How do I provision device on boot with Group Enrollment?

0
votes

I have a large number of devices that I want to provision to an Azure IoT hub through group enrollment. I have succcessfully created an IotHub, and a provisioning service in Azure and created an enrollment group with a self-signed X509 Certificate.

My goal is to install a custom application on every device that when started, will auto-provision the device to my IoT Hub and let the application specify the DeviceID to use. Windows devices have a guid in the registry we can use for identification. I would love to use this guid as the device identifier

I can successfully auto-provision devices from the client by following this SDK: https://github.com/Azure-Samples/azure-iot-samples-csharp/tree/master/provisioning/Samples/device

The problem is I do not know how to specify the DeviceID from the client device when I am provisioning it.

Is this not possible due to security reasons, or maybe it is not yet a feature?

1
c#azureiotprovisioning

1 Answers

0
votes

Yes, there is no option to provide a DeviceID/RegistrationId when using X509 certificate attestation.

When Group Enrollment is used, both the RegistrationID as well as the DeviceID will be equal to the Common Name portion of the certificate Subject. (e.g. If the subject is CN=mydevice O=Contoso C=US, the RegistrationID and DeviceID will be mydevice.) The name must respect the DeviceID naming constraints.

One option is to use X509 certificate with GUID (from windows devices example: CN=GUID O=Contoso C=US) in CN part that is chained to your Group Enrollment certificate.