Skip to content

Latest commit

 

History

History
152 lines (100 loc) · 9.19 KB

quick-create-simulated-device-x509-node.md

File metadata and controls

152 lines (100 loc) · 9.19 KB

title: Provision simulated X.509 device to Azure IoT Hub using Node.js description: Create and provision a simulated X.509 device using Node.js device SDK for Azure IoT Hub Device Provisioning Service (DPS).This quickstart uses individual enrollments. author: wesmc7777 ms.author: wesmc ms.date: 11/08/2018 ms.topic: quickstart ms.service: iot-dps services: iot-dps ms.devlang: nodejs ms.custom: mvc

Quickstart: Create and provision an X.509 simulated device using Node.js device SDK for IoT Hub Device Provisioning Service

[!INCLUDE iot-dps-selector-quick-create-simulated-device-x509]

In this quickstart, you create a simulated X.509 device on a Windows computer. You use device sample Node.js code to connect this simulated device with your IoT hub using an individual enrollment with the Device Provisioning Service (DPS).

Prerequisites

[!INCLUDE IoT Device Provisioning Service basic]

Prepare the environment

  1. Complete the steps in the Setup IoT Hub Device Provisioning Service with the Azure portal before you proceed.

  2. Make sure you have Node.js v4.0 or above installed on your machine.

  3. Make sure Git is installed on your machine and is added to the environment variables accessible to the command window.

  4. Make sure OpenSSL is installed on your machine and is added to the environment variables accessible to the command window. This library can either be built and installed from source or downloaded and installed from a third party such as this.

    [!NOTE] If you have already created your root, intermediate, and/or leaf X.509 certificates, you may skip this step and all following steps regarding certificate generation.

Create a self-signed X.509 device certificate and individual enrollment entry

In this section you, will use a self-signed X.509 certificate, it is important to keep in mind the following:

  • Self-signed certificates are for testing only, and should not be used in production.
  • The default expiration date for a self-signed certificate is one year.

You will use sample code from the Azure IoT SDK for Node.js to create the certificate to be used with the individual enrollment entry for the simulated device.

The Azure IoT Device Provisioning Service supports two types of enrollments:

This article demonstrates individual enrollments.

  1. Open a command prompt. Clone the GitHub repo for the code samples:

    git clone https://github.com/Azure/azure-iot-sdk-node.git --recursive

  2. Navigate to the certificate generator script and build the project.

    cd azure-iot-sdk-node/provisioning/tools
npm install

  3. Create a leaf X.509 certificate by running the script using your own certificate-name. The leaf certificate's common name becomes the Registration ID so be sure to only use lower-case alphanumerics and hyphens.

    node create_test_cert.js device {certificate-name}

  4. Sign in to the Azure portal, select the All resources button on the left-hand menu and open your Device Provisioning Service instance.

  5. From the Device Provisioning Service menu, select Manage enrollments. Select Individual Enrollments tab and select the Add individual enrollment button at the top.

  6. In the Add Enrollment panel, enter the following information:

    • Select X.509 as the identity attestation Mechanism.

    • Under the Primary certificate .pem or .cer file, choose Select a file to select the certificate file {certificate-name}_cert.pem created in the previous steps.

    • Optionally, you may provide the following information:

      • Select an IoT hub linked with your provisioning service.
      • Enter a unique device ID. Make sure to avoid sensitive data while naming your device.
      • Update the Initial device twin state with the desired initial configuration for the device.
      • Once complete, press the Save button.

      Add individual enrollment for X.509 attestation in the portal

      On successful enrollment, your X.509 device appears as {certificatename} under the Registration ID column in the Individual Enrollments tab. Note this value for later.

Simulate the device

The Azure IoT Hub Node.js Device SDK provides an easy way to simulate a device. For further reading, see Device concepts.

  1. In the Azure portal, select the Overview blade for your Device Provisioning service and note the GLobal Device Endpoint and ID Scope values.

    Extract Device Provisioning Service endpoint information from the portal blade

  2. Copy your certificate and key to the sample folder.

    copy .\{certificate-name}_cert.pem ..\device\samples\{certificate-name}_cert.pem
copy .\{certificate-name}_key.pem ..\device\samples\{certificate-name}_key.pem

  3. Navigate to the device test script and build the project.

    cd ..\device\samples
npm install

  4. Edit the register_x509.js file. Save the file after making the following changes.

    • Replace provisioning host with the Global Device Endpoint noted in Step 1 above.
    • Replace id scope with the ID Scope noted in Step 1 above.
    • Replace registration id with the Registration ID noted in the previous section.
    • Replace cert filename and key filename with the files you copied in Step 2 above.

  5. Execute the script and verify the device was provisioned successfully.

    node register_x509.js

  6. In the portal, navigate to the IoT hub linked to your provisioning service and open the IoT devices blade. On successful provisioning of the simulated X.509 device to the hub, its device ID appears on the IoT devices blade, with STATUS as enabled. You might need to press the Refresh button at the top if you already opened the blade prior to running the sample device application.

    Device is registered with the IoT hub

    If you changed the initial device twin state from the default value in the enrollment entry for your device, it can pull the desired twin state from the hub and act accordingly. For more information, see Understand and use device twins in IoT Hub.

Clean up resources

If you plan to continue working on and exploring the device client sample, do not clean up the resources created in this quickstart. If you do not plan to continue, use the following steps to delete all resources created by this quickstart.

  1. Close the device client sample output window on your machine.
  2. From the left-hand menu in the Azure portal, select All resources and then select your Device Provisioning service. Open the Manage Enrollments blade for your service, and then select the Individual Enrollments tab. Select the check box next to the REGISTRATION ID of the device you enrolled in this quickstart, and press the Delete button at the top of the pane.
  3. From the left-hand menu in the Azure portal, select All resources and then select your IoT hub. Open the IoT devices blade for your hub, select the check box next to the DEVICE ID of the device you registered in this quickstart, and then press the Delete button at the top of the pane.

Next steps

In this quickstart, you’ve created a simulated X.509 device and provisioned it to your IoT hub using the Azure IoT Hub Device Provisioning Service on the portal. To learn how to enroll your X.509 device programmatically, continue to the quickstart for programmatic enrollment of X.509 devices.

[!div class="nextstepaction"] Azure quickstart - Enroll X.509 devices to Azure IoT Hub Device Provisioning Service