Κοινή χρήση μέσω

az iot ops connector opcua issuer

  • Preview
  • Reference

Note

This reference is part of the azure-iot-ops extension for the Azure CLI (version 2.53.0 or higher). The extension will automatically install the first time you run an az iot ops connector opcua issuer command. Learn more about extensions.

Command group 'iot ops connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Manage issuer certificates for the OPC UA Broker.

The issuer certificate list stores the certificate authority certificates that the connector for OPC UA trusts. If user's OPC UA server's application instance certificate is signed by an intermediate certificate authority, but user does not want to automatically trust all the certificates issued by the certificate authority, an issuer certificate list can be used to manage the trust relationship. For more info, see https://aka.ms/opcua-certificates.

Commands

Name Description Type Status
az iot ops connector opcua issuer add

Add an issuer certificate to the OPC UA Broker's issuer certificate list.

 Extension Preview
az iot ops connector opcua issuer remove

Remove trusted certificate(s) from the OPC UA Broker's issuer certificate list.

 Extension Preview
az iot ops connector opcua issuer show

Show details of secretsync resource 'aio-opc-ua-broker-issuer-list'.

 Extension Preview

az iot ops connector opcua issuer add

Preview

Command group 'iot ops connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Add an issuer certificate to the OPC UA Broker's issuer certificate list.

The certificate file extension must be .der, .crt or .crl. When adding a .crl file, a .der or .crt file with same file name must be added first. Azure resource secretproviderclass 'opc-ua-connector'and secretsync 'aio-opc-ua-broker-issuer-list' will be created if not found.

az iot ops connector opcua issuer add --certificate-file
                                      --instance
                                      --resource-group
                                      [--overwrite-secret {false, true}]
                                      [--secret-name]

Examples

Add an issuer certificate in the OPC UA Broker's issuer certificate list.

az iot ops connector opcua issuer add --instance instance --resource-group instanceresourcegroup --certificate-file "certificate.der"

Add an issuer certificate with .crl extension to the OPC UA Broker's issuer certificate list with same file name as the .der file mentioned above.

az iot ops connector opcua issuer add --instance instance --resource-group instanceresourcegroup --certificate-file "certificate.crl"

Add an issuer certificate to the OPC UA Broker's issuer certificate list with custom secret name.

az iot ops connector opcua issuer add --instance instance --resource-group instanceresourcegroup --certificate-file "certificate.der" --secret-name custom-secret-name

Add an issuer certificate to the issuer certificate list and skip the overwrite confirmation prompt when the secret already exists.

az iot ops connector opcua issuer add --instance instance --resource-group instanceresourcegroup --certificate-file "certificate.der" --overwrite-secret

Required Parameters

--certificate-file --cf

Path to the certificate file in .der, .crt or .crl format.

--instance -i -n

IoT Operations instance name.

--resource-group -g

Instance resource group.

Optional Parameters

--overwrite-secret

Confirm [y]es without a prompt to overwrite secret. if secret name existed in Azure key vault. Useful for CI and automation scenarios.

Accepted values: false, true
Default value: False
--secret-name -s

Secret name in the Key Vault. If not provided, the certificate file name will be used to generate the secret name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot ops connector opcua issuer remove

Preview

Command group 'iot ops connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Remove trusted certificate(s) from the OPC UA Broker's issuer certificate list.

Note: Removing all issuer certificates from the OPC UA Broker's issuer certificate list will trigger deletion of the secretsync resource 'aio-opc-ua-broker-issuer-list'. Please make sure to remove corresponding .crl if exist when removing .der/.crt certificate to avoid orphaned secret.

az iot ops connector opcua issuer remove --certificate-names
                                         --instance
                                         --resource-group
                                         [--force {false, true}]
                                         [--include-secrets {false, true}]
                                         [--yes {false, true}]

Examples

Remove issuer certificates and its revocation list with .crl extension from issuer certificate list.

az iot ops connector opcua issuer remove --instance instance --resource-group instanceresourcegroup --certificate-names testcert.der testcert.crl

Remove issuer certificates from issuer certificate list, including remove related keyvault secret.

az iot ops connector opcua issuer remove --instance instance --resource-group instanceresourcegroup --certificate-names testcert.der --include-secrets

Force remove certificates operation regardless of warnings. May lead to errors.

az iot ops connector opcua issuer remove --instance instance --resource-group instanceresourcegroup --certificate-names testcert.der --force

Remove issuer certificates from issuer certificate list and skip confirmation prompt for removal.

az iot ops connector opcua issuer remove --instance instance --resource-group instanceresourcegroup --certificate-names testcert.der --yes

Required Parameters

--certificate-names --cn

Space-separated certificate names to remove. Note: the names can be found under the corresponding secretsync resource property 'targetKey'.

--instance -i -n

IoT Operations instance name.

--resource-group -g

Instance resource group.

Optional Parameters

--force

Force the operation to execute.

Accepted values: false, true
Default value: False
--include-secrets

Indicates the command should remove the key vault secrets associated with the certificate(s). This option will delete and purge the secrets.

Accepted values: false, true
Default value: False
--yes -y

Confirm [y]es without a prompt. Useful for CI and automation scenarios.

Accepted values: false, true
Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot ops connector opcua issuer show

Preview

Command group 'iot ops connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Show details of secretsync resource 'aio-opc-ua-broker-issuer-list'.

az iot ops connector opcua issuer show --instance
                                       --resource-group

Examples

Show details of 'aio-opc-ua-broker-issuer-list' secretsync resource.

az iot ops connector opcua issuer show --instance instance --resource-group instanceresourcegroup

Required Parameters

--instance -i -n

IoT Operations instance name.

--resource-group -g

Instance resource group.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.