Problems configuring certificates for IoT-Edge transparent gateway

Question

I am following the directions here: https://docs.microsoft.com/en-us/azure/iot-edge/how-to-create-transparent-gateway.

When I create the certificates using OpenSSL and the 'New-CACertsEdgeDevice myGateway' commands, I end up with an Elliptical Curve based private key which fails when I configure the edge gateway with the message

"Currently RSA is only supported".

I modified the New-CACertsCertChain script in ca-certs.ps1 (set the $useEcc var to $false) and reran. The script succeeds, but now the New-CACertsEdgeDevice script fails with:

New-SelfSignedCertificate : Cannot convert 'System.Object[]' to the type 'Microsoft.CertificateServices.Commands.Certificate' required by parameter 'Signer'. Specified method is not supported.

Any idea what I am doing wrong?

Mark Mark · Accepted Answer · 2017-12-20T07:33:42

I found an answer to this, although I am still not sure of the root cause.

These steps allowed me to create certificates that worked...

I kept the change I made to the New-CACertsCertChain (mentioned above)

I erased all the previous certs from the machine cert store

Then I closed the existing PowerShell console and started a new admin one.

I installed OpenSSL from here: https://sourceforge.net/projects/openssl/ @ this directory: C:\utils\openssl\bin

I set up the environment paths as follows: $ENV:PATH += ";C:\utils\openssl\bin" $ENV:OPENSSL_CONF="C:\utils\openssl\bin\openssl.cnf"

After that I continued with the articles directions and it worked. I did get a warning about not finding C:/OpenSSL/openssl.cnf, but I ignored it.

Problems configuring certificates for IoT-Edge transparent gateway

2 Answers