0

I'm on the way to integrate an IoT solution to the Azure IoT Hub but I would be sure nobody can route my requests to another Hub Provided by Azure.

Since every Azure IoTHub is by default protected by Baltimore Certificate, I would like to use my own certificate but cannot manage to find how to do it and what should this new certificate respect.

The Azure IoT-Hub blade on portal contains a certificate pane but this seems to be more related to clients certificates.

If anyone already did it, I would appreciate some help.

Julien
  • 1
  • 1

1 Answers1

1

I'm not quite sure what issue you are trying to address. The Baltimore certificate is the root certificate from which the IoT hub certificate is a descendent. It allows your client to verify the other end of the connection as an IoT hub. Your requests can't be routed to another hub because you would be authenticating as a device on your hub. That will be rejected if you were to try and connect to another hub.

The short answer is no, you cannot change the IoT hub server's certificates. A mechanism for you to provide your own certificate chain currently does not exist.

Mark Radbourne
  • 528
  • 3
  • 12
  • Hi Mark, thanks for that explanation, I thought each IoTHubs were independent and I could specialize it. Here, you are talking about single IoTHub as I understand. As you said, Baltimore certificate is here to prove I'm connecting to an IoTHub but I would be sure I'm connecting to mine what seems only possible by applying SAS identification (and not device certificates) – Julien May 16 '19 at 06:38
  • 1
    Not quite true. You can use X.509 authentication instead of a SAS token. For this you need to upload your root CA to your hub that is the parent of all you device certificates. Alternatively there is a mechanism that let's you use a self signed certificate on your device for authentication. Doing this though, the Baltimore certificate is still the root of the certificate sent by the server to allow you to be sure you are talking to an IoT hub. The X.509 certificate sent by the client allows the IoT hub to authenticate your device. Hope that helps. – Mark Radbourne May 20 '19 at 22:51