1

With the now deprecated azure-iot-python-skd version 1 it was possible to connect a downstream device using X.509 authentication to a transparent iotedge enabled gateway by setting the connection string like this: HostName=<edge device hostname>;DeviceId=<device_id>;x509=true

And then set the certificates by using set_option("TrustedCerts" ...), set_option("x509certificate", ...) and set_option("x509privatekey", ...)

How can this be done with the new version 2 sdk?

I could not figure out how to do it using create_from_x509_certificate(...) or create_from_connection_string(...).

meshell
  • 11
  • 1

2 Answers2

1

create_from_connection_string will not work in this case. You need to use create_from_x509_certificate as below:-

self.device_client = IoTHubDeviceClient.create_from_x509_certificate(
           x509=x509, 
           hostname=hostname,
           device_id=device_id,
           server_verification_cert=root_ca_cert,
           gateway_hostname=gatewayHostname
)

Refer this ticket which is the bug fix done by MS team

iAviator
  • 1,310
  • 13
  • 31
0

please try the following where you pass in your root_ca_cert as a string:

Create instance of the device client using the connection string:

device_client = IoTHubDeviceClient.create_from_connection_string(connection_string=YOUR CONNECTION STRING,server_verification_cert=YOUR ROOT CA AS STRING)

await device_client.connect()

elhorton
  • 11
  • 1
  • Sadly this does not work, because the downstream device uses x509 CA authentication and not a connection string as you are suggesting. – meshell Apr 18 '20 at 22:36
  • sorry not sure I understand the issue... if authenticating via an x509 cert, you can create the device client from the cert used in the connection string. See this sample: https://github.com/Azure/azure-iot-sdk-python/blob/master/azure-iot-device/samples/async-edge-scenarios/send_message_downstream.py – elhorton Apr 27 '20 at 18:25