question

Harisboston avatar image
0 Votes"
Harisboston asked SatishBoddu-MSFT commented

Azure IoT Hub connection with HL7800 module.

Hi,

I'm trying to connect to the azure iot hub via TCP/SSL following this tutorial concerning the certificates that need to be loaded. I am connecting fine via MQTTfx but when I try with my device I get an SSL error.

I have successfully connected my device with AWS via SSL so I'm guessing I am in the right path.
Could the issue be that Azure has many root CAs for its domain and that could somehow create a problem with my device (HL7800 Sierra Wireless modem)?

Thanks


azure-iot-hub
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @NickWeliodro-9668 Sorry for the delay in response.

Community SME's on this topic or our team will review your scenario and circle back at the possible earliest time.

0 Votes 0 ·

1 Answer

SatishBoddu-MSFT avatar image
0 Votes"
SatishBoddu-MSFT answered SatishBoddu-MSFT commented

Hello @NickWeliodro-9668 I hope you have gone through the below documentation.

Please comment in the below section if you need further help in this matter.

Device Authentication using X.509 CA Certificates

This article describes how to use X.509 Certificate Authority (CA) certificates to authenticate devices connecting IoT Hub. In this article you will learn:

How to get an X.509 CA certificate
How to register the X.509 CA certificate to IoT Hub
How to sign devices using X.509 CA certificates
How devices signed with X.509 CA are authenticated


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

I am in Greece and my module supports TLS 1.2 only and these cipher suites:
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-CCM
TLS-ECDHE-ECDSA-WITH-AES-256-CCM
TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8
TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

The article says: IoT Hubs that are configured to accept only TLS 1.2 will also enforce the use of the following recommended cipher suites:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

So it should work since the first cipher suite is the same.

I added another IoT hub with South Central US region to enable minimum TLS version 1.2 but still no luck. It still works fine with MQTTfx. And with AWS with my module.

thanks

0 Votes 0 ·

Ok i managed to connect using the US IoT hub. There was an issue with the certificates and the cipher suites available.

But if I choose a region in Europe my device will NOT work because it is TLS1.2 only and AZURE allows only the following
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

0 Votes 0 ·

Hello @NickWeliodro-9668 Thanks for the update.

Let me check with our SME , @SandervandeVelde42 Could you please share your thoughts on this matter.

0 Votes 0 ·