您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

在 IoT 中心注册 IoT Edge 设备Register an IoT Edge device in IoT Hub

适用于:“是”图标 IoT Edge 1.1 “是”图标 IoT Edge 1.2(预览版)Applies to: yes icon IoT Edge 1.1 yes icon IoT Edge 1.2 (preview)

本文提供了在 IoT 中心注册新的 IoT Edge 设备的步骤。This article provides the steps to register a new IoT Edge device in IoT Hub.

连接到 IoT 中心的每个设备都有一个设备 ID,用于跟踪云到设备或设备到云的通信。Every device that connects to an IoT hub has a device ID that's used to track cloud-to-device or device-to-cloud communications. 可以使用设备连接信息来配置设备,这些信息包括 IoT 中心主机名、设备 ID 以及设备用于向 IoT 中心进行身份验证的信息。You configure a device with its connection information, which includes the IoT hub hostname, the device ID, and the information the device uses to authenticate to IoT Hub.

本文中的步骤演示了一个名为“手动预配”的过程。在手动预配过程中,你可以将单个设备连接到其 IoT 中心。The steps in this article walk through a process called manual provisioning, where you connect a single device to its IoT hub. 对于手动预配,可以通过两种方式来验证 IoT Edge 设备:For manual provisioning, you have two options for authenticating IoT Edge devices:

  • 对称密钥:在 IoT 中心创建新的设备标识时,该服务会创建两个密钥。Symmetric key: When you create a new device identity in IoT Hub, the service creates two keys. 将其中一个密钥置于设备上,并在进行身份验证时将该密钥提供给 IoT 中心。You place one of the keys on the device, and it presents the key to IoT Hub when authenticating.

    此身份验证方法更容易上手,但不够安全。This authentication method is faster to get started, but not as secure.

  • X.509 自签名:创建两个 X.509 标识证书并将其置于设备上。X.509 self-signed: You create two X.509 identity certificates and place them on the device. 在 IoT 中心创建新的设备标识时,需要提供两个证书的指纹。When you create a new device identity in IoT Hub, you provide thumbprints from both certificates. 设备在向 IoT 中心进行身份验证时会提供一个证书,IoT 中心会验证该证书是否与其指纹匹配。When the device authenticates to IoT Hub, it presents one certificate and IoT Hub verifies that the certificate matches its thumbprint.

    此身份验证方法更安全,建议用于生产场景。This authentication method is more secure, and recommended for production scenarios.

本文介绍了这两种身份验证方法。This article covers both authentication methods.

如果你有许多设备要设置,但不想手动预配每个设备,请参阅以下文章之一,了解 IoT Edge 如何与 IoT 中心设备预配服务协同工作:If you have many devices to set up and don't want to manually provision each one, use one of the following articles to learn how IoT Edge works with the IoT Hub Device Provisioning Service:

先决条件Prerequisites

Azure 订阅中的免费或标准 IoT 中心A free or standard IoT hub in your Azure subscription.

选项 1:使用对称密钥进行注册Option 1: Register with symmetric keys

可以根据自己的喜好使用若干工具在 IoT 中心注册新的 IoT Edge 设备并检索其连接字符串。You can use several tools to register a new IoT Edge device in IoT Hub and retrieve its connection string, depending on your preference.

在 Azure 门户你的 IoT 中心内,IoT Edge 设备的创建和管理独立于不支持 Edge 的 IoT 设备。In your IoT hub in the Azure portal, IoT Edge devices are created and managed separately from IoT devices that are not edge enabled.

  1. 登录 Azure 门户,导航到 IoT 中心。Sign in to the Azure portal and navigate to your IoT hub.

  2. 在左侧窗格中,从菜单中选择“IoT Edge”,然后选择“添加 IoT Edge 设备” 。In the left pane, select IoT Edge from the menu, then select Add an IoT Edge device.

    从 Azure 门户添加 IoT Edge 设备

  3. 在“创建设备”页面上,提供以下信息:On the Create a device page, provide the following information:

    • 创建描述性设备 ID。Create a descriptive device ID.
    • 选择“对称密钥”作为身份验证类型。Select Symmetric key as the authentication type.
    • 使用默认设置自动生成身份验证密钥并将新设备连接到中心。Use the default settings to auto-generate authentication keys and connect the new device to your hub.
  4. 选择“保存”。 Select Save.

现在,你已在 IoT 中心注册了设备,接下来请检索用于完成 IoT Edge 运行时安装和预配的连接字符串。Now that you have a device registered in IoT Hub, retrieve the connection string that you use to complete installation and provisioning of the IoT Edge runtime. 按照本文后面的步骤查看已注册的设备并检索连接字符串Follow the steps later in this article to View registered devices and retrieve connection strings.

选项 2:使用 X.509 证书进行注册Option 2: Register with X.509 certificates

使用 X.509 证书进行手动预配需要 IoT Edge 1.0.10 或更高版本。Manual provisioning with X.509 certificates requires IoT Edge version 1.0.10 or newer.

对于 X.509 证书身份验证,每个设备的身份验证信息采用从设备标识证书获取的指纹的形式提供。For X.509 certificate authentication, each device's authentication information is provided in the form of thumbprints taken from your device identity certificates. 在注册设备时,会向 IoT 中心提供这些指纹,以便服务在连接时能够识别设备。These thumbprints are given to IoT Hub at the time of device registration so that the service can recognize the device when it connects.

创建证书和指纹Create certificates and thumbprints

使用 X.509 证书预配 IoT Edge 设备时,你将使用所谓的“设备标识证书”。When you provision an IoT Edge device with X.509 certificates, you use what is called a device identity certificate. 此证书仅用于预配 IoT Edge 设备,以及通过 Azure IoT 中心对设备进行身份验证。This certificate is only used for provisioning an IoT Edge device and authenticating the device with Azure IoT Hub. 它是不能对其他证书进行签名的叶证书。It is a leaf certificate that doesn't sign other certificates. 设备标识证书不同于 IoT Edge 设备提供给模块或下游设备进行验证的证书颁发机构 (CA) 证书。The device identity certificate is separate from the certificate authority (CA) certificates that the IoT Edge device presents to modules or downstream devices for verification. 若要详细了解如何在 IoT Edge 设备中使用 CA 证书,请参阅了解 Azure IoT Edge 如何使用证书For more information about how the CA certificates are used in IoT Edge devices, see Understand how Azure IoT Edge uses certificates.

若要使用 X.509 进行手动预配,需要以下文件:You need the following files for manual provisioning with X.509:

  • 两个设备标识证书,它们需要具有 .cer 或 .pem 格式的匹配私钥证书。Two of device identity certificates with their matching private key certificates in .cer or .pem formats.

    其中一组证书/密钥文件提供给 IoT Edge 运行时。One set of certificate/key files is provided to the IoT Edge runtime. 创建设备标识证书时,请将证书公用名 (CN) 设置为你希望该设备在 IoT 中心具有的设备 ID。When you create device identity certificates, set the certificate common name (CN) with the device ID that you want the device to have in your IoT hub.

  • 从两个设备标识证书获取的指纹。Thumbprints taken from both device identity certificates.

    SHA-1 哈希的指纹值为 40 个十六进制字符,SHA-256 哈希的指纹值为 64 个十六进制字符。Thumbprint values are 40-hex characters for SHA-1 hashes or 64-hex characters for SHA-256 hashes. 在注册设备时,两个指纹都将提供给 IoT 中心。Both thumbprints are provided to IoT Hub at the time of device registration.

如果没有可用的证书,可以创建演示证书以测试 IoT Edge 设备功能If you don't have certificates available, you can Create demo certificates to test IoT Edge device features. 按照该文章中的说明设置证书创建脚本、创建根 CA 证书,然后创建两个 IoT Edge 设备标识证书。Follow the instructions in that article to set up certificate creation scripts, create a root CA certificate, and then create two IoT Edge device identity certificates.

从证书中检索指纹的一种方法是使用以下 openssl 命令:One way to retrieve the thumbprint from a certificate is with the following openssl command:

openssl x509 -in <certificate filename>.pem -text -fingerprint

注册新设备Register a new device

你可以使用多个工具在 IoT 中心注册新的 IoT Edge 设备,并上传其证书指纹。You can use several tools to register a new IoT Edge device in IoT Hub and upload its certificate thumbprints.

在 Azure 门户你的 IoT 中心内,IoT Edge 设备的创建和管理独立于不支持 Edge 的 IoT 设备。In your IoT hub in the Azure portal, IoT Edge devices are created and managed separately from IoT devices that are not edge enabled.

  1. 登录 Azure 门户,导航到 IoT 中心。Sign in to the Azure portal and navigate to your IoT hub.

  2. 在左侧窗格中,从菜单中选择“IoT Edge”,然后选择“添加 IoT Edge 设备” 。In the left pane, select IoT Edge from the menu, then select Add an IoT Edge device.

    从 Azure 门户添加 IoT Edge 设备

  3. 在“创建设备”页面上,提供以下信息:On the Create a device page, provide the following information:

    • 创建描述性设备 ID。Create a descriptive device ID. 记下此设备 ID,因为在下一部分会用到它。Make a note of this device ID, as you'll use it in the next section.
    • 选择“X.509 自签名”作为身份验证类型。Select X.509 Self-Signed as the authentication type.
    • 提供主要和辅助标识证书指纹。Provide the primary and secondary identity certificate thumbprints. SHA-1 哈希的指纹值为 40 个十六进制字符,SHA-256 哈希的指纹值为 64 个十六进制字符。Thumbprint values are 40-hex characters for SHA-1 hashes or 64-hex characters for SHA-256 hashes.
  4. 选择“保存”。 Select Save.

现在,你已在 IoT 中心注册了设备,可以在设备上安装和预配 IoT Edge 运行时了。Now that you have a device registered in IoT Hub, you are ready to install and provisioning the IoT Edge runtime on your device. 使用 X.509 证书进行身份验证的 IoT Edge 设备不使用连接字符串,因此你可以继续执行下一步骤:IoT Edge devices that authenticate with X.509 certificates don't use connection strings, so you can continue to the next step:

查看已注册的设备并检索连接字符串View registered devices and retrieve connection strings

使用对称密钥身份验证的设备需要使用其连接字符串来完成 IoT Edge 运行时的安装和预配。Devices that use symmetric key authentication need their connection strings to complete installation and provisioning of the IoT Edge runtime.

使用 X.509 证书身份验证的设备不需要使用连接字符串,Devices that use X.509 certificate authentication do not need connection strings. 只需要使用其 IoT 中心名称、其设备名称以及其证书文件来完成 IoT Edge 运行时的安装和预配。Instead, those devices need their IoT hub name, their device name, and their certificate files to complete installation and provisioning of the IoT Edge runtime.

所有连接到 IoT 中心并已启用 Edge 的设备都列在 IoT Edge 页上。All the edge-enabled devices that connect to your IoT hub are listed on the IoT Edge page.

使用 Azure 门户查看 IoT 中心内的所有 IoT Edge 设备

如果已准备好设置设备,则需要连接字符串,该字符串使用物理设备在 IoT 中心内的标识链接该设备。When you're ready to set up your device, you need the connection string that links your physical device with its identity in the IoT hub.

使用对称密钥进行身份验证的设备有自己的连接字符串,可以在门户中复制这些连接字符串。Devices that authenticate with symmetric keys have their connection strings available to copy in the portal.

  1. 在门户的 IoT Edge 页中,单击 IoT Edge 设备列表中的设备 ID。From the IoT Edge page in the portal, click on the device ID from the list of IoT Edge devices.
  2. 复制“主连接字符串”或“辅助连接字符串”的值 。Copy the value of either Primary Connection String or Secondary Connection String.

后续步骤Next steps

现在,你已在 IoT 中心注册了设备,可以在设备上安装和预配 IoT Edge 运行时了。Now that you have a device registered in IoT Hub, you are ready to install and provisioning the IoT Edge runtime on your device.