决方案

感谢问题Yatin。

> 由于DAA（设备验证和证明）服务创建了特定于租户的CA.此处的租户是否参考了在声明之前最初创建的Azure Sphere租户？

每个Azure Sphere设备都有唯一的设备标识ID，该标识由设备在芯片制造过程中生成，使用Azure Sphere云服务注册（声称如
此处） 。

>  如果我使用命令强行在设备上创建第二个租户 azsphere
租户创建--name< your-2nd-tenant-name> --force"  DAA会为这个租户创建新的租户证书吗？

你不能。每个Azure Sphere设备必须由Azure Sphere租户"声明"，以便租户了解其所有设备并可以作为一个组进行管理。多个租户无法申请设备。

>此外，Azure Sphere的短期设备证书存储在设备本身或DAA中的哪个位置？ 

DAA证书服务基于每个租户运行，因此注册到Azure Sphere租户的每个设备都会收到仅在租户特定链中有效的证书。

有关详细信息，请参阅以下文章：  https://aka.ms/DAA_paper 

As DAA (Device Authentication and Attestation) service creates tenant specific CA. Does the tenant here refer to the Azure Sphere tenant created initially before claiming?

What if I create second tenant on the device forcefully using command  

azsphere tenant create --name <your-2nd-tenant-name> --force 

Will DAA create new tenant certificate for this tenant?

Also where does the short lived device certificates for Azure Sphere are stored are they stored on the device itself or in DAA? 

解决方案

Thanks for the question Yatin.

> As DAA (Device Authentication and Attestation) service creates tenant specific CA. Does the tenant here refer to the Azure Sphere tenant created initially before claiming?

Every Azure Sphere device has a unique device identification ID, which is generated by the device during the silicon manufacturing process and registered (claimed like described here) with Azure Sphere cloud services.

> What if I create second tenant on the device forcefully using command "azsphere tenant create --name <your-2nd-tenant-name> --force " Will DAA create new tenant certificate for this tenant?

You can't. Each Azure Sphere device must be "claimed" by an Azure Sphere tenant, so that the tenant knows about all its devices and can manage them as a group. A device cannot be claimed by multiple tenants.

>Also where does the short lived device certificates for Azure Sphere are stored are they stored on the device itself or in DAA? 

The DAA certificate services operate on a per-tenant basis, so that each device that is registered to an Azure Sphere tenant receives a certificate that is valid only within the tenant-specific chain.

See the following article for more info: https://aka.ms/DAA_paper 

这篇关于如果创建了多个租户，Azure Sphere设备证书将存储在何处以及如何安排租户证书？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！