Azure IoT中心证书 [英] Azure IoT Hub Certificate
问题描述
我正在尝试使用Mqtt在Azure IoT中心上发布一些数据. 我已经成功使用SAS令牌发布了一些数据.
I'm trying to publish some data on the Azure IoT hub using Mqtt. I've succesfully published some data, using a SAS token.
但是我的客户希望使用x509自己生成的&自签名证书. Azure支持此功能,但没有提供太多信息. ( https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-security#supported-x509-certificates )
But my customer wants a x509 self generated & self signed certificate. Azure is supporting this, but doesn't give much information about it. (https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-security#supported-x509-certificates)
自生成且自签名的X-509证书.设备 制造商或内部部署者可以生成这些证书,并且 将相应的私钥(和证书)存储在设备上. 您可以使用诸如OpenSSL和Windows SelfSignedCertificate之类的工具 实用程序.
A self-generated and self-signed X-509 certificate. A device manufacturer or in-house deployer can generate these certificates and store the corresponding private key (and certificate) on the device. You can use tools such as OpenSSL and Windows SelfSignedCertificate utility for this purpose.
注意 IoT中心仅不需要或存储整个X.509证书 指纹.
Note IoT Hub does not require or store the entire X.509 certificate, only the thumbprint.
我所做的就是创建一个CA证书和密钥.
What I've done is created a CA certificate and key.
$openssl req -newkey rsa:2048 -x509 -nodes -sha256 -days 365 -extensions v3_ca -keyout ca.key -out ca.crt
创建了客户端密钥和签名请求
Created a client key and signing request
$openssl genrsa -out client.key 2048
$openssl req -new -sha256 -out client.csr -key client.key
签署请求并创建证书
$openssl x509 -req -sha256 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -CAserial ca.srl -out client.crt -days 365
我已将客户端密钥和证书上载到调制解调器. 并插入了客户端证书的指纹.
I've uploaded the client key and certificate to the modem. And inserted the thumbprint of the client certificate.
我的调制解调器可以成功连接到myhub.azure-devices.net/deviceId (port 8883)
但是,当新数据到达时,它无法对其进行解码.
My modem can succesfully connect to myhub.azure-devices.net/deviceId (port 8883)
But when new data arrives it can't decode it.
从这一点上来说,我有点坚持.我尝试使用MqttFx,但是没有运气.
I'm kinda stuck from this point on. I've tried to use MqttFx, but with no luck.
有人可以在这里将我推向正确的方向吗?
Can someone push me into the right direction here?
推荐答案
我已解决此问题:
The configured CA certificate must be the azure certificate: CA Root Certificate Azure SDK. I've used the Baltimore root certificate.
客户端证书和密钥正确.客户端证书的SHA1指纹必须传达到Azure IoT中心.
The client certificate and key are correct. The SHA1 thumbprint of the client certificate must be communicated to the Azure IoT hub.
我已经使用 Paho 作为Mqtt客户端.
I've used Paho as Mqtt client.
最后,我在连接服务器时遇到了调制解调器错误.显然,调制解调器内部的时间仍为默认时间(1-1-2004),并且调制解调器将证书的时间与当前时间(1-1-2004)进行检查,该时间无效,因此无法建立连接.
Finally I've had a modem error on connecting to the server. The time inside the modem was still at default (1-1-2004) apparently, and the modem checks the time of the certificate with the current time (1-1-2004), which was invalid, so no connection could be made.
这篇关于Azure IoT中心证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
