I am trying to publish some data on an Azure IoT hub using Mqtt. I have successfully published some data using the SAS token.
But my client wants to receive a self-declared and self-signed x509 certificate. Azure supports this, but does not provide much information about it. ( https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-security#supported-x509-certificates )
Self-generated and self-signed X-509 certificate. The device manufacturer or internal deployer can create these certificates and save the corresponding private key (and certificate) on the device. You can use tools such as OpenSSL and Windows SelfSignedCertificate for this purpose.
Note The IoT Hub does not require or store the entire X.509 certificate, only the fingerprint.
As a result, I created a CA certificate and a key.
$openssl req -newkey rsa:2048 -x509 -nodes -sha256 -days 365 -extensions v3_ca -keyout ca.key -out ca.crt
Created client key and request for signature
$openssl genrsa -out client.key 2048 $openssl req -new -sha256 -out client.csr -key client.key
Signed a request and created a certificate
$openssl x509 -req -sha256 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -CAserial ca.srl -out client.crt -days 365
I uploaded the client key and certificate to the modem. And inserted the fingerprint of the client certificate.
The modem can successfully connect to myhub.azure-devices.net/deviceId (port 8883) But when new data arrives, it cannot decode it.
Iβm kind of stuck from now on. I tried to use MqttFx but no luck.
Maybe someone pushed me in the right direction here?