-3

Because IoT Hub is not a broker, I want to use a Raspberry Pi as a broker which devices can communicate with, and the Raspberry Pi sends messages it receives to IoT Hub. After intallation of Mosquitto on Raspberry this is my file of configuration mosquitto:

connection iothub-bridge   
log_type all  
address your hub.azure-devices.net:8883  
remote_username your hub.azure-devices.net/your device  
remote_password sas token  
remote_clientid your device  
bridge_cafile /home/pi/baltimore.pem  
try_private false  
cleansession true  
start_type automatic  
bridge_insecure false  
bridge_protocol_version mqttv311  
bridge_tls_version tlsv1.2  
notifications false  
notification_topic events/  
topic  devices/Your device/messages/events/

The problem is a SAS token is used for few hours and will expire, I want a solution to replace SAS TOKEN and work for forever.

Matthijs van der Veer
  • 3,865
  • 2
  • 12
  • 22
You La
  • 21
  • 5
  • Hi Youcef, the configuration in its current state is unreadable. Could you update the formatting? As for your question, have you looked into using IoT Edge as a transparent gateway? There are good resources [here](http://busbyland.com/connect-mqtt-client-to-azure-iot-edge/) and [here](http://busbyland.com/mosquitto-mqtt-broker-to-iot-hub-iot-edge/) on how to achieve your goal. – Matthijs van der Veer Aug 20 '20 at 08:24
  • Yes exactly what i followed to set up this configuration, need answer for the problem of SAS Token ?? Thank you – You La Aug 20 '20 at 08:37
  • You can specify the expiration date for a SAS token, I think the maximum is 365 days, but *forever* is not a possibility. Alternatively you can use [X509](https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-security#supported-x509-certificates), they also come with an expiration date. – Matthijs van der Veer Aug 20 '20 at 09:08
  • how can i generate certaficate x509 for this case ? do you have a tutorial step by step please ? not a documentation of microsoft because is not helpful for me , thanks – You La Aug 20 '20 at 17:30

1 Answers1

2

Glad you enjoyed my blog posts :-).

As Matthijs said, maximum in device explorer or similar for a SAS token generation is 365 days, but with the Azure IoT CLI you can go much longer. For example, this command creates one for 10 years (315,360,000 seconds)

az iot hub generate-sas-token -n [your iot hub] -d [your device id] --du 315360000

As Matthijs also said, you cannot generate one that never expires. I tried generating one for 100 years (3,153,600,000 seconds) and it seems to have worked

I will caveat that I didn't actually try to connect the devices above to IoT Hub.

With that said, it's not a great security practice to have SAS tokens for that long, but as long as you are clear on the risks involved, I think it's technically feasible.

Steve Busby - MSFT
  • 283
  • 1
  • 8