The attestation Mechanism is the process of cross verifying the enrolled device identity during the device registration on IoT Hub, Device Provisioning Service supports the following attestation mechanism
Now let's learn how to enroll devices using the above attestation mechanisms
Device Enrollment Using X.509
X.509 certificate is the security certificate which includes the authentication details about the device, X.509 certificate can be provided by a device manufacturer which they can buy from the authorized certificate provider such as CA.
For development and testing purposes we can create the x.509 certificate by using the tools like PowerShell or Openssl etc. I will show in the separate article how to generate an x.509 certificates.
I have x.509 certificates on my pc which I have generated using the PowerShell
Now choose x.509 attestation mechanism from the dropdown list and choose device.cer certificate as shown in the following image
After uploading the certificate provide the following optional details
IoT Hub Device Id
Provide the Device Id name which is the unique per x.509 certificate, This is optional, if you do not provide the device Id then registration id becomes the deviceid on Azure IoT hub
IoT Edge Device
Choose between true or false which indicates if its true then its as edge device else its an IoT device
Device Allocation Policy
This chosen policy decides how IoT device allocate to the IoT Hub, you can read my previous article on same to understand the details about the device allocation policies
Choose IoT Hub
DPS linked with multiple IoT Hubs, you can choose on which IoT hub device should register or you can let it decide by device allocation policy
Device Re-Provisioning Policy
There may be a requirement to re-provision the device, so during this process, it allows whether to keep the previous data or not.
Initial Device Twin State
The initial device twin allows storing the custom properties about the device or whatever you want. mostly device twin used to keep the device-related information such as the path of device upgrade package file or client details etc.
Example,
- {
- "tags": {},
- "properties": {
- "desired": {
- "devicetype": "waterflow",
- "client": "www.compilemode.com"
- }
- }
- }
Enable Entry
This option allows enabling to disable the enrollment entry
Now providing the all above details click on save, after successfully creating the enrollment entry the following notification will be shown
Now go to our created device provisioning service (DPS) instance and see the created enrollment entry as follows
In the preceding image, you see the registration id as my device which is come from the certificate common name (CN).
Device Enrollment Using Symmetric Key
Now choose the symmetric key attestation mechanism from the dropdown list and check on auto-generated keys as shown in the following image
Provide the required details as we did in the x.509 enrollment, in the symmetric key attestation mechanism we need to provide the registration id but in x.509 enrollment the registration id taken from the certificate common name (CN).
Now providing the all above details click on save, now go to our created device provisioning service (DPS) instance and see the created enrollment entry as follows
As shown in the preceding image we see the registration id reg100 is go added, follow the same steps for other types of attestation mechanism, and enroll the device
Add Group Enrollment