Do I need to set up a PKI to secure D2C and C2D (IOT) communication in Azure?
Question
Im wondering if I need to set up a Public Key Infrastructure in order to ensure a secure Device to Cloud and Cloud to Device connection? I have several IoT devices which should communicate over MQTT. To ensure that the device X is actually device X that is sending the data to IoT Hub in Azure, do i need to set up a Managed PKI? I've read several microsoft documentations but I did not understand. Do I only have to upload the device certificate in Azure IoT Hub and afterwards when writing the device client give the device certificate as parameter? How can I achieve a secure communication between the device and Azure and also make sure that the device is the device it is pretending to be?
1 answers
solution1
0 2022-09-22 13:53:27
You have two options to secure device connections to IoT Hub. In both cases, you need to register your device in the IoT Hub device registry before it can connect:
- SAS tokens. You can obtain a SAS token for a device from the device registry. When the device presents the token, IoT Hub verifies that it was issued by your IoT hub and that the device is registered.
- X.509 certificates. This approach requires you to upload a root or intermediate certificate to your IoT hub. If a device presents a leaf certificate derived from the root or intermediate certificate, then it's allowed to connect.
To learn more, seehttps://learn.microsoft.com/azure/iot-hub/iot-hub-dev-guide-sas .
Additionally, IoT Hub uses TLS to secure all communications. See: https://learn.microsoft.com/azure/iot-hub/iot-hub-tls-support . This typically doesn't require any setup or configuration on your behalf before it's allowed to connect.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.