Reputation: 646
Same X.509 in Azure APIM and IOT DPS
I am trying to use same X.509 device certificate for authenticating IOT DPS and API management. Problem is DPS docs mentioning - registation_id of the device must match the subject common name in the device certificate, So we need to put unique ID in each device certificate then DPS provisioning works well.
But if we try to use same certificate in APIM , It is not working. APIM expecting common name has to be same for root, intermediate and client certificates. (I am using our domain name as common name).
Please let me know how I can modify APIM policy to use same client certificate on both APIM and DPS.
Upvotes: 0
Views: 78
Answers (1)
Reputation: 1243
It not best you use same certificate for DPS and
API Management services.
One way is to add it Polices.
I followed this reference I for creating and uploading Thumbprint .
In policies
<inbound>
<base />
<set-header name="Authorization" exists-action="override">
<value>Bearer {base64 encoded certificate}</value>
</set-header>
</inbound>
Adding certificate API Management service
az iot dps enrollment create --dps-name {dps_name} --enrollment-id {domain_name}-{registration_id} --certificate-path {path_to_your_certificate}
we have to change unique ID since the Registration ID must match the subject common name on selected certificates.
Other Reference :
. I Referred for X.509
Upvotes: 1
Related Questions
- Azure APIM - how to validate client certificate using context.Request.Certificate.Verify()
- Azure APIM Client Certificate Validation Not Working For Custom Domain
- Upload certificate in Azure device provisioning service
- Azure IoT Hub Certificate
- X509_check_private_key:key values mismatch error: DPS ,IOT hub
- Question Regarding X.509 Certificates and MXChip IoT DevKit
- Invalid CN error when trying to enroll device using IoT Hub Device Provisioning Service
- Azure IoT Hub : X509 certificate location