Device Provisioning Service can't validate certificates

Noel 25 Puntos de reputación
2024-06-17T10:34:04.5366667+00:00

Hi,

I have several devices that were successfully reporting to an instance of Azure IoT Hub. They are provisioned using X.509 certificate attestation in the Device Provisioning Service (DPS).

A few days ago, the IoT Hub stopped receiving messages from the devices, and at the same time, the number of attestation attempts in the DPS scaled from being 0 for almost all of the time, to being constantly non-zero:

Captura de pantalla de 2024-06-17 12-26-57

I have also observed that the documentation on X.509 certificate attestation was updated recently. I want to ask: has anything changed in the DPS attestation chain that could have impacted my architecture?

Thank you very much in advance.

Azure
Azure
Plataforma e infraestructura de informática en la nube para crear, implementar y administrar aplicaciones y servicios a través de una red mundial de centros de datos administrados por Microsoft.
479 preguntas
0 comentarios No hay comentarios
{count} votos

1 respuesta

Ordenar por: Muy útil
  1. Gao Chen 4,385 Puntos de reputación Proveedor de Microsoft
    2024-12-20T23:55:52.41+00:00

    Hello Noel,

    Welcome to Microsoft Q&A!

    We are very sorry for the delay in giving you a response to your topic in this forum. If you still have the same problem, it sounds like you're experiencing a significant issue with your Azure IoT Hub setup. There have been some recent updates and changes related to X.509 certificate attestation in the Device Provisioning Service (DPS) that might be affecting your devices.

    1. TLS Certificate Changes: Azure IoT Hub and DPS endpoints have undergone updates to their TLS certificates, which could impact device connectivity if the devices do not have the updated root certificates in their trusted certificate store.
    2. X.509 Certificate Chain: The documentation on X.509 certificate attestation has been updated to emphasize the importance of the certificate chain of trust. This includes ensuring that all intermediate and root certificates are correctly configured and trusted by your devices.
    3. Authentication and Authorization: There have been clarifications on the use of X.509 certificates for authentication (AuthN) and the distinction from authorization (AuthZ). This might require reviewing your device configurations to ensure they align with the updated guidelines.

    Given these changes, I recommend checking the following:

    • Ensure your devices have the latest root certificates required by Azure IoT Hub and DPS.
    • Verify the entire certificate chain is correctly configured and trusted by your devices.
    • Review the updated documentation on X.509 certificate attestation to ensure your setup complies with the latest guidelines.

    Additionally, please kindly note that if we do not receive a response to this thread within 4 business days, we will consider it closed. In case you have the same question, and the information provided was not useful, feel free to create another thread and we will be more than happy to help you.

    Regards,

    Gao


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comentarios No hay comentarios

Su respuesta

Las respuestas se pueden marcar como respuestas aceptadas por el autor de la pregunta, lo que ayuda a los usuarios a conocer la respuesta que resolvió el problema del autor.