Azure Device SDK fails to connect to IoTHub
I'm trying to connect to a Azure IoTHub via using the device client library. I'm already having a X509-certificate registered at the dps and my private key.
As this is going to be an emulator for an IoT-Device (for testing) I know that the certificates are valid and work for connecting to the IoTHub (at least if I use them on the IoT-Device).
But if I'm using the DeviceClient library, securityProvider.getSSLContext() fails with the following error:
Caused by: java.security.KeyStoreException: Certificate chain is not valid
I'm trying to connect to the iothub via
SecurityProvider securityProvider = new SecurityProviderX509Cert(clientCertificate, privateKey, Collections.singleton(ioTHubCaCertificate));
DeviceClient deviceClient = new DeviceClient("enox-iot-dev.azure-devices.net", deviceId, securityProvider, IotHubClientProtocol.MQTT);
deviceClient.open(true);
For the ioTHubCaCertificate I'm using the digicert certificate.
The certificate chain issue occurs because the jar has trouble verifying the signed JAR due to an inability to find a valid certification path. This is typically caused by missing or incorrect intermediate/root certificates.
To avoid this issue, you can directly use the certificate key as shown below:
private static final String MainPem = "-----BEGIN CERTIFICATE-----\n" +
"MjsjjxjhhxggIIFOjCCAyKgAwIBAgIJAPzMa6s7mj7+MA0GCSqGSIb3DQEBCwUAMCoxKDAmBgNV\n" +
...
"MDMwWhcNMjAzxxjjxMTIyMjEzMDMwWjAqMSgwJgYDVQQDDB9BenVyZSBJb1QgSHViIENB\n" +
"-----END CERTIFICATE-----";
I refer this MSDOC for an X.509 certificate simulated device connecting to Azure IoT Hub and code taken from git
SecurityProvider securityProviderX509 = new SecurityProviderX509Cert(leafPublicCert, leafPrivateKey, signerCertificates);
ProvisioningDeviceClient provisioningDeviceClient = ProvisioningDeviceClient.create(
GLOBAL_ENDPOINT,
ID_SCOPE,
PROVISIONING_DEVICE_CLIENT_TRANSPORT_PROTOCOL,
securityProviderX509);
ProvisioningDeviceClientRegistrationResult provisioningDeviceClientRegistrationResult = provisioningDeviceClient.registerDeviceSync();
provisioningDeviceClient.close();
if (provisioningDeviceClientRegistrationResult.getProvisioningDeviceClientStatus() == ProvisioningDeviceClientStatus.PROVISIONING_DEVICE_STATUS_ASSIGNED)
{
System.out.println("IotHub Uri : " + provisioningDeviceClientRegistrationResult.getIothubUri());
System.out.println("Device ID : " + provisioningDeviceClientRegistrationResult.getDeviceId());
// connect to iothub
String iotHubUri = provisioningDeviceClientRegistrationResult.getIothubUri();
String deviceId = provisioningDeviceClientRegistrationResult.getDeviceId();
DeviceClient deviceClient = new DeviceClient(iotHubUri, deviceId, securityProviderX509, IotHubClientProtocol.MQTT);
deviceClient.open(false);
System.out.println("Sending message from device to IoT Hub...");
deviceClient.sendEvent(new Message("Hello world!"));
deviceClient.close();
}
Refer to this git to directly connect with Azure IoT Hub using X.509 certificates without going through the Device Provisioning Service (DPS).
Update: Thanks, @Simon, for the additional statements below.
I don't want to open a discussion/an issue on openjdk because I can't do this on Github, so:
The root cause was this check. My ca-certificate had not the correct subject because it was from a sub-ca.
I really don't get what's the purpose of this. It is irritating for the developer because passing the certificate-chain seems like it is actually doing something with it. But this check really does not make any sense because you could easily create an unsigned certificate that just matches this one plain property.
- Azure Device SDK fails to connect to IoTHub
- Azure Service to Publish and Subscribe on custom topic same as available in AWS IoT
- Get deployment manifest from Iothub configuration using .net
- Stream Analytics doesn't output the data to SQL but does to a blob storage
- Availability check for IotHub Using Ping C# Does not work ICMP Echo packet in container as the outbound does not allow ICMP
- How to Consume the Latest Event with Azure Event Hubs Go SDK (azeventhubs)?
- Azure IoTEdge - Custom IoTEdge module unable to connect to Hub with Communication_Error
- Azure: Subscribing to an external MQTT Broker
- Unable to delete, crate or modify Event Subscription in Azure IoT Hub
- How can I do Device to Device communication using Azure
- Does an Azure IoT Hub Maintain both a device twin and a digital twin?
- System Properties of D2C IoT Hub messages not appearing within Route to Non Default Event Hub
- Stream Analytics - Output Device Messages Only Upon Change
- How to send a message to a device with self signed certification as authentication in Azure IoT Hub through the REST API
- Azure IOT Hub device update agent for windows or any supporting libraries in c#
- how to update "SKU" and messaging limit of an IOThub from Azure function app (isolated)
- Alternatives for azure-iot-hub python package
- Azure IoT DPS - Enrollment Group - Create Or Update - Rest API
- How do I use Azure IoT SDK (C#) to develop code to send data from my robotic arm to my IoT hub?
- Azure sdk receiving different error messages while trying to connect to IotHub when device is disabled
- Should one set the TransportType for the IoT Hub DeviceClient?
- Questions regarding X509 certificate authentication in Azure IotHub
- How to solve my message body from IoT device can't receive by azure functions via vscode/local
- How to send tool data from telemetry Azure IoT Hub to Azure Functions?
- Environment variable IOTEDGE_WORKLOADURI is required in Java azure IoT SDK using ModuleClient Class
- Using iotedgehubdev generated iothub modules don't run locally due to "repository name must be lowercase"
- Azure Cli get specific device twin
- Azure IoT C SDK: IoTHubDeviceClient_LL_SendTelemetryAsync vs IoTHubDeviceClient_LL_SendEventAsync
- Azure IotHub routing is not functioning
- What is the proper syntax to include a telemetry field in the Custom Endpoint Synthetic Partition Key Template for route to CosmosDB from Azure iotHub