IoT edge modules failing with error "tls authentication error"The remote certificate is invalid according to the validation procedure"

Somiya 246 Reputation points
2021-08-05T08:20:13.127+00:00

I am using the production certificates at the IoT Edge but few of the modules are failing with error as follows:

"Unhandled exception. System.AggregateException: One or more errors occurred. (TLS authentication error.)
---> System.Security.Authentication.AuthenticationException: TLS authentication error.
---> System.AggregateException: One or more errors occurred. (The remote certificate is invalid according to the validation procedure.)
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure."

I have verified the root ca cert successfully on the IoT Hub but still facing the above error

Azure IoT Edge
Azure IoT Edge
An Azure service that is used to deploy cloud workloads to run on internet of things (IoT) edge devices via standard containers.
547 questions
{count} votes

1 answer

Sort by: Most helpful
  1. QuantumCache 20,031 Reputation points
    2021-08-12T15:36:16.05+00:00

    Hello @Somiya ,

    IoT Edge certificates are used by the modules and downstream IoT devices to verify the identity and legitimacy of the IoT Edge hub runtime module. These verifications enable a TLS (transport layer security) secure connection between the runtime, the modules, and the IoT devices. Like IoT Hub itself, IoT Edge requires a secure and encrypted connection from IoT downstream (or leaf) devices and IoT Edge modules. To establish a secure TLS connection, the IoT Edge hub module presents a server certificate chain to connecting clients in order for them to verify its identity.

    This article explains how IoT Edge certificates can work in production, development, and test scenarios.

    Understand how Azure IoT Edge uses certificates

    You may also use certificates to authenticate your IoT Edge device to IoT Hub. Those authentication certificates are different. For more information about authenticating your device with certificates, see Create and provision an IoT Edge device using X.509 certificates.

    Device identity certificates are only used for provisioning the IoT Edge device and authenticating the device with Azure IoT Hub. They aren't signing certificates, unlike the CA certificates that the IoT Edge device presents to modules or leaf devices for verification. For more information, see Azure IoT Edge certificate usage detail.

    Please comment in the below section to get more help in this matter, we are happy to help you further.

    2 people found this answer helpful.