We are running the Azure IoT Edge runtime on commodity servers inside a corporate intranet. I understand the Microsoft documentation recommends installing certificates for production IoT edge deployment.
We are using basic edge modules only, no gateway configurations, passthroughs, etc...
For our intranet scenario are self-signed certs suitable for production? If so can a single certificate be used for all devices?
Thanks
Yes, you can use self signed CA certificates. Check here.
Every IoT Edge device in production needs a device certificate authority (CA) certificate installed on it. That CA certificate is then declared to the IoT Edge runtime in the config.yaml file. For development and testing scenarios, the IoT Edge runtime creates temporary certificates if no certificates are declared in the config.yaml file. However, these temporary certificates expire after three months and aren't secure for production scenarios. For production scenarios, you should provide your own device CA certificate, either from a self-signed certificate authority or purchased from a commercial certificate authority.
Regarding using the same CA cert on various Edge devices,logically you should be able to use it as the identity cert is the one that differs for edge devices based on CN name.But I think you can easily check this out by doing the POC.
Here is the link to generate CA cert.
