https://devzone.nordicsemi.com/f/nordic-q-a/110707/nrf9160-azure-iot-hub-with-dps-share-certificatesHi everyone, we are currently developing a customer product, which connects to an Azure IoT Hub instance using DPS. We successfully tested this connection (over MQTT, TLS, X509) and it works so far. But along the developent there came up an interestingen-USTelligent Community 13Fri, 03 May 2024 12:58:39 GMThttps://devzone.nordicsemi.com/thread/481802?ContentTypeID=1Fri, 03 May 2024 12:58:39 GMT137ad170-7792-4731-bb38-c0d22fbe4515:02e00c08-1e77-49d5-a651-4306a8c79753dejans<p>Hi Thomas,<br /><br />You could read through&nbsp;<a href="https://learn.microsoft.com/en-us/azure/iot-dps/">IoT Hub DPS</a>&nbsp;documentation to check if DPS can be used the way you want (and expect), and that the usage of DPS actually aligns with your security requirements. In addition, you can read more about&nbsp;<a href="https://learn.microsoft.com/en-us/azure/iot-dps/concepts-symmetric-key-attestation?tabs=linux#install-the-derived-device-key">installing derived device key</a>&nbsp;in Azure documentation. Using symmetric keys for attestation keys does not have support in NCS, but you could potentially consider doing this on your own.<br /><br />Best regards,<br />Dejan</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/481702?ContentTypeID=1Fri, 03 May 2024 07:59:05 GMT137ad170-7792-4731-bb38-c0d22fbe4515:8754236b-683d-4e12-a765-46f14c22bdc1tkeilbach<p>Hi Dejan,</p> <p>just talked again with my colleague and he said, he created the diagram by his own based on the knowledge he gained from the Microsoft Azure IoT Hub Learn page and tested the setup with a python script. So this is no original Microsoft picture.</p> <p>Lets take one step back and let me summerize what we want to archive:</p> <ol> <li>Produce the device in the production facility (PCB assembly, download firmware, end test)</li> <li>Send a bunch of devices to a customer</li> <li>If the device gets turned on the first time, the device connects &#39;somehow&#39; to our prepared Azure cloud. If it is a known device (over the IMEI, the cloud knows which IMEI belongs to which customer) it gets everything it needs to connect to the right IoT Hub over a secure connection (TLS). This process must be done only once. If I understood it correctly, the &quot;Device Provision Service (DPS)&quot; is exactly doing this.</li> </ol> <p>Is there a way to provision the device like described above or is the only possible way to download the certificates already at production time?</p> <p>Best regards,</p> <p>Thomas</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/481669?ContentTypeID=1Fri, 03 May 2024 06:45:20 GMT137ad170-7792-4731-bb38-c0d22fbe4515:d05076be-a445-4efe-bb96-28860e583766dejans<p>Hi Thomas,<br /><br />Can you share the link to the Microsoft Azure IoT Hub Learn page where you took the screenshot from?<br /><br />Best regards,<br />Dejan</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/481558?ContentTypeID=1Thu, 02 May 2024 12:56:20 GMT137ad170-7792-4731-bb38-c0d22fbe4515:b5aa341a-9883-4ace-91a1-7ccfb6687832tkeilbach<p>Hi Dejan,</p> <p>thanks for your reply!</p> <p>Is there any other way to produce devices without adding individual certificates in production but to have the ability to connect to the Azure IoT Hub (and download the certificates and hub informationen while the device is in field / at the customer)?&nbsp;</p> <p>In general, Azure IoT Hub seems to support a mechanism to get the certificates from the the cloud:</p> <p><img style="max-height:244px;max-width:436px;" alt=" " height="244" src="https://devzone.nordicsemi.com/resized-image/__size/872x488/__key/communityserver-discussions-components-files/4/dps.jpg" width="436" /></p> <p>It uses the &quot;Symmetric Key Exchange&quot;, but the questions are:</p> <ol> <li>Does Nordics Implementation of &quot;Azure IoT Hub for embedded C&quot; in&nbsp;<span>nRF Connect SDK supports the symmetric key exchange? </span> <ol> <li><span>If not, is it limited to connect to the Azure IoT Hub (DPS service) only over TLS / X509 certificates?</span></li> <li>If not, would it be possible to add this feature in the library by Nordic / by us?</li> </ol> </li> <li>Is there a documentation for the Azure IoT Hub implemenation?&nbsp;</li> </ol> <p><span>BR</span></p> <p><span>Thomas</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/481315?ContentTypeID=1Tue, 30 Apr 2024 14:14:49 GMT137ad170-7792-4731-bb38-c0d22fbe4515:5f0b7638-ee16-48ff-8c2f-0586733778dddejans<p>Hi,<br /><br />It is not possible to have common device certificate. Certificates need to be for individual device. DPS does not send the certificate.<br /><br />Best regards,<br />Dejan</p><div style="clear:both;"></div>