[MUST] Please follow up tutorial-x509-self-sign
At last stage, you need to run the following command for making .pem file:
openssl x509 -in prov_device1.crt -out prov_device1.pem -outform PEM
For your reference, prepare example log as below: Notice! device ID = "W5100S_EVB_PICO_PROV_X509"
MINGW64 ~/certi
$ openssl genpkey -out prov_device1.key -algorithm RSA -pkeyopt rsa_keygen_bits:2048
............+++++
...................................+++++
MINGW64 ~/certi
$ openssl req -new -key prov_device1.key -out prov_device1.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:.
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:W5100S_EVB_PICO_PROV_X509
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
MINGW64 ~/certi
$ openssl x509 -req -days 365 -in prov_device1.csr -signkey prov_device1.key -out prov_device1.crt
Signature ok
subject=CN = W5100S_EVB_PICO_PROV_X509
Getting Private key
MINGW64 ~/certi
$ openssl x509 -in prov_device1.crt -out prov_device1.pem -outform PEM
MINGW64 ~/certi
$ ls
prov_device1.crt prov_device1.key prov_device1.csr prov_device1.pem
MINGW64 ~/certi
$[MUST] For Device Provisioning service creation, please follow up the Quickstart: Set up the IoT Hub Device Provisioning Service with the Azure portal document first.
-
After creating DPS, get your "ID Scope" value
Connect DPS and IoT Hub service
Add individual enrollment
Use "prov_device1.pem" file generated in previous section
Check "Individual Enrollments" list
For more details,
-
Please refer How to manage device enrollments with Azure portal
-
Or please read Quickstart: Provision an X.509 certificate simulated device document as well.
- Get the key value from files (prov_device1.crt, prov_device1.key) as below:
- Edit
RP2040-HAT-AZURE-C/exmaples/sample_certs.cwith generated certificates as upper. For common name, Use "W5100S_EVB_PICO_PROV_X509" used in key generation.pico_az_CERTIFICATEandpico_az_PRIVATE_KEYuse key value from files (prov_device1.crt, prov_device1.key)pico_az_id_scopeuse "ID Scope" string from 1.2.1. Create Azure Device Provisioning servicepico_az_COMMON_NAMEuse "device ID" from 1.1. Developer PC - Generate Device self-signed certificates
const char pico_az_id_scope[] = "0ne00xxxx5A";
const char pico_az_COMMON_NAME[] = "W5100S_EVB_PICO_PROV_X509";
const char pico_az_CERTIFICATE[] =
"-----BEGIN CERTIFICATE-----""\n"
"MIIDrTCCApUCFG9+kOlk2I815L5XAGBX7DXNxGE+MA0GCSqGSIb3DQEBCwUAMIGS""\n"
"MQswCQYDVQQGEwJLUjEUMBIGA1UECAwLR3llb25nZ2ktZG8xFDASBgNVBAcMC1Nl""\n"
...
"AwyXH6BPlQhBylsB4J5psW9ptDNKDPwF5q9cC+UiER8nSoqo0nQkB/MFSqwpZ/t0""\n"
"F7Yi3Fh/3zOiiT3qJGbFq5hU6b+AWLFjEBf4STahhOm4""\n"
"-----END CERTIFICATE-----";
const char pico_az_PRIVATE_KEY[] =
"-----BEGIN PRIVATE KEY-----""\n"
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/+cTz9dwyx0oQ""\n"
"RZq4eefN3GV6CSAUjAEVabjwO8Oa92rxAVtNhuPuFSOQMsixfW0EwPMrtBqWJx0k""\n"
...
"DHuwsI6yH1KXJ8AhQ9N99JHM00oCxVb1whKQghatpe/+4daatxD6YEoGqypxUxGv""\n"
"NCv2+ABkemj5BI2RGP5cHHk=""\n"
"-----END PRIVATE KEY-----";In the following RP2040-HAT-AZURE-C/exmaples/main.c source file, find the line similar to this and replace it as you want:
(...)
// The application you wish to use should be uncommented
//
//#define APP_TELEMETRY
//#define APP_C2D
//#define APP_CLI_X509
#define APP_PROV_X509
// The application you wish to use DHCP mode should be uncommented
#define _DHCP
static wiz_NetInfo g_net_info =
{
.mac = {0x00, 0x08, 0xDC, 0x12, 0x34, 0x56}, // MAC address
.ip = {192, 168, 11, 2}, // IP address
.sn = {255, 255, 255, 0}, // Subnet Mask
.gw = {192, 168, 11, 1}, // Gateway
.dns = {8, 8, 8, 8}, // DNS server
#ifdef _DHCP
.dhcp = NETINFO_DHCP // DHCP enable/disable
#else
// this example uses static IP
.dhcp = NETINFO_STATIC
#endif
};Run make command
(PWD) RP2040-HAT-AZURE-C/build/examples
$ make
[ 12%] Built target AZURE_SDK_FILES
[ 12%] Built target bs2_default
[ 12%] Built target bs2_default_padded_checksummed_asm
[ 12%] Built target W5100S_FILES
[ 13%] Built target ETHERNET_FILES
[ 13%] Built target DHCP_FILES
[ 13%] Built target DNS_FILES
[ 21%] Built target SNTP_FILES
[ 43%] Built target AZURE_SDK_PORT_FILES
[ 43%] Performing build step for 'ELF2UF2Build'
[100%] Built target elf2uf2
[ 43%] No install step for 'ELF2UF2Build'
[ 43%] Completed 'ELF2UF2Build'
[ 44%] Built target ELF2UF2Build
[ 56%] Built target mbedcrypto
[ 58%] Built target mbedx509
[ 59%] Built target mbedtls
[ 66%] Built target TIMER_FILES
[ 73%] Built target SPI_FILES
Consolidate compiler generated dependencies of target main
[ 75%] Building C object examples/CMakeFiles/main.dir/main.c.obj
[ 75%] Linking CXX executable main.elf
[100%] Built target main
Open "COM" port to see debug code
(PWD) RP2040-HAT-AZURE-C/build/examples
$ cp main.uf2 /f/
Click "Refresh" until you find a provision device name
- After few seconds, you can find provison device from device list as belew:
Go to "Telemetry" menu, click "Start", and wait for incoming messages
Connect to Azure DPS (Device Provisioning Server)
Provision work is done
Send 2 messages to Azure IoT hub
You can see 2 messages from device as below:
