Search code examples
azure-iot-hubazure-iot-edgeazure-iot-dps

Update certificate for an individual enrollment in azure DPS via REST API


I am doing operations on azure DPS via REST apis. I am able to post a new provision successfully in "Create new individual enrollment", via REST API.The Url is used is, "https://name.azure-devices-provisioning.net/enrollments/registrationId?api-version=2019-03-31";. My current task is to update the certificate for an individual enrollment in DPS. I am extracting the body of the certificate and attaching it to the request body and doing the PUT operation. But I am getting an error saying "Enrollment already exists with different cert info". I am providing the content-type and authorization sas token as headers. And in request body, I am passing the eTag along. I guess I have cleared all the pre-requisites for an update operation. Please help me to understand if I am doing something wrong here. Thanks in advance!


Solution

  • We can start by step by step process where I have successfully updated my x509 certificate with Azure DPS via REST API call. I hope this helps with your query.

    Step1: Create the Individual Enrollment with the x509 certificate, pass it in base64 format. Please make a note of the 'eTag' value in the response.

    61573-image.png

    Verify In the Azure DPS portal. I see the thumbprint matches my x509 certificate.

    61603-image.png

    Step 2: Now time for updating the existing Enrollment with a new certificate. use the base64 format. use the "If-Match" in the request header and the value is the "eTag" obtained/copied from the previous step.

    Below image shows the Request Header with the "If-match =eTag" for updating the existing entity. 61544-image.png

    Finally, we can see the response is a success for the update operation.

    61518-image.png

    Verify In the Azure DPS portal. I see the thumbprint matches my new x509 certificate.

    61588-image.png

    Sample Request body, in case, if it is useful to anyone.

     {
      "attestation": {
             "type": "x509",
             "X509": {
                "clientCertificates": {
                                    "primary":{
                                     "certificate":"base64 string of your cert"
                                     }
                                     }    
                                       }
         },
     "registrationId":"testenrollment10",
     "capabilities":{"iotEdge":false},
     "provisioningStatus": "enabled"
     }
    

    Please leave your comment below to this response if you need further help in this matter.