Following the guide on developer.nordicsemi.com/.../azure_iot_hub.html I was successfully able to add a device to the enrollment group and then automagically create a device in IoTHub.
Excellent!
However, upon adding a _second_ device, I get stuck here:
$ az iot dps enrollment create --enrollment-id $DEVICE_CN --device-id $DEVICE_CN \
--provisioning-status enabled --resource-group $RESGROUP \
--iot-hubs $IOTHUB_URL --attestation-type x509 \
--certificate-path certs/client-cert.pem --dps-name $DPS \
--allocation-policy static > /dev/null
ERROR: {'code': 409201, 'message': 'Enrollment already exists.', 'trackingId': 'opaque-tracking-id'}
DEVICE_CN comes from the section "Generate and provision device certificates", where I create the device cert using nrfcredstore on the modem:
$ nrfcredstore <serial port> generate <sec tag> certs/client-csr.der
$ openssl req -inform DER -in certs/client-csr.der -outform PEM -out certs/client-csr.pem
$ cert_tool.py sign
Signing certificate with CN: <guid>
Signed client certificate saved as certs/client-cert.pem
Now, it says "take note of the CN, as it will be required later".
The problem is that the CN is always the same, if I delete all data from <sec tag> on the device and re-run the generation code.
It's obvious that you cannot have same ID for enrollment and device, so the question is which of these assumptions is/are correct:
A. are the instructions wrong and the CN should _not_ be used for enrollment-ID and device-ID, or
B. are my CN identical when they should not be, or
C. does "nrfcredstore generate" always create the same private key/cert which would then also make the CN be the same?
Thanks!
