How to settle (Self-signed) CA certificates and Client certificates and Username/password on a Self-signed device connection?
I am working with an MQTT Python client and I want to settle up Device Self-signed certificate option. I have been able to connect with a SAS Device Settle and now I don't know what I need for it.
When i worked with SAS token I had the azure Digicert CA and then on the Device key and cert set as None.
Now I am using the same azure baltimore Root certificate provided by them (Digicert) and with OPENssl i created the Client key and crt from where I toke the thumbprint is that correct?
I created them with openssl and had .crt and .key so i passed them into .pem.
So could it be because of the format of the client keys or what should I give as certificates?
As the password and username what I have as password should be None now or maybe the thumbprint, since i have no SAS token key.So what should I fit in there?
from paho.mqtt import client as mqtt
import ssl
import time
Data = {"Temp":44,"Pressure":55,"Power":66}
path_to_root_cert = "C:/Users/../digicert.cer"
device_cert = "C:/Users//../m2mqtt_ca.cer"
device_key = "C:/Users//../m2mqtt_ca.key"
device_id = "x509Device"
sas_token = "SharedAccessSignature sr=...."
SAS Created with Device explorer twin
iot_hub_name = "Iothubdev"
def on_connect(client, userdata, flags, rc):
if rc==0:
client.connecte_flag = True
print ("Connected OK \n Device connected with result code: " + str(rc))
else:
print("Bad connection returned code=", str(rc))
client.bad_connection_flag = True
logging.info("Disconnecting reason:" + str(rc))
def on_disconnect(client, userdata, rc):
print ("Device disconnected with result code: " + str(rc))
def on_publish(client, userdata, mid):
print ("Device sent message")
client = mqtt.Client(client_id=device_id, protocol=mqtt.MQTTv311)
client.on_connect = on_connect
client.on_disconnect = on_disconnect
client.on_publish = on_publish
client.username_pw_set(username=iot_hub_name+".azure-devices.net/" + device_id, password=None)
client.tls_set(ca_certs=path_to_root_cert, certfile=device_cert, keyfile=device_key, cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_TLSv1_2, ciphers=None)
client.tls_insecure_set(False)
try:
client.connect(iot_hub_name+".azure-devices.net", port=8883) #Connect to Broker
except:
print("Connection Failed")
#client.connect(iot_hub_name+".azure-devices.net", port=8883) #Connect to Broker
client.publish("devices/" + device_id + "/messages/events/", str(Data), qos=1)
client.loop_forever()
#time.sleep(2)
#client.disconnect()
> Azure IoT Hub Certificate in here says use Baltimore certificate as CA
Client crt
Client key
But is not working for me right now
*.azure-devices.net
. You can try to use X.509 CA Signed device to test this issue. – Michael Xu - MSFT