Share via


az iot hub certificate

Note

This command group has commands that are defined in both Azure CLI and at least one extension. Install each extension to benefit from its extended capabilities. Learn more about extensions.

Manage IoT Hub certificates.

Commands

Name Description Type Status
az iot hub certificate create

Create/upload an Azure IoT Hub certificate.

Core GA
az iot hub certificate delete

Deletes an Azure IoT Hub certificate.

Core GA
az iot hub certificate generate-verification-code

Generates a verification code for an Azure IoT Hub certificate.

Core GA
az iot hub certificate list

Lists all certificates contained within an Azure IoT Hub.

Core GA
az iot hub certificate root-authority

Manage the certificate root-authority for an IoT Hub instance.

Extension Deprecated
az iot hub certificate root-authority set

Set the certificate root-authority for an IoT Hub instance to a specific version.

Extension Deprecated
az iot hub certificate root-authority show

Show the current certificate root-authority for an IoT Hub instance.

Extension Deprecated
az iot hub certificate show

Shows information about a particular Azure IoT Hub certificate.

Core GA
az iot hub certificate update

Update an Azure IoT Hub certificate.

Core GA
az iot hub certificate verify

Verifies an Azure IoT Hub certificate.

Core GA

az iot hub certificate create

Create/upload an Azure IoT Hub certificate.

For a detailed explanation of CA certificates in Azure IoT Hub, see https://docs.microsoft.com/azure/iot-hub/iot-hub-x509ca-overview.

az iot hub certificate create --hub-name
                              --name
                              --path
                              [--resource-group]
                              [--verified {false, true}]

Examples

Uploads a verified CA certificate PEM file to an IoT hub.

az iot hub certificate create --hub-name MyIotHub --name MyCertificate --path /certificates/Certificate.pem --verified

Uploads a CA certificate CER file to an IoT hub.

az iot hub certificate create --hub-name MyIotHub --name MyCertificate --path /certificates/Certificate.cer

Create/upload an Azure IoT Hub certificate (autogenerated)

az iot hub certificate create --hub-name MyIotHub --name MyCertificate --path /certificates/Certificate.cer --resource-group MyResourceGroup --subscription MySubscription

Required Parameters

--hub-name

IoT Hub name.

--name -n

A friendly name for the certificate.

--path -p

The path to the file containing the certificate.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--verified -v

A boolean indicating whether or not the certificate is verified.

Accepted values: false, true
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot hub certificate delete

Deletes an Azure IoT Hub certificate.

For a detailed explanation of CA certificates in Azure IoT Hub, see https://docs.microsoft.com/azure/iot-hub/iot-hub-x509ca-overview.

az iot hub certificate delete --etag
                              --name
                              [--hub-name]
                              [--ids]
                              [--resource-group]
                              [--subscription]

Examples

Deletes MyCertificate

az iot hub certificate delete --hub-name MyIotHub --name MyCertificate --etag AAAAAAAAAAA=

Required Parameters

--etag -e

Entity Tag (etag) of the object.

--name -n

A friendly name for the certificate.

Optional Parameters

--hub-name

IoT Hub name.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot hub certificate generate-verification-code

Generates a verification code for an Azure IoT Hub certificate.

This verification code is used to complete the proof of possession step for a certificate. Use this verification code as the CN of a new certificate signed with the root certificates private key. For a detailed explanation of CA certificates in Azure IoT Hub, see https://docs.microsoft.com/azure/iot-hub/iot-hub-x509ca-overview.

az iot hub certificate generate-verification-code --etag
                                                  --name
                                                  [--hub-name]
                                                  [--ids]
                                                  [--resource-group]
                                                  [--subscription]

Examples

Generates a verification code for MyCertificate

az iot hub certificate generate-verification-code --hub-name MyIotHub --name MyCertificate --etag AAAAAAAAAAA=

Generates a verification code for an Azure IoT Hub certificate (autogenerated)

az iot hub certificate generate-verification-code --etag AAAAAAAAAAA= --hub-name MyIotHub --name MyCertificate --resource-group MyResourceGroup --subscription MySubscription

Required Parameters

--etag -e

Entity Tag (etag) of the object.

--name -n

A friendly name for the certificate.

Optional Parameters

--hub-name

IoT Hub name.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot hub certificate list

Lists all certificates contained within an Azure IoT Hub.

For a detailed explanation of CA certificates in Azure IoT Hub, see https://docs.microsoft.com/azure/iot-hub/iot-hub-x509ca-overview.

az iot hub certificate list [--hub-name]
                            [--ids]
                            [--resource-group]
                            [--subscription]

Examples

List all certificates in MyIotHub

az iot hub certificate list --hub-name MyIotHub

Optional Parameters

--hub-name

IoT Hub name.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot hub certificate show

Shows information about a particular Azure IoT Hub certificate.

For a detailed explanation of CA certificates in Azure IoT Hub, see https://docs.microsoft.com/azure/iot-hub/iot-hub-x509ca-overview.

az iot hub certificate show --name
                            [--hub-name]
                            [--ids]
                            [--resource-group]
                            [--subscription]

Examples

Show details about MyCertificate

az iot hub certificate show --hub-name MyIotHub --name MyCertificate

Shows information about a particular Azure IoT Hub certificate (autogenerated)

az iot hub certificate show --hub-name MyIotHub --name MyCertificate --resource-group MyResourceGroup --subscription MySubscription

Required Parameters

--name -n

A friendly name for the certificate.

Optional Parameters

--hub-name

IoT Hub name.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot hub certificate update

Update an Azure IoT Hub certificate.

Uploads a new certificate to replace the existing certificate with the same name. For a detailed explanation of CA certificates in Azure IoT Hub, see https://docs.microsoft.com/azure/iot-hub/iot-hub-x509ca-overview.

az iot hub certificate update --etag
                              --name
                              --path
                              [--hub-name]
                              [--ids]
                              [--resource-group]
                              [--subscription]
                              [--verified {false, true}]

Examples

Updates a CA certificate in an IoT hub by uploading a new PEM file.

az iot hub certificate update --hub-name MyIotHub --name MyCertificate --path /certificates/NewCertificate.pem --etag AAAAAAAAAAA=

Updates a CA certificate in an IoT hub by uploading a new CER file.

az iot hub certificate update --hub-name MyIotHub --name MyCertificate --path /certificates/NewCertificate.cer --etag AAAAAAAAAAA=

Required Parameters

--etag -e

Entity Tag (etag) of the object.

--name -n

A friendly name for the certificate.

--path -p

The path to the file containing the certificate.

Optional Parameters

--hub-name

IoT Hub name.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verified -v

A boolean indicating whether or not the certificate is verified.

Accepted values: false, true
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot hub certificate verify

Verifies an Azure IoT Hub certificate.

Verifies a certificate by uploading a verification certificate containing the verification code obtained by calling generate-verification-code. This is the last step in the proof of possession process. For a detailed explanation of CA certificates in Azure IoT Hub, see https://docs.microsoft.com/azure/iot-hub/iot-hub-x509ca-overview.

az iot hub certificate verify --etag
                              --name
                              --path
                              [--hub-name]
                              [--ids]
                              [--resource-group]
                              [--subscription]

Examples

Verifies ownership of the MyCertificate private key.

az iot hub certificate verify --hub-name MyIotHub --name MyCertificate --path /certificates/Verification.pem --etag AAAAAAAAAAA=

Verifies an Azure IoT Hub certificate (autogenerated)

az iot hub certificate verify --etag AAAAAAAAAAA= --hub-name MyIotHub --name MyCertificate --path /certificates/Verification.pem --resource-group MyResourceGroup --subscription MySubscription

Required Parameters

--etag -e

Entity Tag (etag) of the object.

--name -n

A friendly name for the certificate.

--path -p

The path to the file containing the certificate.

Optional Parameters

--hub-name

IoT Hub name.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.