Hello
Could you help me with some questions?
What maximum expiration can we set for Root CA cert for IoT Hub?
Does azure IoT hub have any limits in this case ?
Hello
Could you help me with some questions?
What maximum expiration can we set for Root CA cert for IoT Hub?
Does azure IoT hub have any limits in this case ?
Hello @AzureEktos-2638 ,
Please share with us if you have any other questions related with your original post. Otherwise could you go ahead and mark the below as answer?
Thank you so much.
Remember:
- Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.
Hello @AzureEktos-2638 ,
There is no hard-rule to set the maximum expiration of your self-signed X509 certificate deployed to Azure IoT Hub. Nevertheless even if the certificate is long-lived, you need to account that it can expire and there needs to be a way to update the certificate on the device.
Sharing some good reading about X509 on Azure IoT Hub:
Remember:
- Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.
- Want a reminder to come back and check responses? Here is how to subscribe to a notification.
Hello @AzureEktos-2638 ,
This is a great question.
Does azure IoT hub have any limits in this case ?
Azure IoT Hub accepts the certificate with the set validity.
As Asergaz already said in the initial response, there is no hard rule for the maximum set expiration of the certificate.
What maximum expiration can we set for Root CA cert for IoT Hub?
In the below example\test, I have created a test root CA cert with a validity of 100 years and uploaded it to IoTHub.


May we know how many years of validity you are looking for in your scenario?
Root certificates also typically have long periods of validity, compared to intermediate certificates. They will often last for 10 or 20 years, which gives enough time to prepare for when they expire. However, there still can be hiccups in the process of switching to the new root certificate.Ref
Reference:OpenSSL
openssl req -x509 -sha256 -new -nodes -key rootCAKey.pem -days 36500 -out rootCACert.pem
Please do comment in the below section for further help in this matter.
8 people are following this question.