az iot ops connector opcua trust

Note

This reference is part of the azure-iot-ops extension for the Azure CLI (version 2.53.0 or higher). The extension will automatically install the first time you run an az iot ops connector opcua trust command. Learn more about extensions.

Command group 'iot ops connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Manage trusted certificates for the OPC UA Broker.

The trusted certificate list contains the certificates of all the OPC UA servers that the connector for OPC UA trusts. If the connector for OPC UA trusts a certificate authority, it automatically trusts any server that has a valid application instance certificate signed by the certificate authority. For more info, see https://aka.ms/opcua-certificates.

Commands

Name	Description	Type	Status
az iot ops connector opcua trust add	Add a trusted certificate to the OPC UA Broker's trusted certificate list.	Extension	Preview
az iot ops connector opcua trust remove	Remove trusted certificate(s) from the OPC UA Broker's trusted certificate list.	Extension	Preview
az iot ops connector opcua trust show	Show details of secretsync resource 'aio-opc-ua-broker-trust-list'.	Extension	Preview

az iot ops connector opcua trust add

Preview

Command group 'iot ops connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Add a trusted certificate to the OPC UA Broker's trusted certificate list.

The certificate file extension must be .der or .crt. Azure resource secretproviderclass 'opc-ua-connector' and secretsync 'aio-opc-ua-broker-trust-list' will be created if not found.

az iot ops connector opcua trust add --certificate-file
                                     --instance
                                     --resource-group
                                     [--overwrite-secret {false, true}]
                                     [--secret-name]

Examples

Add a trusted certificate to the OPC UA Broker's trusted certificate list.

az iot ops connector opcua trust add --instance instance --resource-group instanceresourcegroup --certificate-file "certificate.der"

Add a trusted certificate to the OPC UA Broker's trusted certificate list with custom secret name.

az iot ops connector opcua trust add --instance instance --resource-group instanceresourcegroup --certificate-file "certificate.crt" --secret-name custom-secret-name

Add a trusted certificate to the trusted certificate list and skip the overwrite confirmation prompt when the secret already exists.

az iot ops connector opcua trust add --instance instance --resource-group instanceresourcegroup --certificate-file "certificate.der" --overwrite-secret

Required Parameters

--certificate-file --cf

Path to the certificate file in .der or .crt format.

--instance -i -n

IoT Operations instance name.

--resource-group -g

Instance resource group.

Optional Parameters

--overwrite-secret

Confirm [y]es without a prompt to overwrite secret. if secret name existed in Azure key vault. Useful for CI and automation scenarios.

Accepted values: false, true

Default value: False

--secret-name -s

Secret name in the Key Vault. If not provided, the certificate file name will be used to generate the secret name.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot ops connector opcua trust remove

Preview

Command group 'iot ops connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Remove trusted certificate(s) from the OPC UA Broker's trusted certificate list.

Note: Removing all trusted certificates from the OPC UA Broker's trusted certificate list will trigger deletion of the secretsync resource 'aio-opc-ua-broker-trust-list'.

az iot ops connector opcua trust remove --certificate-names
                                        --instance
                                        --resource-group
                                        [--force {false, true}]
                                        [--include-secrets {false, true}]
                                        [--yes {false, true}]

Examples

Remove trusted certificates called 'testcert1.der' and 'testcert2.crt' from trusted certificate list.

az iot ops connector opcua trust remove --instance instance --resource-group instanceresourcegroup --certificate-names testcert1.der testcert2.crt

Remove trusted certificates from trusted certificate list, including remove related keyvault secret.

az iot ops connector opcua trust remove --instance instance --resource-group instanceresourcegroup --certificate-names testcert1.der testcert2.crt --include-secrets

Force remove certificates operation regardless of warnings. May lead to errors.

az iot ops connector opcua trust remove --instance instance --resource-group instanceresourcegroup --certificate-names testcert1.der testcert2.crt --force

Remove trusted certificates from trusted certificate list and skip confirmation prompt for removal.

az iot ops connector opcua trust remove --instance instance --resource-group instanceresourcegroup --certificate-names testcert1.der testcert2.crt --yes

Required Parameters

--certificate-names --cn

Space-separated certificate names to remove. Note: the names can be found under the corresponding secretsync resource property 'targetKey'.

--instance -i -n

IoT Operations instance name.

--resource-group -g

Instance resource group.

Optional Parameters

--force

Force the operation to execute.

Accepted values: false, true

Default value: False

--include-secrets

Indicates the command should remove the key vault secrets associated with the certificate(s). This option will delete and purge the secrets.

Accepted values: false, true

Default value: False

--yes -y

Confirm [y]es without a prompt. Useful for CI and automation scenarios.

Accepted values: false, true

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot ops connector opcua trust show

Preview

Command group 'iot ops connector' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Show details of secretsync resource 'aio-opc-ua-broker-trust-list'.

az iot ops connector opcua trust show --instance
                                      --resource-group

Examples

Show details of 'aio-opc-ua-broker-trust-list' resource.

az iot ops connector opcua trust show --instance instance --resource-group instanceresourcegroup

Required Parameters

--instance -i -n

IoT Operations instance name.

--resource-group -g

Instance resource group.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.