Guidelines
Here you'll find guidelines on how to set up your IoT configuration and client certificate when authenticating and authorizing clients with mutual authentication.
Serial number as an authorization group
If you want to use a serial number of the certificate that clients present to edge servers as an authorization group, pay attention to the following tips and considerations:
-
Edge servers use hexadecimal notation when performing operations on serial numbers extracted from client certificates.
-
To check the hexadecimal value of a serial number in a client certificate, you can use the following command:
openssl x509 -in <cert_file.crt> -noout -text -serial
. -
Important: To use a serial number as an authorization group in the access control lists of your namespace configuration:
- Convert the serial number to lowercase.
- If present, remove the
0x
prefix from the serial number value.
Let's see an example:
Serial number as an authorization group in the Mutual Authentication behavior of the IoT Edge Connect configuration
A piece of a client certificate showing a serial number in hexadecimal notation
93:e8:35:81:7c:5b:6d:77:6f:ab:e3:3c:b7:f4:41:34:ff:30:
35:54:71:43:28:40:5f:8f:d2:34:ac:79:a7:1c:a7:9e:77:70:
46:22:b8:ea:60:31:98:10:e3:b9:ef:a7:72:86:63:f2:10:8d:
5f:bc:59:7a:4e:9d:be:fd
serial=FAED42417F79A88D
Serial number as an authorization group in the access control lists of the namespace configuration
In this example, this serial number value in a client certificate: FAED42417F79A88D
matches this authorization group in the namepsace configuration: faed42417f79a88d
.
See also:
Updated over 1 year ago