Azure IoT hub certificates Expiration

Question

I have followed the Azure IoT Hub — nRF Connect SDK 1.6.99 documentation (nordicsemi.com) and was able to comminicate with Azure IoT hub.I have created rootCA and device certificates by following Tutorial - Use Microsoft scripts to create x.509 test certificates for Azure IoT Hub | Microsoft Docs . 
 
 Is rootCA,public and private certificates valid for only for 30 days ? or Is it just the rootCA certificate ? 
 I had some difficulties in generating rootCA for the second time from the same system and I created it another computer.Will that be an issue ? Do I need to create all the certifictaes in the same computer ? 
 Is it mandatory to delete the old rootCA certificate from IoT hub ?

Øyvind · Accepted Answer

Hello, 
 Is rootCA,public and private certificates valid for only for 30 days ? or Is it just the rootCA certificate ? 
 Certificate expiration is user defined, they can pick whatever duration they want. Typically you want something very long for the device certificate (like 30 years). 
 I had some difficulties in generating rootCA for the second time from the same system and I created it another computer.Will that be an issue ? Do I need to create all the certifictaes in the same computer ? 
 No. Certificates are in the end random strings, they can be generated everywhere and don't need to be generated on the same device. 
 Is it mandatory to delete the old rootCA certificate from IoT hub ? 
 No, Azure IoT Hub allows multiple root CAs in DPS: https://docs.microsoft.com/en-us/azure/iot-dps/tutorial-custom-hsm-enrollment-group-x509 . Kind regards, Øyvind

Azure IoT hub certificates Expiration

Top Replies