question

VuHuyHopGAMVNDAP-7468 avatar image
0 Votes"
VuHuyHopGAMVNDAP-7468 asked SatishBoddu-MSFT commented

Authenticate device with x509 certificate chain

Hi,
I have a x509 certificate chain (Root CA -> Intermedicate Cert -> Device cert). I want to authenticate mydevice with IoT Central, so do I need to verify both Intermediate and Root certificate on IoT central?

azure-iot-central
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @VuHuyHopGAMVNDAP-7468 Just checking in if you have had a chance to see the previous response. If the response is helpful, please click "Accept Answer" and upvote it, so that it is helpful to others as well.

0 Votes 0 ·

1 Answer

SatishBoddu-MSFT avatar image
0 Votes"
SatishBoddu-MSFT answered

Hello @VuHuyHopGAMVNDAP-7468

Please see the below sections for more understanding!

X.509 group enrollment
In a production environment, using X.509 certificates is the recommended device authentication mechanism for IoT Central.
To learn more, see Device Authentication using X.509 CA Certificates.

To connect a device with an X.509 certificate to your application:

  1. Create an enrollment group that uses the Certificates (X.509) attestation type.

  2. Add and verify an intermediate (OR) root X.509 certificate in the enrollment group.

  3. Generate a leaf certificate from the root or intermediate certificate in the enrollment group. Send the leaf certificate from the device when it connects to your application.

To learn more, see How to connect devices with X.509 certificates

87867-image.png

If the response is helpful, please click "Accept Answer" and upvote it.




image.png (153.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.