我正在尝试将边缘设备用作透明网关。我已使用DPS常规步骤成功配置了边缘设备和下游设备。我正在使用X.509身份验证来对我的下游设备进行身份验证,但是由于某些原因,我无法对我的下游设备进行身份验证。
希望有人遇到这个问题并可以提供一些指导。
注意:
-我正在学习本教程-https://docs.microsoft.com/en-us/azure/iot-edge/how-to-create-transparent-gateway#install-certificates-on-the-gateway
-我正在使用iotedge存储库(https://github.com/Azure/iotedge.git)中的证书创建脚本
-在边缘设备本身和工作目录上创建证书是-“ C:\ Temp \ GWCerts”
-我的下游设备是在边缘设备本身上运行的应用程序
以下是我执行的步骤:
使用以下PowerShell命令创建根CA证书和中间证书:
New-CACertsCertChain rsa
使用以下命令创建IoT Edge设备CA证书和私钥:
New-CACertsEdgeDevice“ myedgedevice”
修改了IoT Edge安全配置文件(config.yaml),以将证书属性设置为:证书:
device_ca_cert:“ C:\ Temp \ GWCerts \ certs \ certs \ iot-edge-device-myedgedevice-full-chain.cert.pem”
device_ca_pk:“ C:\ Temp \ GWCerts \ private \ iot-edge-device-myedgedevice.key.pem”
trust_ca_certs:“ C:\ Temp \ GWCerts \ certs \ azure-iot-test-only.root.ca.cert.pem”
重启物联网
使用以下路由部署edgeHub和ai_insights模块:
“ sensorToAIInsightsInput1”:“ FROM / messages / *不在IS_DEFINED($ connectionModuleId)INTO BrokeredEndpoint(\“ / modules / ai_insights / inputs / input1 \”))“,
“ AIInsightsToIoTHub”:“从/消息/模块/ ai_insights / outputs / output1 INTO $上游”
已将根CA证书注册到我的IoT中心
使用以下命令创建下游设备证书:
New-CACertsDevice“ myfirstchilddevice”
使用DPS以编程方式创建IoT设备
一种。使用X509Attestation创建个人注册,如下所示:
using (var provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(provisioningConnectionString))
{
Attestation attestation = X509Attestation.CreateFromClientCertificates(new X509Certificate2(@"C:\Temp\GWCerts\certs\iot-device-myfirstchilddevice.cert.pem"));
IndividualEnrollment individualEnrollment = new IndividualEnrollment("myfirstchilddevice", attestation)
{
DeviceId = "myfirstchilddevice",
ProvisioningStatus = ProvisioningStatus.Enabled,
Capabilities = new DeviceCapabilities { IotEdge = false }
};
IndividualEnrollment individualEnrollmentResult = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false);
}
b。使用Provisioning Device Client注册的设备如下:
using (var security = new SecurityProviderX509Certificate(new X509Certificate2(@"C:\Temp\GWCerts\certs\iot-device-myfirstchilddevice.cert.pfx")))
{
using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
{
var provDeviceClient = ProvisioningDeviceClient.Create(GlobalDeviceEndpoint, IdScope, security, transport);
DeviceRegistrationResult result = await provDeviceClient.RegisterAsync().ConfigureAwait(false);
}
}
在门户网站上将此物联网设备myfirstchilddevice修改为将父设备设置为我的边缘设备
在本地计算机>受信任的根证书颁发机构
尝试将我的下游设备连接到IoT Edge网关,如下所示:
var auth = new DeviceAuthenticationWithX509Certificate("myfirstchilddevice", new X509Certificate2(@"C:\Temp\GWCerts\certs\iot-device-myfirstchilddevice.cert.pfx"));
DeviceClient deviceClient = DeviceClient.Create("myIotHub.azure-devices.net", "my-edgedevice", auth, TransportType.Amqp_Tcp_Only);
await deviceClient.SendEventAsync(new Message(Encoding.UTF8.GetBytes("Test Message"))).ConfigureAwait(false);
SendEventAsync调用出现异常,以下是异常:
Unhandled Exception: System.AggregateException: One or more errors occurred. (TLS authentication error.) ---> System.Security.Authentication.AuthenticationException: TLS authentication error. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__46_2(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.Azure.Amqp.TaskHelpers.EndAsyncResult(IAsyncResult asyncResult)
at Microsoft.Azure.Amqp.Transport.TlsTransport.HandleOpenComplete(IAsyncResult result, Boolean syncComplete)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.Azure.Amqp.AsyncResult.End[TAsyncResult](IAsyncResult result)
at Microsoft.Azure.Amqp.AmqpObject.OpenAsyncResult.End(IAsyncResult result)
at Microsoft.Azure.Amqp.AmqpObject.EndOpen(IAsyncResult result)
at Microsoft.Azure.Amqp.Transport.TlsTransportInitiator.HandleTransportOpened(IAsyncResult result)
at Microsoft.Azure.Amqp.Transport.TlsTransportInitiator.OnTransportOpened(IAsyncResult result)
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.Azure.Devices.Client.Transport.Amqp.AmqpConnector.InitializeTransport(TimeSpan timeout)
at Microsoft.Azure.Devices.Client.Transport.Amqp.AmqpConnector.OpenConnectionAsync(TimeSpan timeout)
at Microsoft.Azure.Devices.Client.Transport.Amqp.AmqpConnectionHolder.EnsureConnection(TimeSpan timeout)
at Microsoft.Azure.Devices.Client.Transport.Amqp.AmqpConnectionHolder.AmqpSessionCreator(DeviceIdentity deviceIdentity, ILinkFactory linkFactory, AmqpSessionSettings amqpSessionSettings, TimeSpan timeout)
at Microsoft.Azure.Devices.Client.Transport.Amqp.AmqpUnit.OpenAsync(TimeSpan timeout)
at Microsoft.Azure.Devices.Client.Transport.Amqp.AmqpTransportHandler.OpenAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.ProtocolRoutingDelegatingHandler.OpenAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.<>c__DisplayClass22_0.<<ExecuteWithErrorHandlingAsync>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.ExecuteWithErrorHandlingAsync[T](Func`1 asyncOperation)
--- End of inner exception stack trace ---
at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.ExecuteWithErrorHandlingAsync[T](Func`1 asyncOperation)
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.<>c__DisplayClass32_0.<<OpenAsyncInternal>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.EnsureOpenedAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.<>c__DisplayClass14_0.<<SendEventAsync>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.SendEventAsync(Message message, CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.InternalClient.SendEventAsync(Message message)
at Microsoft.Azure.Devices.Edge.Samples.EdgeDownstreamDevice.Program.SendEvents(DeviceClient deviceClient, Int32 messageCount) in C:\Temp\iotedge\samples\dotnet\EdgeDownstreamDevice\Program.cs:line 215
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait()
at Microsoft.Azure.Devices.Edge.Samples.EdgeDownstreamDevice.Program.Main() in C:\Temp\iotedge\samples\dotnet\EdgeDownstreamDevice\Program.cs:line 84
更新:
我能够连接叶子设备的唯一方法是-手动创建叶子设备并使用Mqtt协议。
如果该设备是使用常规DPS步骤创建的,并且手动将其父设备设置为叶设备,则该设备将无法连接(尝试使用Amqp和Mqtt)。