You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-hub/tutorial-x509-openssl.md
+4-4Lines changed: 4 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: kgremban
6
6
ms.service: iot-hub
7
7
services: iot-hub
8
8
ms.topic: tutorial
9
-
ms.date: 02/26/2021
9
+
ms.date: 02/24/2022
10
10
ms.author: kgremban
11
11
ms.custom: [mvc, 'Role: Cloud Development', 'Role: Data Analytics']
12
12
#Customer intent: As a developer, I want to be able to use X.509 certificates to authenticate devices to an IoT hub. This step of the tutorial needs to introduce me to OpenSSL that I can use to generate test certificates.
@@ -219,7 +219,7 @@ Submit the CSR to the root CA and use the root CA to issue and sign the subordin
219
219
220
220
## Step 7 - Demonstrate proof of possession
221
221
222
-
You now have both a root CA certificate and a subordinate CA certificate. You can use either one to sign device certificates. The one you choose must be uploaded to your IoT Hub. The following steps assume that you are using the subordinate CA certificate. To upload and register your subordinate CA certificate to your IoT Hub:
222
+
You now have both a root CA certificate and a subordinate CA certificate. You can use either one to sign device certificates. The one you choose must be uploaded to your IoT Hub. The following steps assume that you're using the subordinate CA certificate. To upload and register your subordinate CA certificate to your IoT Hub:
223
223
224
224
1. In the Azure portal, navigate to your IoTHub and select **Settings > Certificates**.
225
225
@@ -297,7 +297,7 @@ To generate a client certificate, you must first generate a private key. The fol
Create a certificate signing request (CSR) forthe key. You do not need to enter a challenge password or an optional company name. You must, however, enter the device IDin the common name field. You can also enter your own values for the other parameters such as **Country Name**, **Organization Name**, and so on.
300
+
Create a certificate signing request (CSR) forthe key. You don't need to enter a challenge password or an optional company name. You must, however, enter the device IDin the common name field. You can also enter your own values for the other parameters such as **Country Name**, **Organization Name**, and so on.
301
301
302
302
```bash
303
303
openssl req -new -key device.key -out device.csr
@@ -324,7 +324,7 @@ Check that the CSR is what you expect.
324
324
openssl req -text -in device.csr -noout
325
325
```
326
326
327
-
Send the CSR to the subordinate CA forsigning into the certificate hierarchy. Specify `client_ext`in the `-extensions` switch. Notice that the `Basic Constraints`in the issued certificate indicate that this certificate is not for a CA. If you are signing multiple certificates, be sure to update the serial number before generating each certificate by using the openssl `rand -hex 16 > db/serial` command.
327
+
Send the CSR to the subordinate CA forsigning into the certificate hierarchy. Specify `client_ext`in the `-extensions` switch. Notice that the `Basic Constraints`in the issued certificate indicate that this certificate isn't for a CA. If you're signing multiple certificates, be sure to update the serial number before generating each certificate by using the openssl `rand -hex 16 > db/serial` command.
328
328
329
329
```bash
330
330
openssl ca -config subca.conf -in device.csr -out device.crt -extensions client_ext
0 commit comments