This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Create Azure IoT Hub certificates

Hi,

I have been struggling with this for 2 days now, and I cannot get my head around the problem.

I want to send data from my nrf9160-dk to Azure IoT Hub via the sample application: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/samples/nrf9160/azure_iot_hub/README.html 

From this guide it is explained how to provision the nrf9160-dk to Azure IoT Hub: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/include/net/azure_iot_hub.html 

First I tried to create my own self-signed certificates with this tool: https://github.com/Azure/azure-iot-sdk-c/blob/master/tools/CACertificates/CACertificateOverview.md

I can upload the certificates to Azure and I can get them verified 

I have then created a new device called nrf9160 

As part of the certificate creator tool (https://github.com/Azure/azure-iot-sdk-c/blob/master/tools/CACertificates/CACertificateOverview.md) I also make a "leaf" device where I type in the device name (nrf9160). This creates private key and device certificate. This is uploaded to the nrf9160-dk   

The security tag is set to 10.

I then configure my prj.conf file 

CONFIG_AZURE_IOT_HUB_DEVICE_ID = "nrf9160"
CONFIG_AZURE_IOT_HUB_HOSTNAME = "azure hostname"
CONFIG_AZURE_IOT_HUB_SEC_TAG = 10
I compile and uploade... and when the application runs I get:
I can see from the provisioning page (https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/include/net/azure_iot_hub.html) that you say the root CA must be "Baltimore CyberTrust Root certificate" and that I then have to create my own private key and device certificate... but how it this done????
I have tried to hack the "certGen.sh" script but I also have to provide a key for the root CA.
I'm by no means a security expert, and I'm lost in how to create the correct certificates and private keys.
I would appreciate if you could tell me how to use the root certificate to create the private keys and device certificates.
Please advice with the openssl commands. Remember that Azure require "CN=" subjects!
I don't want to point any fingers but your "provisioning-of-the-certificates" (for a novice like me) is missing those basic steps to create the proper certificates.