401002 CA certificate not found - SDK - Microsoft.Azure.Devices.Provisioning.Client

0
OS - Windows 10
.net Environment - .net core 2.1
SDK - Microsoft.Azure.Devices.Client - 1.21.0
Microsoft.Azure.Devices.Provisioning.Client - 1.4.0
Microsoft.Azure.Devices.Provisioning.Transport.Amqp - 1.1.9
Microsoft.Azure.Devices.Provisioning.Transport.Http - 1.1.6
Microsoft.Azure.Devices.Provisioning.Transport.Mqtt - 1.1.8

Description of the issue

I'm trying to connect a simulated device (.net core console app) to IOT hub via azure Device Provisioning Service. This is based on x.509 cetificates (root+ intermediate certificate).

I created the enrolment group ok, then uploaded the root certificate and completed verification.

After that generated the device certificate from root certificate and tried to connect to IOT hub using sample code from below link:

https://github.com/Azure-Samples/azure-iot-samples-csharp/tree/master/provisioning/Samples/device/X509Sample

After having all setup when I tried to connect to IOT bub I'm getting below error, tried all protocol - Amqp,Http,Mqtt...

Microsoft.Azure.Devices.Provisioning.Client.ProvisioningTransportException
  HResult=0x80131500
  Message={"errorCode":401002,"trackingId":"408d5ad7-aa7c-45a1-b19a-e4af41ccf54b","message":"CA certificate not found.","timestampUtc":"2019-08-23T09:17:53.762099Z"}
  Source=<Cannot evaluate the exception source>
  StackTrace:
<Cannot evaluate the exception stack trace>

Below is the input to device client along with certificate: 

    private static string s_idScope = "0ne00074417";
    private const string GlobalDeviceEndpoint = "global.azure-devices-provisioning.net";
    private static string s_certificateFileName = "simulateddevicecert.pfx";

Is there anything missing in the setup that is causing this error? Also is there any REST API exposed by azure DPS to register device? (instead of using Azure Devices/Client SDK)

azure-iot-hub
asked on Stack Overflow Aug 23, 2019 by Bhupal • edited Aug 23, 2019 by Martin Evans

2 Answers

1

As shown here, please include the intermediate certificate as well in the certificate chain presented by the device.

The REST API docs for registering a device to DPS can be found here.

answered on Stack Overflow Aug 23, 2019 by Rajeev Vokkarne
0

In my case error 401002 was caused by mismatched deviceId and CN field in certificate which device used to authenticate.

answered on Stack Overflow Nov 23, 2020 by Misaz

User contributions licensed under CC BY-SA 3.0