Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Provisioning devices using Enrollment groups
See original GitHub issue-
OS and version used: Ubuntu 16.04
-
Python runtime used: python 3.7.0
-
SDK version used: azure-iot-provisioning-device-client v1.4.3
Description of the issue:
I’m trying to enroll a device using the group enrollment option.
I have a verified CA cert in the service and an enrollment group that’s configured with this cert. How do I enroll a new device with a certificate signed by that CA? The docs have examples for Java but nothing for python. Is this possible using the python SDK?
Also, probably related - I tried using the device provisioning sample code and seems to be looking for a cert based on the output pasted below. Where exactly is it looking for the cert?
Code sample exhibiting the issue:
Console log of the issue:
When I try using the provisioning sample I get the following errors:
{"operationId":"4.87f7851aaaa18ed1.9123edc4-4058-4f78-a320-cf6cac5cff13","status":"failed","registrationState":{"registrationId":"riot-device-cert","createdDateTimeUtc":"2018-10-29T23:04:14.4198475Z","status":"failed","errorCode":401002,"errorMessage":"CA certificate not found","lastUpdatedDateTimeUtc":"2018-10-29T23:04:14.6002502Z","etag":"\u00222c00feaa-0000-0000-0000-5bd791ee0000\u0022"}}
Error: Time:Mon Oct 29 23:04:17 2018 File:/usr/sdk/src/c/provisioning_client/src/prov_device_ll_client.c Func:prov_transport_process_json_reply Line:406 Provisioning Failure: OperationId: 4.87f7851aaaa18ed1.9123edc4-4058-4f78-a320-cf6cac5cff13 - Date: 2018-10-29T23:04:14.6002502Z - Msg: CA certificate not found
Issue Analytics
- State:
- Created 5 years ago
- Comments:9 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Although this issue is closed, I’m blocked using the Azure IoT SDK for Python to accept devices with X.509 certificates, issued by our proprietary PKI. The enrollment groups is setup and prepared, but I’m failing to implement a Python simulator using a specific certificate/key, which has been issued by our PKI.
I’m following these instructions, but I cannot specify the certificate and key: https://docs.microsoft.com/en-us/azure/iot-dps/quick-create-simulated-device-x509-python
What I’m actually missing is what I can do in Java:
SecurityProvider securityProviderX509 = new SecurityProviderX509Cert(leafPublicPem, leafPrivateKey, signerCertificates); provisioningDeviceClient = ProvisioningDeviceClient.create(globalEndpoint, idScope, PROVISIONING_DEVICE_CLIENT_TRANSPORT_PROTOCOL, securityProviderX509);As mentioned in other issues, the Python SDK is using a hardcoded certificate (riot-device-cert), which does not really help when using this in production scenarios. Help is greatly appreciated!
This is related to: #189, https://github.com/Azure/azure-iot-sdk-c/issues/635
related to #272 (and answered there) TL;DR: fixed in v2