Comments (20)
This appears to be the root cause of the issue that you are facing. You will need to provide a .pfx file as input to the device client. The .pfx file should contain the private key of the cert generated. This private key will not be transmitted over the wire. But, it will be used to prove to the server that it is indeed the owner of the cert.
Our apologies that the documentation does not state this explicitly. We will update it to reflect this.
from azure-iot-sdk-csharp.
@CRACKbomber - Closing issue. Please let us know if still having problems.
from azure-iot-sdk-csharp.
looks like the cert that you are using is not valid? It's authorization exception.
from azure-iot-sdk-csharp.
It is a valid cert. It is our root dc cert. From my understanding the hub only holds onto the x509 thumbprint and when you want to connect it compares the stored thumprint to the one supplied with the auth mechanism.
from azure-iot-sdk-csharp.
Can you try adding a receiveAsync call in your code after the following line ?
_client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Mqtt);
_client.ReceiveAsync(TimeSpan.FromSeconds(2)).Wait();
from azure-iot-sdk-csharp.
Same thing, {"CONNECT failed: RefusedNotAuthorized"}
from azure-iot-sdk-csharp.
I have created a simple console app which uses X.509 certs and device methods. It works on my IoT Hub. Can you plug in the constant values at the top and try it out on your IoT hub and X.509 device?
from azure-iot-sdk-csharp.
Nope, same issue. I added the following to add the device and then try to auth. Still getting the same issue.
`var x509Certificate = GetX509Cert(CertSerial);
Device newDevice = new Device("TestingSSL");
newDevice.Authentication = new AuthenticationMechanism() { X509Thumbprint = new X509Thumbprint() { PrimaryThumbprint = x509Certificate.Thumbprint } };
RegistryManager registryManager = RegistryManager.CreateFromConnectionString(IotHubConnectionString);
await registryManager.AddDeviceAsync(newDevice);
Console.WriteLine("Retrieving Device using X.509 certificate for authentication");
var device = await registryManager.GetDeviceAsync("TestingSSL");`
from azure-iot-sdk-csharp.
From the service-side logs, it appears that the service is not receiving the client certificate.
Can you try changing the transport protocol to MQTT over Websocket like this:
_client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Mqtt_WebSocket_Only);
You could also try using another protocol like Amqp or Http:
__client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Amqp);
__client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Http1);
This will help us narrow down the issue that you are facing. Also, let us know which version of Windows the client is running on.
from azure-iot-sdk-csharp.
from azure-iot-sdk-csharp.
_client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Mqtt_WebSocket_Only);
Same unauthorized message
__client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Amqp);
Message = "The method or operation is not implemented."
__client = DeviceClient.Create("pc-iothub01.azure-devices.net", certAuth, TransportType.Http1);
It seems to work but when I try to invoke a method from a service client it gives
Message = "Device {"Message":"ErrorCode:DeviceNotOnline;Timed out waiting for device to connect.","ExceptionMessage":"Tracking ID:14d6bb5f477048198af4840d9279d68f-G:2-TimeStamp:03/08/2017 12:17:57"} not registered"
from azure-iot-sdk-csharp.
@CRACKbomber - Can you please provide which version of the SDK your are using? Thanks.
from azure-iot-sdk-csharp.
Microsoft.Azure.Devices.Client 1.2.4
Microsoft.Azure.Devices.Shared 1.0.7
Microsoft.Azure.Amqp 2.0.4
from azure-iot-sdk-csharp.
@CRACKbomber - Can you try using a self-signed cert - https://technet.microsoft.com/itpro/powershell/windows/pki/new-selfsignedcertificate ?
from azure-iot-sdk-csharp.
@rajeevmv I have
from azure-iot-sdk-csharp.
Can you share a self-signed cert that fails for you here? Please note that this should be a throwaway cert that you do not plan to use for any other purpose. I can try to use that cert using the sample I posted above and check if it works for me. I will need the private key as well in this case.
from azure-iot-sdk-csharp.
There is no private key in my cert.
pc-iothub01.zip
from azure-iot-sdk-csharp.
I will need a pfx file (which contains the private key) along with a password to read the file. (FYI: https://security.stackexchange.com/questions/29425/difference-between-pfx-and-cert-certificates). This is because the client will need the private key in order to successfully complete the TLS handshake with the service.
from azure-iot-sdk-csharp.
@rajeevmv Can you tell me how o make .pfx file. Any step by step helper link? I have same issue now.
from azure-iot-sdk-csharp.
Take a look at this link: http://windowsitpro.com/blog/creating-self-signed-certificates-powershell
from azure-iot-sdk-csharp.
Related Issues (20)
- IoT Edge not connecting to IOT Hub HOT 2
- Route data directly from opc publisher to rabbit mq is possible? HOT 2
- [Technical Question] [v2] How to set Properties on TelemetryMessage HOT 1
- [Bug Report] Upgrade dependency on Microsoft.Rest.ClientRuntime to Azure.Core HOT 2
- Microsoft.Azure.Devices.Client v1.42.0 has indirect security vulnerabilies HOT 3
- AOT-compatible Microsoft.Azure.Devices.Client HOT 1
- SDK version :2.0.0-preview007 CreateAsync() Json Error
- [Bug Report] WebSockets not working on Web Assembly HOT 1
- Latest device client does not connect over MQTT HOT 9
- Errors while running e2e tests with .NET 8.0 HOT 1
- How to use tpm private key for TLS with IoT Hub SDK (Not TPM Attestation) - for DeviceAuthenticationWithX509Certificate HOT 4
- [Bug Report] AMQP DeviceClient is slow to respond to device being disabled
- Desired Properties callback not triggering after a reconnect HOT 5
- [feature request] Move to System.Text.Json to support AOT HOT 2
- [Bug Report] DeviceClient.SendEventAsync takes over one minute after update from 1.42.0 to 1.42.2 HOT 7
- [BUG] error CS0426: The type name 'Create' does not exist in the type 'ServiceClient' HOT 1
- Building digital twin of the robotic arm [Technical Question] HOT 2
- How do I send data stored in array (floating type) from my robot to IoT hub? [Technical Question]
- [Bug Report] Fails to establish TPM connection HOT 1
- [Technical Question] Security: Check root certificate on device-to-cloud connection HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azure-iot-sdk-csharp.