X-CUBE-Azure x509, are certificates supported?

UKluk · ‎2019-01-10

I am running STM32CubeExpansion_Cloud_AZURE_V1.1.0

With IoTHub SDK 1.2.12 and provisioning client 1.2.12

The provisioning client resolves server name as expected, then the iothub client handshakes with the IotHub using MQTT, but the server rejects it.

In the attached traces you can see the server authentication works, but then the device authentication fails after the 15 handshake steps.

To ensure the problem is not with the certificates, I created a MOCK project in Linux using the same SDKs and same certificates. It works.

The one difference is that Linux uses OpenSSL but X-CUBE-Azure uses mbedTLS

I tried with Ecc and RSA certificates, same results:

Works with Linux

Fails with STM32

Error:

IOTHUB_CLIENT_CONNECTION_UNAUTHENTICATED

Attached the traces without secretes.

Guillaume K · ‎2019-09-10

Hi

Could you provide more details about the X509 certificates you use ? Is it a single device X509 certificate or a certificate derived from a Root CA you configured in Azure ? How did you generate the certificates ?

Could you give an example of the connection configuration string you configure in the application ?

You could also try with new version 1.2.0 of X-CUBE-AZURE published in July. It supports the X509 certificates.

The user manual for this version is not yet available but should come soon.

Guillaume

VSaxe · ‎2019-12-05

I am facing same issue.

I have tested the X-CUBE-AZURE release on 17 July. In which root ca is embedded in hsm module and i have succesfully tested the Device provisioning using this example code. However in the readme file it is mentioned that this certificate should not be used for production.

hence i modified the code and tried to implement custom_hsm_sample. but it gives me error that "Connection not accepeted:0x5: Not Authorised"

Since we are at very critical stage we need your support on how we can implement DPS using custom certificates for our final product.