Contents
Cirrus Link Resources
Cirrus Link Website
Contact Us (Sales/Support)
Forum
Cirrus Link Modules Docs for Ignition 7.9.x
Inductive Resources
Ignition User Manual
Knowledge Base Articles
Inductive University
Forum
Page History
Generating Certificates
See step-by-step instructions for generating certificates to be used for certificate based authentication here.
Add Root Certificate
The certificate-based authentication for Azure IoT works like this:
- There will be a root certificate signed by a certificate authority.
- The root certificate will be uploaded to the Azure IoT Hub.
- For each IoT device we want to authenticate, we will create a separate client certificate, signed by the same certificate authority.
- At the time of the authentication, our IoT device will present the client certificate as the proof of identity.
- Azure IoT Hub will verify the identity based on the root certificate and the device name.
This document details how to create a certificate authority, a root certificate, and the client certificate(s).
| Tip |
|---|
The command line tools openssl and keytool are used. Install the OpenSSL command line tool and add the OpenSSL PATH in the Windows environment variables if necessary. Keytool is part of the standard java distribution and is located in the bin sub-directory of your jdk installation directory. Chariot includes a java distribution under the <chariot_install_dir>/lib/runtime/jdk11.0.12_7/bin folder. Add the keytool PATH in the Windows environment variables if necessary. You will need to restart your any open command window to pick up this configuration change. |
As a first step, we need to generate the certificate hierarchy.
Create the following folder structure on your local drive to hold the various certificates in the hierarchy that we will be generating:
iotcerts/
├── rootca/
│ ├── device
Create Root Certificate
Create Client (Device) Certificate
...
to IoT Hub
- On the IoT Hub resource Overview page, click “Certificates” menu on the left blade, and click the “Add” button.
...
- Give a certificate
...
- name (eg.
...
- MyOrg RootCertificate) and import the
...
- ca.pemfile from your iotcerts/ca folder. Check the “Set certificate status to verified on upload” checkbox and click Save.
...
Add device certificates to Azure Injector IoT Hub configuration
Navigate to the Azure Injector > Settings > Azure IoT Hubs > Certificates and add the certificates as shown below:
| Friendly Name | Certificate Filename | File Description | File Location |
|---|---|---|---|
| CACertificate | |||
| DeviceCertificate | CertDevice.pem | Device Certificate | iotcerts/certs/device/CertDevice.pem |
| DeviceKey | CertDevice.key | Device Private Key | iotcerts/certs/device/CertDevice.key |
Update the Azure Injector > Settings > Azure IoT Hubs > Settings configuration to use the certificates as shown below. Note : the certificates created do not use a Password
Verify the connection is established as shown by the Status on the Azure Injector > Settings > Azure IoT Hubs view
...
Click Save.
Create Logical Device myiotdevice1
On the resource Overview page, click “Devices” menu on the left blade, and click “Add Device” button.
...
In the “Create a device” page that appears, give myiotdevice1 as the Device Id.
| Note |
|---|
| Note that this name must match the commonName/FQDN we used when generating the client (device) certificate above. |
Select Authentication type X.509 CA Signed. Keep “Connect this device to an IoT Hub” as Enabled.
...
Overview
Content Tools