I am planning to use azure IoT edge as an Identity gateway for my TCP/IP device which is non-programmable and I am only allowed to change IP address and port number in the device but when I go through this document I found that they had used the transparent gateway along with identity protocol gateway so I am confused whether I have to install X-509 certificate on the device or not because when I read the documentation of transparent gateway it required device certificate for authentication purpose.this
Asked
Active
Viewed 131 times
0
-
Can you remove amazon-web-services tag from your question? – asergaz Aug 24 '21 at 08:38
1 Answers
0
When Azure IoT Edge is acting as a protocol or identity translation gateway you can opt-out from installing X-509 certificates in your downstream devices.
The sample on Azure IoT Edge Identity Translation Lite: Sample on implementing Identity Translation at the edge allows your downstream devices to send messages to an MQTT Module in an unsecure way (using http), though the modules in IoTEdge need to be authenticated with X509 certificates to establish trust with IoTHub.
IoT Edge certificates are used by the modules and downstream IoT devices to verify the identity and legitimacy of the IoT Edge hub runtime module. These verifications enable a TLS (transport layer security) secure connection between the runtime, the modules, and the IoT devices. Like IoT Hub itself, IoT Edge requires a secure and encrypted connection from IoT downstream (or leaf) devices and IoT Edge modules. To establish a secure TLS connection, the IoT Edge hub module presents a server certificate chain to connecting clients in order for them to verify its identity.
Ref: https://learn.microsoft.com/en-in/azure/iot-edge/iot-edge-certs?view=iotedge-2020-11
asergaz
- 996
- 5
- 17