Your company operates solar farms at several sites.
The farms are equipped with hundreds of smart sensors that need to be connected to an Azure IoT infrastructure.
An IoT Hub shall be used, with the sensors from different sites using X.509 authentication.
You need to set up bulk enrollment of the devices in DPS and configure the use of the certificates.The root certificate is uploaded to IoT Hub and the enrollment groups have their intermediate certificates.
What data need the devices to send to successfully authenticate in the DPS?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A.
Option A is CORRECT because the device should present the whole certificate chain from its unique leaf certificate up to the verified top-level (root) certificate.
Option B is incorrect because the chain of trust must contain the whole chain of certificates from the leaf up to the verified certificate, i.e.
the certificate on the IoT Hub.
Authentication will fail.
Option C is incorrect because the chain of trust must contain the whole chain of certificates from the leaf up to the verified certificate, i.e.
the certificate on the IoT Hub.
Authentication will fail.
Option D is incorrect because the device certificate is signed with the intermediate, therefore it also must be provided as part of the whole chain of trust.
Reference:
In order to authenticate with the Azure IoT Hub, devices must be enrolled in the Azure Device Provisioning Service (DPS) using X.509 certificates. Bulk enrollment of the devices can be done in DPS, and the use of certificates can be configured to ensure secure communication with the IoT Hub.
According to the scenario provided, the root certificate is already uploaded to the IoT Hub, and the enrollment groups have their intermediate certificates. This means that devices need to send specific data to successfully authenticate in the DPS.
Option A suggests that devices need to send the root certificate of the IoT Hub, intermediate certificate, and device certificate. This option is incorrect because the intermediate certificate of the enrollment group is missing.
Option B suggests that devices need to send the intermediate certificate of the corresponding enrollment group and device certificate. This option is correct because the enrollment groups have their intermediate certificates, which are required for devices to authenticate in the DPS.
Option C suggests that devices only need to send their device certificate. This option is incorrect because the intermediate certificate of the enrollment group is required.
Option D suggests that devices need to send the root certificate of the IoT Hub and device certificate. This option is incorrect because the intermediate certificate of the enrollment group is missing.
Therefore, the correct answer is B: Intermediate certificate of the corresponding enrollment group; device certificate.