Hi,
I'm developing a device that needs to be able to securely connect to a MQTT Broker using certificates signed by a CA.
In short, I already have that working when connecting to a self-hosted Mosquitto MQTT broker
Where
1) The nrf9151dk generates a CSR using AT%KEYGEN with CN=<imei>
2) The CSR is sent through a nrf54h20dk and to the host over USB
3) The host returns the CA signed certificate
4) The certificate is loaded into the nrf9151dk modem
5) nrf9151dk connects to the broker
All of the above steps works as expected.
But, now I'm trying to replace the self-hosted Mosquitto MQTT instance with a managed Azure Event Grid MQTT (PubSub) broker' - Azure Event Grid | Microsoft Learn using CA signed certificates Azure Event Grid MQTT client certificate authentication - Azure Event Grid | Microsoft Learn
Here I'm running into issues where:
To be able to use a CA Signed client certificate towards Azure Event Grid, it must have an identifier in one of the supported fields:
| Authentication name source option | Certificate field | Description |
|---|---|---|
| Certificate Subject Name | tls_client_auth_subject_dn | The subject distinguished name of the certificate. |
| Certificate Dns | tls_client_auth_san_dns | The dNSName SAN entry in the certificate. |
| Certificate Uri | tls_client_auth_san_uri | The uniformResourceIdentifier SAN entry in the certificate. |
| Certificate Ip | tls_client_auth_san_ip | The IPv4 or IPv6 address present in the iPAddress SAN entry in the certificate. |
| Certificate Email | tls_client_auth_san_email | The rfc822Name SAN entry in the certificate. |
Buuut, according to https://docs.nordicsemi.com/bundle/ref_at_commands/page/REF/at_commands/security/keygen_set.html
None of the above certificate fields are supported by the modem.
Have you had any experience / heard a solution to this?
