If you want to use a SHA1 fingerprint of the certificate that clients present to edge servers as a client ID, pay attention to the following tips and considerations:
To check the SHA1 value of a fingerprint in a client certificate, you can use the following command:
openssl x509 -in <cert_file.crt> -noout -fingerprint.
When extracting a fingerprint value from a client certificate, edge servers convert the fingerprint value so that it doesn't include a delimiting colon.
Important: To use a SHA1 fingerprint as a client ID:
- Convert the fingerprint to lowercase.
- Remove the colons between the digits.
Let's see an example:
SHA1 fingerprint as a client ID in the Mutual Authentication behavior of the IoT Edge Connect configuration
A piece of a client certificate showing a SHA1 fingerprint
Identity topic filter with a SHA1 fingerprint as a client ID
In this example, this SHA1 fingerprint value in a client certificate:
2D:F4:80:50:04:83:8A:C5:03:D5:69:89:BC:5F:1C:4A:CA:69:D6:25matches this client ID used to access the identity topic:
diagnostics/2df4805004838ac503d56989bc5F1c4ACa69d625. See Topic filters.
Updated about 2 years ago