Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Python client X.509 authentication

See original GitHub issue

First of all I need to know why the Jave example (https://docs.microsoft.com/en-us/azure/iot-dps/quick-create-simulated-device-x509-java#simulate-the-device) uses a cert and a private key to register and the python example (https://docs.microsoft.com/en-us/azure/iot-dps/quick-create-simulated-device-x509-python#create-a-device-enrollment-entry) doesn’t.

Second of all, when I create a device in IoT hub and set its authentication to X.509 CA Signed I cannot make the python example code (azure-iot-sdk-python\device\samples\iothub_client_sample_x509.py) work. It reports:

Python 3.6.6 (v3.6.6:4cf1f54eb7, Jun 27 2018, 03:37:03) [MSC v.1900 64 bit (AMD64)]
Starting the IoT Hub Python sample...
    Protocol HTTP
    Connection string = HostName=iothubffm.azure-devices.net;DeviceId=deviceaa;x509=true
IoTHubClient sending 5 messages
IoTHubClient.send_event_async accepted message [0] for transmission to IoT Hub.
Error: Time:Thu Aug 23 13:58:01 2018 File:C:\Release\iot-sdks-internals\release\python\automation\aziotsdk_pytools\src\c\iothub_client\src\iothubtransporthttp.c Func:DoEvent Line:1700 unexpected HTTP status code (401)
Error: Time:Thu Aug 23 13:58:01 2018 File:C:\Release\iot-sdks-internals\release\python\automation\aziotsdk_pytools\src\c\iothub_client\src\iothubtransporthttp.c Func:DoMessages Line:2102 expected status code was 200, but actually was received 401... moving on
IoTHubClient.send_event_async accepted message [1] for transmission to IoT Hub.
IoTHubClient.send_event_async accepted message [2] for transmission to IoT Hub.
IoTHubClient.send_event_async accepted message [3] for transmission to IoT Hub.
IoTHubClient.send_event_async accepted message [4] for transmission to IoT Hub.
IoTHubClient waiting for commands, press Ctrl-C to exit
Error: Time:Thu Aug 23 13:58:01 2018 File:C:\Release\iot-sdks-internals\release\python\automation\aziotsdk_pytools\src\c\iothub_client\src\iothubtransporthttp.c Func:DoEvent Line:1700 unexpected HTTP status code (401)
Send status: BUSY
Error: Time:Thu Aug 23 13:58:01 2018 File:C:\Release\iot-sdks-internals\release\python\automation\aziotsdk_pytools\src\c\iothub_client\src\iothubtransporthttp.c Func:DoEvent Line:1700 unexpected HTTP status code (401)
Error: Time:Thu Aug 23 13:58:01 2018 File:C:\Release\iot-sdks-internals\release\python\automation\aziotsdk_pytools\src\c\iothub_client\src\iothubtransporthttp.c Func:DoEvent Line:1700 unexpected HTTP status code (401)
Error: Time:Thu Aug 23 13:58:01 2018 File:C:\Release\iot-sdks-internals\release\python\automation\aziotsdk_pytools\src\c\iothub_client\src\iothubtransporthttp.c Func:DoEvent Line:1700 unexpected HTTP status code (401)

The root certificate is added to the Hub and validated. The code itself contains the root and intermediate certs as well as the private key:

CONNECTION_STRING = "HostName=xyz.azure-devices.net;DeviceId=mydev-device-cert;x509=true"

X509_CERTIFICATE = (
"""
-----BEGIN CERTIFICATE-----
...
MIIFDjCCAvagAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1henVy
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
ltpts4xWErTqkzpqNxUAfJUAdp8sYjGe6WAxR5hGoYnqZYjFhBEbuMQ8kSfWnEPJ
-----END CERTIFICATE-----
"""
)

X509_PRIVATEKEY = (
"""-----BEGIN RSA PRIVATE KEY-----
...
bmBTjdlUBVfjB737B5oTvM0IUSM5QB/bS3lYi8KDQkwQKuxH2fDBjLlBMA==
-----END RSA PRIVATE KEY-----"""
)

Win 10 Enterprise Python 3.6.6 azure-iothub-device-client 1.4.2

Issue Analytics

State:
Created 5 years ago
Comments:10 (1 by maintainers)

Top GitHub Comments

1reaction

Bnjmn83commented, Sep 13, 2018

It works now for me. So making sure the CN name of the certificate is well formed, the connection is not done via HTTPS and one knows how to create a X.509 thumbprint, will make it work. Awesome…

0reactions

baluzealstercommented, Dec 20, 2018

It works now for me. So making sure the CN name of the certificate is well formed, the connection is not done via HTTPS and one knows how to create a X.509 thumbprint, will make it work. Awesome…

bro what are the restrictions for root certificate CN

Top Results From Across the Web

Modify your client program to authenticate with X.509 - IBM

Python client code example. Python supports only certificates and keys in PEM format. ... Use the Java™ API to send https requests for...

Python authentication via X.509 client certificate (.cer file) and ...

You always need a private key for a certificate if you want to authenticate yourself, i.e. for server certificates at the server side...

X.509 — Cryptography 39.0.0.dev1 documentation

509 certificates are commonly used in protocols like TLS. Tutorial · Creating a Certificate Signing Request (CSR) · Creating a self-signed certificate ......

How to enable x509 authentication with your Django App

How to enable x509 authentication with your Python WSGI app. What do we want? The aim of this project is to demonstrate how...

python requests authentication - Mister PKI

python requests authentication provides multiple mechanisms for authentication to web service endpoints, including basic auth, X.509 ...