如何自动管理 Azure IoT Edge 证书
[英]How to manage automatically Azure IoT Edge certificates
问题描述
I've read from here and here that every IoT Edge device in production needs a device certificate authority (CA) certificate installed on it.
我从此处和此处了解到,生产中的每个 IoT Edge 设备都需要在其上安装设备证书颁发机构 (CA) 证书。 Otherwise the IoT Edge runtime will install a temporary certificate lasting 90 days, at the end of which the runtime must be restarted.否则,IoT Edge 运行时将安装一个持续 90 天的临时证书,到期后必须重新启动运行时。 Since I've a lot of different edge devices to manage and it's unfeasible to do manual operations such as moving certificates inside each provisioned device and modifying manually the config.yaml file of the edge runtime, what can be done in order to proper set up production certificates automatically?由于我有很多不同的边缘设备要管理,并且无法进行手动操作,例如在每个配置的设备内移动证书并手动修改边缘运行时的config.yaml文件,可以做些什么来正确设置自动生产证书?
1 个解决方案
解决方案1
0 2021-08-25 13:16:38
You need to provide the "production certificates" as explained here: Manage device certificates - Azure IoT Edge .您需要提供“生产证书”,如下所述: 管理设备证书 - Azure IoT Edge 。 If you have own CA, you can create the certificates and assign to the devices, if not, you will need to opt between use commercial certificates (initially recommended for production environments) or use self signed certificates.如果您有自己的 CA,您可以创建证书并分配给设备,如果没有,您将需要在使用商业证书(最初推荐用于生产环境)或使用自签名证书之间进行选择。 Currently there is an effort towards having a managed service (within DPS) to provide the certificate management, but is currently under development目前正在努力使用托管服务(在 DPS 内)来提供证书管理,但目前正在开发中
To mention that either using commercial certificates or self-signed ones, you will need to take care of certificate rotation before the expiration (if using self-signed certs, you need to take care of the emission and custody).顺便提一下,无论是使用商业证书还是自签名证书,您都需要在到期前注意证书轮换(如果使用自签名证书,则需要注意排放和保管)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.