Contents
Cirrus Link Resources
Cirrus Link Website
Contact Us (Sales/Support)
Forum
Cirrus Link Modules Docs for Ignition 7.9.x
Inductive Resources
Ignition User Manual
Knowledge Base Articles
Inductive University
Forum
The certificate-based authentication for Azure IoT works like this:
This document details how to create a certificate authority, a root certificate, and the client certificate(s).
The command line tools openssl and keytool are used.
Install the OpenSSL command line tool and add the OpenSSL PATH in the Windows environment variables if necessary.
Keytool is part of the standard java distribution and is located in the bin sub-directory of your jdk installation directory. Chariot includes a java distribution under the <chariot_install_dir>/lib/runtime/jdk11.0.12_7/bin folder. Add the keytool PATH in the Windows environment variables if necessary.
You will need to restart your any open command window to pick up this configuration change.
As a first step, we need to generate the certificate hierarchy.
Create the following folder structure on your local drive to hold the various certificates in the hierarchy that we will be generating:
iotcerts/
├── ca/
└── certs/
├── device/
These are the steps that need to be completed for the certificate hierarchy:
Generate Client certificate signed with the Root CA’s private key
Generate a private key file (ca.key) for the Root CA using the command below. You may choose to enter a passphrase to be associated with the ca.key file as well.
openssl genrsa -des3 -out ca/ca.key 4096
Generate a self-signed certificate (ca.crt) for the Root CA using the command below. This command generates a new self-signed X.509 certificate named "ca.crt" valid for 3650 days (10 years) using the RSA private key "ca.key". You will be required to enter the pass phrase associated with the private key file "ca.key".
|
There are a number of fields associated with the creation of the certificate. Fill them out with your relevant details.
Example CA Creation
|
You should have the following files created:
chariotcerts/
├── ca/
├── ca.crt
├── ca.key
Depending on the version of openSSL that you are using, you may see additional .srl files created which contain the signed certificate's unique serial number. These files are not used directly by the modules and not included in the certificate hierachy displayed above.
On the IoT Hub resource Overview page, click “Certificates” menu on the left blade, and click the “Add” button.
In the “Certificates” blade that appears, give a certficate name (eg. MyOrgIoTHubRootCertificate).
Browse to the IotCerts/rootca folder on your computer and import the rootca.pem. Check the “Set certificate status to verified on upload” checkbox.
Click Save.
Create Logical Device myiotdevice1
On the resource Overview page, click “Devices” menu on the left blade, and click “Add Device” button.
In the “Create a device” page that appears, give myiotdevice1 as the Device Id.
Select Authentication type X.509 CA Signed. Keep “Connect this device to an IoT Hub” as Enabled.
it
Click Save.