Azure IoT Hub 連接資訊

# Azure IoT Hub 連接資訊 ## Table of Content 此文件是說明如何使用X.509的規範，讓裝置連上Azure IoT ### 若已經有憑證檔案，請直接跳至[在電腦上測試連接](#在電腦上測試連接) ### 如果沒有，但是只是要測試IoT端，直接下載[BG96 command 檔 + 憑證檔案](https://1drv.ms/u/s!ApFsvaxX_7jLv6N2Df_ptdDI1XgM0w?e=arHPqf) ### 透過Azure IoT Explore [驗證裝置是否能夠推送訊息至Azure以及從Azure 訂閱主題](#驗證傳送與接收訊息) --- ## 參數 / 連接字串 ### 格式 | Item | Value | Remark | | --------- | -------------------------------------------------------------------- | ------------------:| | Port | 8883 | | | client id | device id | | | host | {iod hub name}.azure-devices.net | Azure IoT Hub name | | username | {iod hub name}.azure-devices.net/{device id}/?api-version=2018-06-30 | | | password | SAS | | ### 測試資訊 | Item | Value | Remark | | --------- | ---------------------------------------------------------------- | ------------------:| | Port | 8883 | | | client id | BG96 | | | host | bms-iot-test.azure-devices.net | Azure IoT Hub name | | username | bms-iot-test.azure-devices.net/BG96/?api-version=2018-06-30 | | | password | GEnerate via SAS in Az console | | 生成 SAS(password) `az iot hub generate-sas-token -n bms-iot-test` ## 生產自我簽署 CA ### 1. 取得ca #### 直接在瀏覽器取得憑證 1. ![](https://i.imgur.com/I2SQUS7.gif) 下載憑證 4. ![](https://i.imgur.com/bMSt3jM.png) 切換到Detail , 按下 copy to file 6. ![](https://i.imgur.com/hQiVUqV.png) 下一步 7. ![](https://i.imgur.com/MRlHdK3.png) 選擇base 64 的編碼 9. ![](https://i.imgur.com/85of3a5.png) 存好，等等會用到 ## 使用 openssl 產生金鑰 #### 設定 openssl config 如果是用免安裝的openssl，還沒有設定 conf 的話，記得要下`set OPENSSL_CONF={OPEN SSL PATH}\openssl.cnf` 來指定 openssl 的path ### 1. 生產 ca 的 private key (pem file) `openssl genrsa -out mycakey.pem 2048` ### 2. 生產 myca.csr (csr file) `openssl req -new -key mycakey.pem -out myca.csr -subj "/C=CN/ST=myprovince/L=mycity/O=myorganization/OU=mygroup/CN=myCA"` ### 3. 自我簽署 ca certificate `openssl x509 -req -days 365 -sha1 -extensions v3_ca -signkey mycakey.pem -in myca.csr -out mycacert.pem` ## 生產驗證憑證 ### 1. 新增 certificate 上傳`mycacert.pem` ![](https://i.imgur.com/yqwgJcr.png) ### 2. 取得 print ![](https://i.imgur.com/v29dXCc.png) 替換掉CN ### 3. 產生 verificationCert.csr `openssl req -new -newkey rsa:2048 -nodes -subj "/CN=A0745D4F0BAC84E731F4A5BB2686494906EF823BE0ECB534/" -keyout ./verificationCert.key -sha256 -days 365 -out ./verificationCert.csr ` ![](https://i.imgur.com/3riYzM6.png) ### 4. 自我簽署 verificationCert `openssl x509 -req -in ./verificationCert.csr -CA ./mycacert.pem -CAkey ./mycakey.pem -CAcreateserial -out ./verificationCert.cer -days 365 -sha256` ![](https://i.imgur.com/gahjdBB.png) ![](https://i.imgur.com/sE8b16L.png) 上傳 verificationCert.cer ![](https://i.imgur.com/BXCLpOA.png) 可以看到有效期限已經更新，且status 會是已驗證 ## 生產 client CA ### 2. 生成ck.pem `openssl genrsa -out clientkey.pem 2048` ![](https://i.imgur.com/ZhuAVHj.png) ### 2. 生產 client.csr (csr file) `Openssl req -new -key clientkey.pem -out client.csr -subj "/C=CN/ST=myprovince/L=mycity/O=myorganization/OU=mygroup/CN=myClient"` ![](https://i.imgur.com/ZqrxZk6.png) ### 3. 自我簽署 CC `openssl x509 -req -days 365 -sha1 -extensions v3_req -CA ./mycacert.pem -CAkey ./mycakey.pem -CAserial ./.srl -in client.csr -out clientcert.pem` ![](https://i.imgur.com/TkgDTxM.png) ### 4.驗證 `Openssl verify -CAfile ./mycacert.pem clientcert.pem` ![](https://i.imgur.com/hFMS9Ti.png) ### 5.將 PEM 換成 CRT 格式 `openssl x509 -outform der -in ./clientcert.pem -out ./clientcert.crt` ![](https://i.imgur.com/aS2lKHM.png) ## 在Azure IoT Hub 內新增新裝置 ### 1.新增裝置選擇X.509 Self-Signed ![](https://i.imgur.com/uRO6nwF.png) ### 複製貼上 Thumbprint ![](https://i.imgur.com/5hqtgeP.png) primary 和 secondary 一樣就好 ![](https://i.imgur.com/XLpjEW4.png) 完成的話會長這樣 ![](https://i.imgur.com/zcNX6kE.png) ## 在電腦上測試連接 ### 在MQTT應用程式上測試 MQTT.fx ![](https://i.imgur.com/pq1tuz9.png) MQTTX ![](https://i.imgur.com/LsDO7Cv.png) ## 在 BG96 上測試與連接 ### 0. 打開 QCOM 並匯入azure.ini的command檔案 ![](https://i.imgur.com/buyQIMn.png) 照順序案就對了 ### 1. 訂閱 `AT+QMTSUB=3,1,"devices/BG96/messages/devicebound/#",1` ![](https://i.imgur.com/EYpfaNm.png) ### 2. 測試訂閱在Azure 端發送訊息給 device `{ "methodName": "reboot", "responseTimeoutInSeconds": 200, "payload": { "input1": "someInput", "input2": "anotherInput" } }` ### 3. 推送 `AT+QMTPUB=3,0,0,0,"devices/BG96/messages/events/" ` ![](https://i.imgur.com/bOGqHHX.png) ### 4. 中斷連線 `AT+QMTDISC=3` ### 5. Broker 狀態的變化當 +QMTSTAT的 Error code 變為 1 時，代表已與broker 斷開，這時候重新執行 QMTOPEN 即可 ## 驗證傳送與接收訊息 ### 事前準備 1. 下載[Azure IoT Explore ](https://github.com/Azure/azure-iot-explorer/releases) ![](https://i.imgur.com/7dgABBh.png) ### 與Azure IoT Hub 連接 2. 按下 Add connection , 貼上connection string | Connection String | | ------------------------------------------------------------------------------------------------------------------------------------- | | `HostName=bms-iot-test.azure-devices.net;SharedAccessKeyName=iothubowner;SharedAccessKey=W+euVPMmuxIloI1RluKRA8M/mDyiCCMSmHe9E/LZ7x8=`| ![](https://i.imgur.com/wXAD3oO.png) 3. 按下連接 ![](https://i.imgur.com/sWbZn4K.png) 4. 選擇　BG96 ![](https://i.imgur.com/nANB4Xp.png) ### 驗證推送訊息 ![](https://i.imgur.com/ZdTjHuo.png) #### 在QCOM中下推送指令 ![](https://i.imgur.com/8D4RWfe.png) ###### 注意：若推送的訊息沒有用「 "" 」包起來的話，會被Azure轉成 ANSCII CODE #### 測試結果 ![](https://i.imgur.com/UyyLnf1.png) ![](https://i.imgur.com/w2TSfMI.png) ### 驗證訂閱訊息 #### device 會以 uri param 的方式接收訊息 ![](https://i.imgur.com/waAmKfn.png) ![](https://i.imgur.com/66zW6Wb.png) ## Reference * [不使用Azure IoT Hub SDK 實作](https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-mqtt-support#example-in-c-using-mqtt-without-an-azure-iot-sdk) * [直接使用MQTT 的 protocol ](https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-mqtt-support#using-the-mqtt-protocol-directly-as-a-device) * [傳送訊息到Azure IoT Hub](https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-mqtt-support#sending-device-to-cloud-messages) PS :　將網址中的　en-us　換成 zh-cn 即可切換語系