The X.509 certificate helps to identify the device on IoT Hub using public and private keys stored within the certificate.
The developer test many scenarios during the development, so every time buying the new certificate and device for development is not possible, so we required something virtual but gives a real-life experience, so by considering time and cost, we will create the test certificates locally and test the Azure IoT experience. Microsoft has provided the sample PowerShell script on GitHub to generate the X.509 certificates.
Step 1: Copy the PowerShell Script
Copy the following PowerShell script and save it on your PC storage location as GenerateTestCertificate.ps1 or whatever name you wish, just make sure you have saved the file having an extension .ps1.
# Copyright (c) Microsoft. All rights reserved.
# Licensed under the MIT license. See LICENSE file in the project root for full license information.
Param(
$deviceName = "iothubx509device1",
$certificateValidityInYears = 1
)
$cert = New-SelfSignedCertificate `
-Type Custom `
-Subject "CN=$deviceName, O=TEST, C=US" `
-KeySpec Signature `
-KeyExportPolicy Exportable `
-HashAlgorithm sha256 `
-KeyLength 2048 `
-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") `
-CertStoreLocation "Cert:\CurrentUser\My" `
-NotAfter (Get-Date).AddYears($certificateValidityInYears)
Write-Host "Generated the certificate:"
Write-Host $cert
Write-Host "Enter the PFX password:"
$password = Read-Host -AsSecureString
$cert | Export-PfxCertificate -FilePath certificate.pfx -Password $password
Set-Content -Path certificate.cer -Value ([Convert]::ToBase64String($cert.RawData)) -Encoding Ascii
I have saved the file on my E drive in the Cert folder which looks like as follows.
Step 2: Open the PowerShell ISE
Now open the PowerShell ISE command prompt in administrative mode as follows.
Make sure it's PowerShell ISE, not just PowerShell command prompt.
Step 3: Change The Directory
Change the directory location where your generate test certificate PowerShell file is located. In this article, the file is located under the E Drive Cert folder.
In the preceding image, the path is set to the Cert folder using the CD command in which our PowerShell Script file is located.
Step 4: Load GenerateTestCertificate.ps1 File
As shown in the following image, load the GenerateTestCertificate.ps1 file and provide the parameter which is a CA (common name of the certificate) which internally can be become as a DeviceId of the IoT device. Make sure you are following the command syntax exactly as shown in the below image.
Once all details are given as shown in the image, then press the enter key on your keyboard, it will prompt the following screen. Provide the password for the pfx certificate and remember the password which is required during the provisioning the device on IoT Hub.
Once you enter the password press the enter or OK button as shown in the preceding image. Once the certificates are successfully generated, the following details are shown on the PowerShell command prompt.
There are two certificates created with the preceding procedure that are password-protected PKCS12 formatted file (certificate.pfx) and public key certificate file (certificate.cer).
The created certificates files are stored in the same location as your GenerateTestCertificate.ps1 file. Now navigate to the my E drive cert folder where you will see the created file.
As you see in the preceding image, the X.509 self signed certificates are created that are password-protected PKCS12 formatted file certificate.pfx and public key certificate file certificate.cer.
Both the certificates are required to authenticate the single device that is a public key certificate used to enroll the device on Azure device provisioning service and password protected .Pfx required to identify the device identity and provision the device on IoT Hub.
Note
- These certificates are only for testing purposes, don’t use for the production.
- Please buy the certificates from the respective device certificate authority for production requirement.
Summary
I hope from the preceding explanation you have learned how to create the X.509 test certificate using the PowerShell. If you are facing any issue during generating the certificates, then you can use the comment box to ask your queries.
Related articles
Post a Comment