purpose of the certs at the IoT Edge device and verify the IoT Edge runtime is consuming the production certs

Question

I am following the steps to have prod certs at IoT Edge Device using doc "https://learn.microsoft.com/en-us/azure/iot-edge/how-to-manage-device-certificates?view=iotedge-2020-11" and in my use case I am not setting up Edge device as the gateway. So in this case the tls connection will be between what and for what purpose these certs will be consumed ?? and also How can I check if the certificate consumed by the runtime is the one which I have provided and not the default one.

Answer 1

Hello @Somiya ,

When your IoT Edge Device is not used as a Gateway for Downstream Devices, the certificates will be used to establish trust between IoT Edge Hub Module and User Modules (in other words, to establish trust between the different containers).

How can I check if the certificate consumed by the runtime is the one which I have provided and not the default one.

As soon as you Uncomment these lines in /etc/aziot/config.toml, and provide the file URI to the root CA certificate as welll as device CA cert and key on the IoT Edge device you will be using the one provided and not the default one.

trust_bundle_cert = "file:///<path>/<root CA cert>"  
...  
[edge_ca]  
cert = "file:///<path>/<device CA cert>"  
pk = "file:///<path>/<device CA key>  

Let me know if you see any inconsistency?

Hope I could help!

Remember:

• Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is [how][10].
• Want a reminder to come back and check responses? Here is how to subscribe to a [notification][11].