I am trying to register a fake device with Azure IoT DPS. This is my first attempt using the DPS. I have added X.509 self signed certificates for the following and got them verified by Azure using 'proof of possession' technique.
- The IoT Hub
- The DPS itself
I am trying to add a leaf certificate for the device. The leaf cert uses the DPS cert as its CA. (Commands used below). I get an error -
The CN (common name) in the primary certificate is invalid.
I read that the device registration id has to be the same as the CN. So somewhere the CN used needs modification or there needs to be a way where I can specify the same registration id as my CNAME.
Can someone help with these questions --
- Where can device registration id be specified on DPS? Add enrollment page does not have this field. Device id is there, but it is optional field. IF not entered, device id will be set to registration id itself, as per documentation.
- For a leaf certificate, can CN be any valid common name identifier, or it should contain more details like root CA name etc.? (For the device registration id needs to be alphanumeric, lowercase, may contain hyphens).
Commands used to generate certificates:
makecert -r -pe -n "CN=Sam-DPS.azure-devices-provisioning.net" -cy authority -sky signature -sv Sam-DPS.pvk Sam-DPS.cer
makecert -pe -n "CN=hl1234" -cy end -sky signature -ic Sam-DPS.cer -iv Sam-DPS.pvk -sv hl1234.pvk hl1234.cer
