purpose of the certs at the IoT Edge device and verify the IoT Edge runtime is consuming the production certs

Somiya 246 Reputation points
2021-05-20T23:57:42.387+00:00

I am following the steps to have prod certs at IoT Edge Device using doc "https://learn.microsoft.com/en-us/azure/iot-edge/how-to-manage-device-certificates?view=iotedge-2020-11" and in my use case I am not setting up Edge device as the gateway. So in this case the tls connection will be between what and for what purpose these certs will be consumed ?? and also How can I check if the certificate consumed by the runtime is the one which I have provided and not the default one.

Azure IoT Edge
Azure IoT Edge
An Azure service that is used to deploy cloud workloads to run on internet of things (IoT) edge devices via standard containers.
517 questions
0 comments No comments
{count} votes

Accepted answer
  1. António Sérgio Azevedo 7,661 Reputation points Microsoft Employee
    2021-05-21T15:20:47.307+00:00

    Hello @Somiya ,

    When your IoT Edge Device is not used as a Gateway for Downstream Devices, the certificates will be used to establish trust between IoT Edge Hub Module and User Modules (in other words, to establish trust between the different containers).

    How can I check if the certificate consumed by the runtime is the one which I have provided and not the default one.

    As soon as you Uncomment these lines in /etc/aziot/config.toml, and provide the file URI to the root CA certificate as welll as device CA cert and key on the IoT Edge device you will be using the one provided and not the default one.

    trust_bundle_cert = "file:///<path>/<root CA cert>"  
    ...  
    [edge_ca]  
    cert = "file:///<path>/<device CA cert>"  
    pk = "file:///<path>/<device CA key>  
    

    Let me know if you see any inconsistency?

    Hope I could help!

    Remember:

    • Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is [how][10].
    • Want a reminder to come back and check responses? Here is how to subscribe to a [notification][11].
    0 comments No comments

0 additional answers

Sort by: Most helpful