Support X.509 certificates in IoT Edge for Raspbian (Linux) and the Device Provisioning Service (DPS)
We are using a Raspberry Pi Zero W for a large-scale IoT sensor rollout. Our plan is to use IoT Edge on Raspbian (Linux) to run our Python software on the devices and leverage the IoT hub to deploy our code via modules to our devices. We also want to use the IoT hub Device Provisioning Service to further automate the rollout of newly added devices. The goal is to make this scalable to 1.000 devices as a Proof of Concept, and in a production phase scale up to 50.000-100.000 devices.
We've tried to follow the tutorial by Microsoft to run auto-provisioning-service:
When this didn't work we opened a Github ticket:
There it was mentioned that IoT Edge needs to support X.509 certificates for this to be possible, since the Raspberry Pi does not have a TPM chip on board. That's why we are requesting to support X.509 certificates for IoT Edge and the DPS.
This is now available in the 1.0.9 release.
@Supreet, the changes for x509 certs shouldn't effect modules. The x509 cert is used for the device to connect to IoT Hub. Please file a bug on our GitHub issues page (https://github.com/azure/iotedge/issues) if you're seeing differences in module behavior when you switch to using x509 certs.
@Hubert, we found a couple issues in RC4 which is going to push the release out to early February.
Hubert Richard commented
Status pointer? Thanks!
Supreet Shanbhag commented
Using the iot edge release 1.0.9-rc3, DPS is working fine with X509 (connecting with DPS, module download is successful).
But the data sent from downloaded edge module is not received in the cloud.
Can anybody point out the changes for the edge module to work with X509 certificate? (C SDK)
Note: Using manual provisioning method, data sent from same IoT Edge module used with X509 Certificate is received in the cloud.
Servicing releases for 1.0.8 have taken priority over releasing 1.0.9. We're now shooting to have 1.0.9 out in mid January.
Emmanuel Bertrand commented
This is coming with IoT Edge's next release: 1.0.9 for which there should be a Release Candidate out by the end of next week.
look forward to the new features which iot edge dps support x.509 certificate and symmetric key.
This feature has been feedback for a long time.
Peter Michael commented
8 months and still no update on this...
Any one aware of the current status? Has the work been terminated? If yes, we need to look elsewhere.
Agree with ben below.
Any update on when we can expect this feature?
Not having this feature makes the RPI in the Azure IoT Edge eco-system pretty much useless...