IOT Edge with Windows Enterprise Certificate Authority (CA)

Development Certificate is great, but not für Production environments.

When you configure an Edge Hub you can use for testing development certificates. But please change these certificates when you go in a productive Environment.

This is a Step to Step Guide.

Go to you windows CA Server with https://localhost/certsrv
certsrv is the default directory

certificate_01.png
certificate_02.png
certificate_04.png
certificate_03.png

Convert the Certificates for Linux / IOT Edge Device

openssl pkcs12 -in IOTEdgeCA.pfx -nocerts -out IOTEdgeCApk.pem -nodes
openssl pkcs12 -in IOTEdgeCA.pfx -nokeys -out IOTEdgeCApc.pem -nodes

Export CA public certificate from cer to pem file

openssl x509 -inform der -in CompanyCa.cer -out CompanyCa.pem

Setup in IOT Edge

vi /etc/iotedge/config.yaml
certificates:
  device_ca_cert: "/etc/iotedge/cert/IOTEdgeCApc.pem"
  device_ca_pk: "/etc/iotedge/cert/IOTEdgeCApk.pem"
  trusted_ca_certs: "/etc/iotedge/cert/ CompanyCa.pem"

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.