I'm using custom hardware with an nrf9151 I'm trying to provision to Azure.
The cloud software company I'm working with has performed all the steps here:
https://docs.nordicsemi.com/bundle/ncs-2.6.1/page/nrf/libraries/networking/azure_iot_hub.html
up to the point where I need to generate the private key internally for the more secure option.
I have a sub-ca-cert.pem file from my cloud software company. I have successfully used the Modem Shell to send commands over RTT since I have no Uart available. I have used "at at%keygen=1000,2,0,," to create a csr file.
To create the csr pem file, I took the modem response and copied and pasted into a py script that I cut from credstore.py of nrfcredstore:
l = '%KEYGEN: "MIIBCjCBrwIBADAv..."'
keygen_output = l.replace('%KEYGEN: "', '')
csr_der_b64 = keygen_output.split('.')[0]
csr_der_bytes = base64.urlsafe_b64decode(csr_der_b64 + '===')
file=open("client-csr.der","wb")
file.write(csr_der_bytes)
file.close()
I then I used openssl to convert the created der file to pem.
Then, I tried running cert_tool.py sign --sub-key ca/sub-ca-cert.pem --client-csr client/client-csr.pem and I get an error:
ValueError: ('Could not deserialize key data. The data may be in an incorrect format, the provided password may be incorrect, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).', [<OpenSSLError(code=503841036, lib=60, reason=524556, reason_text=unsupported)>])
Anything I'm missing? Doing wrong?
Couple things: not sure why the modem output via RTT has underscores and dashes but the generated pem file replaces them with + and /.
Also, not sure why the +'===' is in the py script. They don't show up in the resultant pem file. I tried adding them in manually and that didn't work either.
Do I need to do anything with the data after the '.' in the modem response? There's no mention of it in the instructions and the nrfcredstore doesn't look like it's doing anything with it.
Thanks!
