Hi Team ! Is there a way to setup an alert when the device ca cert expires at the IoT Edge??
Hi Team ! Is there a way to setup an alert when the device ca cert expires at the IoT Edge??
Hello @Somiya-2815 Thanks for posting this useful query on this forum.
I hope the below information helps with your initial query.
You need to provide the "Production Certificates" as explained here: Manage device certificates - Azure IoT Edge. If you have your own CA, you can create the certificates and assign them to the devices, if not, you will need to opt between use commercial certificates (initially recommended for production environments) or use self-signed certificates. Currently, there is an effort towards having a managed service (within DPS) to provide the certificate management but is currently under development.
To mention that either using commercial certificates or self-signed ones, you will need to take care of certificate rotation before the expiration (if using self-signed certs, you need to take care of the emission and custody).
How to roll X.509 device certificates
Microsoft advocates the need for having reactive security processes in place along with preventative measures. Rolling your device certificates should be included as part of these security processes. The frequency in which you roll your certificates will depend on the security needs of your solution. Customers with solutions involving highly sensitive data may roll certificate daily, while others roll their certificates every couple years.
You may be interested in collecting Edge Device metrics by leveraging: Collect and transport metrics (Preview)

Please comment in the below section for further help in this matter.
4 people are following this question.