How To Create x509 Test Certificate for Azure IoT

During the IoT application development we need the X.509 certificates for those devices which are depends on the X.509 based authentication. The developer test many scenarios during the development, so every time buying the new certificate and device for development is not possible, so we required something virtual but gives a real-life experience, so by considering time and cost, we will create the test certificates locally and test the Azure IoT experience. Microsoft has provided the sample PowerShell script on GitHub to generate the X.509 certificates.

What is use of X.509 Certificate?

The X.509 certificate helps to identify the device on IoT Hub using public and private keys stored within the certificate.

Step 1: Copy the PowerShell Script

Copy the following PowerShell script and save it on your PC storage location as GenerateTestCertificate.ps1 or whatever name you wish, just make sure you have saved the file having an extension .ps1.

# Copyright (c) Microsoft. All rights reserved.
# Licensed under the MIT license. See LICENSE file in the project root for full license information.

Param(
    $deviceName = "iothubx509device1",
    $certificateValidityInYears = 1
)

$cert = New-SelfSignedCertificate `
    -Type Custom `
    -Subject "CN=$deviceName, O=TEST, C=US" `
    -KeySpec Signature `
    -KeyExportPolicy Exportable `
    -HashAlgorithm sha256 `
    -KeyLength 2048 `
    -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") `
    -CertStoreLocation "Cert:\CurrentUser\My" `
    -NotAfter (Get-Date).AddYears($certificateValidityInYears)

Write-Host "Generated the certificate:"
Write-Host $cert

Write-Host "Enter the PFX password:"
$password = Read-Host -AsSecureString

$cert | Export-PfxCertificate -FilePath certificate.pfx -Password $password
Set-Content -Path certificate.cer -Value ([Convert]::ToBase64String($cert.RawData)) -Encoding Ascii

I have saved the file on my E drive in the Cert folder which looks like as follows.


Step 2: Open the PowerShell ISE

Now open the PowerShell ISE command prompt in administrative mode as follows.


Make sure it's PowerShell ISE, not just PowerShell command prompt.

Step 3: Change The Directory

Change the directory location where your generate test certificate PowerShell file is located. In this article, the file is located under the E Drive Cert folder.


In the preceding image, the path is set to the Cert folder using the CD command in which our PowerShell Script file is located.

Step 4: Load GenerateTestCertificate.ps1 File

As shown in the following image, load the GenerateTestCertificate.ps1 file and  provide the parameter which is a CA (common name of the certificate) which internally can be become as a DeviceId of the IoT device. Make sure you are following the command syntax exactly as shown in the below image.


Once all details are given as shown in the image, then press the enter key on your keyboard, it will prompt the following screen. Provide the password for the pfx certificate and remember the password which is required during the provisioning the device on IoT Hub.


Once you enter the password press the enter or OK button as shown in the preceding image. Once the certificates are successfully generated, the following details are shown on the PowerShell command prompt.



There are two certificates created with the preceding procedure that are password-protected PKCS12 formatted file (certificate.pfx) and public key certificate file (certificate.cer).

The created certificates files are stored in the same location as your GenerateTestCertificate.ps1 file. Now navigate to the my E drive cert folder where you will see the created file.


As you see in the preceding image, the X.509 self signed certificates are created that are password-protected PKCS12 formatted file certificate.pfx and public key certificate file certificate.cer.

Both the certificates are required to authenticate the single device that is a public key certificate used to enroll the device on Azure device provisioning service and password protected .Pfx required to identify the device identity and provision the device on IoT Hub.

Note

  • These certificates are only for testing purposes, don’t use for the production. 
  • Please buy the certificates from the respective device certificate authority for production requirement.

Summary

I hope from the preceding explanation you have learned how to create the X.509 test certificate. In my next article, we will learn how to enroll X.509 device on Azure Device provisioning service and provision the device on Azure IoT Hub. If you are facing any issue during generating the certificates then you can use the comment box to ask your queries.

If you are new to the IoT, then you can read my previous articles using the following given links to learn more about the IoT.

Related article

Check If your PC is Eligible for Free Upgrade to Windows 11

Microsoft announces the roll-out of Windows 11 later this year and also announced that some of the current Windows 10 PC's are eligible for a free upgrade. The Microsoft planned to support the existing Windows 10 till 14 October,2025.


Following are the minimum system configurations required for Windows 11 free upgradation.

  • At least 4 GB RAM
  • 64 GB or greater system storage
  • 64-Bit Processor having minimum speed 1 Ghz with 2 Cores
  • The system should be capable of Unified Extensible Firmware Interface (UEFI) and secure boot
  • Graphics card having DirectX 12 compatible graphics / WDDM 2.x
  • Display should be greater than 9 inches with HD Resolution
  • The system should support Trusted Platform Module (TPM) 2.0
  • Active Internet connection with Microsoft Account

You can use the Microsoft PC Health Check app to determine if your PC is eligible to upgrade to Windows 11.




Once you download the app, run it on your current PC, it will check the configuration and give the result whether your current PC is eligible to upgrade or not as shown in the following screenshot.


After running the health checker, it shows the preceding message that my PC does not support Windows 11 Free upgrade since my current system does not support the secure boot.

The most of the existing Windows 10 PC's lack the secure boot and UEFI feature support which result in them not being eligible for the free upgrade.

Summary

I hope this quick post helps you to check whether or not your current PC supports Windows 11 free upgrade. If you like this type of post, then share with your friends and don't forget to follow me on social media and YouTube Channel.

Related Articles

Generating QR Code To Open Web URL In ASP.NET Core MVC

In the previous article, we have learned how to create a simple QR code which has a sample text. Now in this article we will learn how to generate the QR code to open the web page after scanning the QR code. As shown in the following image.



Let's learn step by step by creating an ASP.NET Core application.

Step 1: Create ASP.NET Core MVC Application

  • Start then  All Programs and select "Microsoft Visual Studio 2019".
  • Once the Visual Studio Opens, Then click on Continue Without Code.
  • Then Go to Visual Studio Menu, click on File => New Project then choose ASP.NET Core Web App (Model-View-Controller) Project Template.
  • Then define the project name, location of the project, Target Framework, then click on the create button.
The preceding steps will create the ASP.NET Core MVC application and solution explorer. It will look like as shown in the following image.


Delete the existing auto-generated code including controller and views for ease of understanding. We will add step by step while building the application.

Step 1: Add QRCoder Nuget Package Reference

The QRCoder is the open source pure C# library to generate the codes. The QRCoder supports the basic to custom and complex OR code generation, follow the following steps to add the Nuget package.
  • Right click on the Solution Explorer, find Manage NuGet Package Manager and click on it
  • After as shown into the image and type in search box "QRCoder"
  • Select QRCoder as shown into the image
  • Choose version of QRCoder library and click on install button

I hope you have followed the same steps and installed the QRCoder nuget package.

Step 2: Create the Model Class

Create the model class QRCodeModel by right clicking on the model folder to take the input text for QR code as shown in the following image.


Now open the QRCodeModel.cs class file and add the following code.

using System.ComponentModel.DataAnnotations;

namespace GeneratingQRCode.Models
{
    public class QRCodeModel
    {
        [Display(Name = "Enter QRCode Text")]
        public string QRCodeText { get; set; }

    }
}

Step 3: Add the Controller

Create the Controller class by right clicking on the Controller folder as shown in the following image.


Now open the HomeController.cs file and add the following code.

using GeneratingQRCode.Models;
using Microsoft.AspNetCore.Mvc;
using QRCoder;
using System;
using System.Drawing;
using System.Drawing.Imaging;
using System.IO;
using Static.QRCoder.PayloadGenerator;
namespace GeneratingQRCode.Controllers { public class HomeController : Controller { [HttpGet] public IActionResult CreateQRCode() { return View(); } [HttpPost] public IActionResult CreateQRCode(QRCodeModel qRCode) {
            
            string WebUri = new Url(qRCode.QRCodeText);
            string UriPayload =WebUri.ToString();
QRCodeGenerator QrGenerator = new QRCodeGenerator(); QRCodeData QrCodeInfo = QrGenerator.CreateQrCode(UriPayload, QRCodeGenerator.ECCLevel.Q);
QRCode QrCode = new QRCode(QrCodeInfo); Bitmap QrBitmap = QrCode.GetGraphic(60); byte[] BitmapArray = QrBitmap.BitmapToByteArray(); string QrUri = string.Format("data:image/png;base64,{0}", Convert.ToBase64String(BitmapArray)); ViewBag.QrCodeUri = QrUri; return View(); } } //Extension method to convert Bitmap to Byte Array public static class BitmapExtension { public static byte[] BitmapToByteArray(this Bitmap bitmap) { using (MemoryStream ms = new MemoryStream()) { bitmap.Save(ms, ImageFormat.Png); return ms.ToArray(); } } } }

Step 4: Create The View

Create the view with the name CreateQRCode using the model class QRCodeModel by right clicking on the view folder or right clicking in the controller class file as shown in the following image.


After clicking the Add button, it generates the view with the name CreateQRCode. Now open the CreateQRCode.cshtml file and replace the default generated code as follows:

CreateQRCode.cshtml

@model GeneratingQRCode.Models.QRCodeModel

@{
    ViewData["Title"] = "www.compilemode.com";
}
<hr />
<div class="row">
    <div class="col-md-4">
        <form asp-action="CreateQRCode">
            <div asp-validation-summary="ModelOnly" class="text-danger"></div>
            <div class="form-group">
                <label asp-for="QRCodeText" class="control-label"></label>
                <input asp-for="QRCodeText" class="form-control" />
                <span asp-validation-for="QRCodeText" class="text-danger"></span>
            </div>
            <div class="form-group">
                <input type="submit" value="Generate QR Code" class="btn btn-primary text-center" />
            </div>
            <div class="form-group">

                <img src="@ViewBag.QrCodeUri" class="img-thumbnail" />
            </div>
        </form>
    </div>
</div>
@section Scripts {
    @{await Html.RenderPartialAsync("_ValidationScriptsPartial");}
}

In the preceding code you see the image tag src Uri assigned with ViewBag, which we have set from the HomeController class.

Step 5: Configure the Routing

We have modified the auto-generated files, so we have to set the default routing so that when you run the application, then the default view can start in the browser. Now open the Startup.cs and set the default routing as per our controller and the created view as shown in the following image.


After adding all the required files and configuration, the Solution explorer of our created ASP.NET core application will look like as follows.


Step 6: Run the Application.

Now press Keyboard F5 or Visual Studio run button to run the application. After running the application, the following screen will be shown in the browser. Enter the QR code text and click on the Generate QR code button, then it will generate the following code as in the following screenshot.


Step 7: Read the QR Code

Open the your mobile phone QR code reader application and scan it, it will show the website link which we have entered during the QR code creation and Go To Website, it will open the website as shown in the following demo.




Summary

I hope, from all the above examples, you have learned to generate QR Code which open the given URL using ASP.NET Core MVC. If you like it, share it with your friends, subscribe to the blog and YouTube channel for more such articles.

Device Enrollment Using Symmetric Key In Azure DPS

In this article, we will learn how to enroll the device using the Symmetric key in Azure device provisioning service. If you have not read my previous articles about Azure device provisioning service yet, then please read them using the following link.As explained in the previous articles, IoT devices on the IoT hub can be connected in two ways that are
  • Using Device Provisioning Service then Azure IoT Hub
  • Directly to the Azure IoT hub
So let's learn how to enroll the IoT devices with Device Provisioning Service (DPS).

What is Device Enrollment?

Device enrollment is the process of adding the pre-configured IoT devices details on Azure device provisioning service and connect to the IoT hub on-demand or based on the requirement without any human intervention.

Now let's learn step by step how to enroll the IoT devices

Step 1: Login To Azure Portal

After login into the azure portal, find the device provisioning service which we have created in the How To Create Azure Device Provisioning Service article or if you haven't created it, then please follow the steps shown in the article and create it. I hope you have DPS services on the portal. Now find the option to manage enrollments as shown in the following image.


 Device Provisioning Service (DPS) provide the  following two concepts,
  • Individual Enrollment
  • Group Enrollment
In this article we will learn about the individual device enrollment using the symmetric key.

What is Individual Enrollment?

This allows enrolling one device at a time that allows unique configuration per device. 

Step 2:  Navigate To Azure Device Provisioning Service Instance

To create the individual enrollment, select manage enrollment, then click on the Add individual enrollment as shown in the following image.


After clicking on the Add individual enrollment button, the following screen will get appeared as shown in the following step.

Device Enrollment Using Symmetric Key

Choose the symmetric key attestation mechanism from the dropdown list and check on auto-generated keys as shown in the following image.



In the symmetric key attestation mechanism we need to provide the registration id but in X.509 enrollment the registration id taken from the certificate common name (CN).

Now providing all the above details, click on the save and go to our created device provisioning service (DPS) instance and see the created enrollment entry as follows.





As shown in the preceding image, we see the registration id reg100 is added, follow the same steps for other types of attestation mechanism, and enroll the device.


Summary

I hope this article is useful to understand how to enroll the device using Symmetric key in Azure device provisioning service.

Multiple Layout Pages In ASP.NET Core MVC

The layout page shares the common design across all pages. There are many methods which are listed below to change the layout page dynamically in ASP.NET Core MVC.
  • While Adding View Page, Assign Layout Page .
  • Using View Start Page
I hope you have understood about the layout page from the preceding brief summary. Now let's implement it practically.
  • Start then All Programs and select "Microsoft Visual Studio 2019".
  • Once the Visual Studio Opens, Then click on Continue Without Code.
  • Then Go to Visual Studio Menu, click on File => New Project then choose ASP.NET Core Web App (Model-View-Controller) Project Template.
  • Then define the project name, location of the project, Target Framework, then click on the create button.
The preceding steps will create the ASP.NET Core MVC application.

Step 2:  Add user and admin controller controller.

Right click on the Controller folder in the created ASP.NET Core MVC application and add the two controller classes with names UserController and AdminController as follows.


The preceding two controller classes are added into the project which are User and Admin and create the following action methods in respective controller class.

UserController.cs

public class UserController : Controller  
    {  
        public IActionResult Login()  
        {  
            //write logic here  
            return View();  
        }  
    } 
AdminController.cs

public class AdminController : Controller  
   {  
       [HttpPost]  
       public IActionResult AddRole()  
       {  
           //write logic here  
           return View();  
       }  
   } 
For preceding two controllers we will use two different layout pages.

Step 3: Add Views and Layout pages

We can decide which layout page to be used while adding the view. Let us follow the following steps to add the layout page with view. Click on the View folder of the created ASP.NET Core MVC application as,


As shown in the preceding image, specify the view name and check the use layout page option and click the adding button, then the following default layout page will be added into the solution explorer. Now let's add another layout page named admin as in the following. Click on solution explorer and add the layout page as follows:



Now click on add button, then two layout pages are added under shared folder which are AdminLayoutPage and Layout.

Step 4: Set layout pages to view

We have created view and layout pages. Now let us assign layout pages to the views. There are many ways to assign layout page to the view which are listed as in the following:
  • Using wizard
  • Using ViewStart page
  • Using view method
Using wizard

You can use wizard to set the layout page while adding the view, steps are as follows:
  • Right click on view folder and select view template as,

Specify the view name and check on Use a layout page and click on browse button. The following window will appear,


Now choose layout page from preceding available Layout pages and click on ok button. The layout page will look like as follows,


Now click on add button then layout page reference added into the view page as,

So whenever you will add through wizard or manually the layout page reference need to be set in every view page where the layout page is needed.

Using ViewStart page

Adding reference of layout page in every page is very difficult and repetitive of code. Let us consider I have one controller which as twenty plus action method then each twenty views we need to add reference of layout page. Assume another requirement we need to set layout page according to condition basic or controller basic then we need to use Viewstart page.

Lets open the ViewStart.cshtm page and write the following code,

@{  
    string CurrentReq = Convert.ToString(Context.Request.HttpContext.Request.RouteValues["Controller"]);
dynamic Layout; switch (CurrentReq)
{ case "User": Layout = "~/Views/Shared/_Layout.cshtml"; break; default: //Admin layout Layout = "~/Views/Shared/_AdminLayoutPage.cshtml"; break; } }
Now run the application, the Login view will look like as follows in which we have used Layout page,

Now run AddRole view, Then the output will look like the following,

I hope from all the preceding examples, you have learned how to work with multiple layout pages in ASP.NET Core MVC.

Note:
  • Apply proper validation before using it in your project.
Summary

I hope this article is useful for all readers. If you have any suggestions, then please mention it in the comment section.

Related Tutorials


How To Create an ASP.NET MVC Application

Provision X.509 Device Using Azure Device Provisioning Service

In this article, we will learn how to provision X.509 device using the Azure device provisioning service. If you have not read my previous articles about Azure device provisioning service yet, then please read them using the following link.As explained in the previous articles, IoT devices on the IoT hub can be connected in two ways that are
  • Using Device Provisioning Service then Azure IoT Hub
  • Directly to the Azure IoT hub
So let's learn how to enroll the IoT devices with Device Provisioning Service (DPS).

What is Device Enrollment?

Device enrollment is the process of adding the pre-configured IoT devices details on Azure device provisioning service and connect to the IoT hub on-demand or based on the requirement without any human intervention.

Now let's learn step by step how to enroll the IoT devices

Step 1: Login To Azure Portal

After login into the azure portal, find the device provisioning service which we have created in the How To Create Azure Device Provisioning Service article or if you haven't created it, then please follow the steps shown in the article and create it. I hope you have DPS services on the portal. Now find the option to manage enrollments as shown in the following image.


 Device Provisioning Service (DPS) provide the  following two concepts,
  • Individual Enrollment
  • Group Enrollment
In this article we will learn about the individual device enrollment

What is Individual Enrollment?

This allows enrolling one device at a time that allows unique configuration per device. 

Step 2:  Navigate To Azure Device Provisioning Service Instance

To create the individual enrollment, select manage enrollment, then click on the Add individual enrollment as shown in the following image.


After clicking on the Add individual enrollment button, the following screen will get appeared as shown in the step 3.

Step 3: Provide Enrollment Details and X.509 Certificate

Provide the required details including the X.509 security certificate


As shown in the preceding image, we need some details to create the enrollment entry,
  • Attestation Mechanism
  • Primary Certificate
  • Secondary certificate
  • IoT Hub Device Id
  • IoT Edge Device
  • Device Allocation Policy
  • Choose IoT Hub
  • Device Re-Provisioning
  • Device Twin State
  • Enable Entry
These details differ based on the chosen attestation mechanism type as shown in the following image

What is Attestation Mechanism?

The attestation Mechanism is the process of cross verifying the enrolled device identity during the device registration on IoT Hub, Device Provisioning Service supports the following attestation mechanism

  • X.509
  • TPM
  • SymetricKey
Now let's learn how to enroll devices using the above attestation mechanisms

Device Enrollment Using X.509

The X.509 is the security certificate which includes the authentication details about the device. These certificates can be provided by a device manufacturer which they can buy from the authorized certificate provider such as CA. For development and testing purposes we can create the X.509 certificate by using the tools like PowerShell or OpenSSl etc. I will show in a separate article how to generate the X.509 certificates.

I have X.509 certificates on my pc which I have generated using PowerShell. If you want to know how to create the X.509 test certificate, then you can learn by using the following link.


Now choose X.509 attestation mechanism from the dropdown list and choose the device.cer certificate as shown in the following image.


After uploading the certificate provide the following optional details

IoT Hub Device Id

Provide the Device Id name which is unique per X.509 certificate. This is optional, if you do not provide the device Id, then the registration id becomes the deviceId on the Azure IoT hub.

IoT Edge Device


Choose between true or false, which indicates if it's true, then it's an edge device, else it's an IoT device.

Device Allocation Policy

This chosen policy decides how IoT devices allocate to the IoT Hub, you can read my previous article to understand the details about the device allocation policies.

Choose IoT Hub

Device provisioning service can be linked with multiple IoT Hubs, you can choose on which IoT hub, device should register or you can let it decide by device allocation policy.

Device Re-Provisioning Policy

There may be a requirement to re-provision the device, so during this process, it allows whether to keep the previous data or not.

Initial Device Twin State

The initial device twin allows storing the custom properties about the device or whatever you want. Mostly, the device twin is used to keep the device-related information such as the path of the device upgrade package file or client details etc.

Example,


{  
  "tags": {},  
  "properties": {  
    "desired": {  
      "devicetype": "waterflow",  
      "client": "www.compilemode.com"  
    }  
  }  
}  

Enable Entry

This option allows enabling to disable the enrollment entry.

Now providing all the above details, click on the save. After successfully creating the enrollment entry, the following notification will be shown.


Now go to our created device provisioning service (DPS) instance and see the created enrollment entry as follows.



In the preceding image, you see the registration id as my device which comes from the certificate common name (CN).

Device Enrollment Using Symmetric Key

Now choose the symmetric key attestation mechanism from the dropdown list and check on auto-generated keys as shown in the following image.



Provide the required details as we did in the X.509 enrollment, in the symmetric key attestation mechanism we need to provide the registration id but in X.509 enrollment the registration id taken from the certificate common name (CN).

Now providing all the above details, click on the save, now go to our created device provisioning service (DPS) instance and see the created enrollment entry as follows.


As shown in the preceding image, we see the registration id reg100 is added, follow the same steps for other types of attestation mechanism, and enroll the device.

Summary

I hope this article is useful to understand how to provision X.509 device using the Azure device provisioning service.

Azure Device Provisioning Service IoT Hub Allocation Policy

In my previous article, we have learned how the Azure Device Provisioning Service helps to manage the IoT devices throughout their life cycle. You can link the multiple IoT Hub to the single instance of Azure device provisioning service and IoT devices automatically allocate to the specific IoT hub based on the set policy during the device enrollment. There are the following policies supported by the device provisioning service.

  • Static configuration
  • Evenly weighted distribution
  • Lowest latency

Static Configuration

When static allocation policy is assigned during the devices enrollment, then it gives the option to choose the IoT Hub & based on selected IoT hub devices get registered to the specific IoT hub.
The following flow will give an idea how it will work.

Evenly Weighted Distribution

Evenly distributed policy registers the device on the IoT hub which has less utilization & load. Let’s say we have ten IoT devices and two linked IoT hubs, then five devices will be assigned to one IoT hub and five devices to another IoT hub based on how much available IoT hub is utilized.
The following process diagram will give a clear idea of an evenly distributed policy.

Lowest latency

Lowest latency policy allows to allocate the device on the IoT hub which is near the device location. It means device automatically allocate to the closest IoT hub ((Datacenter) of the device location, which will make faster communication between devices and the IoT hub.
The following diagram shows how the lowest latency policy works.

Summary

I hope this article helped you to understand about the Azure device provisioning service IoT hub allocation policies. In the next article we will learn about the Azure event hub.

Related Articles

Creating Device Enrollment on Azure Device Provisioning Service

This article explains how to enroll an IoT device on Azure device provisioning service using X.509 certificate. In my previous articles on the Azure IoT series, we have learned about the Azure IoT Hub and Device Provisioning Service (DPS). If you have not read my previous articles about Azure device provisioning service yet, then please read them using the following link.As explained in the previous articles, IoT devices on the IoT hub can be connected in two ways that are
  • Using Device Provisioning Service then Azure IoT Hub
  • Directly to the Azure IoT hub
So let's learn how to enroll the IoT devices with Device Provisioning Service (DPS).

What is Device Enrollment?

Device enrollment is the process of adding the pre-configured IoT devices details on Azure device provisioning service and connect to the IoT hub on-demand or based on the requirement without any human intervention.

Now let's learn step by step how to enroll the IoT devices

Step 1: Login To Azure Portal

After login into the azure portal, find the device provisioning service which we have created in the How To Create Azure Device Provisioning Service article or if you haven't created it, then please follow the steps shown in the article and create it. I hope you have DPS services on the portal. Now find the option to manage enrollments as shown in the following image.


 Device Provisioning Service (DPS) provide the  following two concepts,
  • Individual Enrollment
  • Group Enrollment
In this article we will learn about the individual device enrollment

What is Individual Enrollment?

This allows enrolling one device at a time that allows unique configuration per device. 

Step 2:  Navigate To Azure Device Provisioning Service Instance

To create the individual enrollment, select manage enrollment, then click on the Add individual enrollment as shown in the following image.


After clicking on the Add individual enrollment button, the following screen will get appeared as shown in the step 3.

Step 3: Provide Enrollment Details and X.509 Certificate

Provide the required details including the X.509 security certificate


As shown in the preceding image, we need some details to create the enrollment entry,
  • Attestation Mechanism
  • Primary Certificate
  • Secondary certificate
  • IoT Hub Device Id
  • IoT Edge Device
  • Device Allocation Policy
  • Choose IoT Hub
  • Device Re-Provisioning
  • Device Twin State
  • Enable Entry
These details differ based on the chosen attestation mechanism type as shown in the following image

What is Attestation Mechanism?

The attestation Mechanism is the process of cross verifying the enrolled device identity during the device registration on IoT Hub, Device Provisioning Service supports the following attestation mechanism

  • X.509
  • TPM
  • SymetricKey
Now let's learn how to enroll devices using the above attestation mechanisms

Device Enrollment Using X.509

The X.509 is the security certificate which includes the authentication details about the device. These certificates can be provided by a device manufacturer which they can buy from the authorized certificate provider such as CA. For development and testing purposes we can create the X.509 certificate by using the tools like PowerShell or OpenSSl etc. I will show in a separate article how to generate the X.509 certificates.

I have X.509 certificates on my pc which I have generated using PowerShell. If you want to know how to create the X.509 test certificate, then you can learn by using the following link.


Now choose X.509 attestation mechanism from the dropdown list and choose the device.cer certificate as shown in the following image.


After uploading the certificate provide the following optional details

IoT Hub Device Id

Provide the Device Id name which is unique per X.509 certificate. This is optional, if you do not provide the device Id, then the registration id becomes the deviceId on the Azure IoT hub.

IoT Edge Device


Choose between true or false, which indicates if it's true, then it's an edge device, else it's an IoT device.

Device Allocation Policy

This chosen policy decides how IoT devices allocate to the IoT Hub, you can read my previous article to understand the details about the device allocation policies.

Choose IoT Hub

Device provisioning service can be linked with multiple IoT Hubs, you can choose on which IoT hub, device should register or you can let it decide by device allocation policy.

Device Re-Provisioning Policy

There may be a requirement to re-provision the device, so during this process, it allows whether to keep the previous data or not.

Initial Device Twin State

The initial device twin allows storing the custom properties about the device or whatever you want. Mostly, the device twin is used to keep the device-related information such as the path of the device upgrade package file or client details etc.

Example,


{  
  "tags": {},  
  "properties": {  
    "desired": {  
      "devicetype": "waterflow",  
      "client": "www.compilemode.com"  
    }  
  }  
}  

Enable Entry

This option allows enabling to disable the enrollment entry.

Now providing all the above details, click on the save. After successfully creating the enrollment entry, the following notification will be shown.


Now go to our created device provisioning service (DPS) instance and see the created enrollment entry as follows.



In the preceding image, you see the registration id as my device which comes from the certificate common name (CN).

Device Enrollment Using Symmetric Key

Now choose the symmetric key attestation mechanism from the dropdown list and check on auto-generated keys as shown in the following image.



Provide the required details as we did in the X.509 enrollment, in the symmetric key attestation mechanism we need to provide the registration id but in X.509 enrollment the registration id taken from the certificate common name (CN).

Now providing all the above details, click on the save, now go to our created device provisioning service (DPS) instance and see the created enrollment entry as follows.


As shown in the preceding image, we see the registration id reg100 is added, follow the same steps for other types of attestation mechanism, and enroll the device.

Summary

I hope this article is useful to understand how to enroll the device using azure device provisioning service with X.509 certificate.

www.CodeNirvana.in

Protected by Copyscape Online Copyright Protection
Copyright © Compilemode