Update certificate for an individual enrollment in azure DPS via REST API

Rakesh S 151 Reputation points

I am doing operations on azure DPS via REST apis. I am able to post a new provision successfully in "Create new individual enrollment", via REST API.The Url is used is, "https://name.azure-devices-provisioning.net/enrollments/registrationId?api-version=2019-03-31". My current task is to update the certificate for an individual enrollment in DPS. I am extracting the body of the certificate and attaching it to the request body and doing the PUT operation. But I am getting an error saying "Enrollment already exists with different cert info". I am providing the content-type and authorization sas token as headers. And in request body, I am passing the eTag along. I guess I have cleared all the pre-requisites for an update operation. Please help me to understand if I am doing something wrong here. Thanks in advance!

Azure IoT Edge
Azure IoT Edge
An Azure service that is used to deploy cloud workloads to run on internet of things (IoT) edge devices via standard containers.
548 questions
Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,137 questions
{count} vote

1 answer

Sort by: Most helpful
  1. QuantumCache 20,106 Reputation points

    Hello @Rakesh S , Thanks for posting this query over here. Below is the step by step process where I have successfully updated my x509 certificate with Azure DPS via REST API call. I hope this helps with your query.

    Step1: Create the Individual Enrollment with the x509 certificate , pass it in base64 format. Please make a note of the 'eTag' value in the response.


    Verify In the Azure DPS portal. I see the thumbprint matches my x509 certificate.


    Step 2: Now time for updating the Enrollment with a new certificate. use the base64 format. use the "If-Match" in the request header and the value is the "eTag" obtained/copied from the previous step.

    Below image shows the Request Header with the "If-match =eTag" for updating the existing entity.

    Finally, we can see the response is success for the update operation.


    Verify In the Azure DPS portal. I see the thumbprint matches my new x509 certificate.


    Sample Request body, in case, if it is useful to anyone.

     "attestation": {  
            "type": "x509",  
            "X509": {  
               "clientCertificates": {  
                                    "certificate":"base64 string of your cert"  
    "provisioningStatus": "enabled"  

    Please leave your comment below to this response if you need further help in this matter.

    1 person found this answer helpful.