Changes

====DPS X.509 attestation====  

====DPS X.509 attestation====  

<ul>

<ul>

<div> 1. The initial step generating certificates. The Microsoft guide for generating certificates can be found [https://learn.microsoft.com/en-us/azure/iot-dps/tutorial-custom-hsm-enrollment-group-x509?pivots=programming-language-ansi-c#create-an-x509-certificate-chain here] which explains each step of the process in detail.

<div> 1. The initial step generating certificates. Refer to the Microsoft guide, section [https://learn.microsoft.com/en-us/azure/iot-dps/tutorial-custom-hsm-enrollment-group-x509?pivots=programming-language-ansi-c#create-an-x509-certificate-chain "''Create an X.509 certificate chain''"] for in depth information that explains each step of the process in detail.

The required certificates and keys:

The required certificates and keys:

<li> '''Devices certificates''' </li>

<li> '''Devices certificates''' </li>

2. After successfully generating the certificates return to the Azure portal page and navigate to your Azure IoT Hub Device Provisioning Service (DPS) page. From there proceed create an enrollment group. The Microsoft guide for creating enrollment groups can be found [https://learn.microsoft.com/en-us/azure/iot-dps/tutorial-custom-hsm-enrollment-group-x509?pivots=programming-language-ansi-c#create-an-enrollment-group here].

2. After successfully generating the certificates return to the Azure portal page and navigate to your Azure IoT Hub Device Provisioning Service (DPS) page. From there proceed create an enrollment group. Refer to the Microsoft guide, section [https://learn.microsoft.com/en-us/azure/iot-dps/tutorial-custom-hsm-enrollment-group-x509?pivots=programming-language-ansi-c#create-an-enrollment-group "''Create an enrollment group''"] for in depth information.

</div>

</div>

[[File:Azure RutOSconf 13.png|border|class=tlt-border]]

[[File:Azure RutOSconf 13.png|border|class=tlt-border]]

Inspecting the newly created enrollment group will reveal some keys. The primary key will be used to derive each individual device identity. This can be done using a simple script, which is available [https://learn.microsoft.com/en-us/azure/iot-dps/how-to-legacy-device-symm-key?tabs=linux&amp%3Bpivots=programming-language-ansi-c&pivots=programming-language-ansi-c#derive-a-device-key here]  

Inspecting the newly created enrollment group will reveal some keys. The primary key will be used to derive each individual device identity. This can be done using a script which is available on Microsoft DPS documentation [https://learn.microsoft.com/en-us/azure/iot-dps/how-to-legacy-device-symm-key?tabs=linux&amp%3Bpivots=programming-language-ansi-c&pivots=programming-language-ansi-c#derive-a-device-key here].

In the script, you will notice a couple of important variables: '''KEY''' and '''REG_ID'''. In the KEY field, you must specify the primary key, which can be obtained from the newly created enrollment group.

The script contains a couple of variables: '''KEY''' and '''REG_ID'''. The KEY field shall contain the primary key which is obtained from the newly created enrollment group. The '''REG_ID''' field specifies the device identity name that will be created. Upon executing the script a shared access key will be created.

[[File:Azure RutOSconf 14.1.png|border|class=tlt-border]]

[[File:Azure symm example 1.png|border|class=tlt-border]]

 

 

[[File:Azure_RutOSconf_15.png|border|class=tlt-border]]

Go back to the device WebUI '''Services -> Cloud Solutions -> Azure IoT Hub''' configuration page and add a new instance. In the configuration window select DPS connection type and Symmetric Key connection type.

Go back to the device WebUI '''Services -> Cloud Solutions -> Azure IoT Hub''' configuration page and add a new instance. In the configuration window select DPS connection type and Symmetric Key connection type.

<ul>

<ul>

<li> In the '''ID scope''' field, specify your Azure DPS service ID. This value can be retrieved from the DPS instance found on Azure Portal page or by following the earlier guides.</li>

<li> In the '''ID scope''' field specify your Azure DPS service ID. This value can be retrieved from the DPS instance found on Azure Portal page or by following the earlier guides from Microsoft.</li>

<li> In the '''Registration ID''' field enter the "REG_ID" value you specified in the script. For example, "wiki-newly-generated-device". </li>

<li> In the '''Registration ID''' field enter the "REG_ID" value that was specified in the earlier script.</li>

<li> In the '''Symmetric key''' field enter the output value of the script that was used earlier [https://learn.microsoft.com/en-us/azure/iot-dps/how-to-legacy-device-symm-key?tabs=linux&pivots=programming-language-ansi-c#derive-a-device-key here].</li>

<li> In the '''Symmetric key''' field enter the output value of the script that was used earlier].</li>

</ul>

</ul>

If you are following this guide your configuration window should look similar to the screenshot below.

If you are following this guide your configuration window should look similar to the screenshot below.

[[File:Azure_RutOSconf_16.png|border|class=tlt-border]]

 

[[File:Azure symm example 2 modified.png|border|class=tlt-border]]

After a few moments the device should establish connection to the Azure server.

After a few moments the device should establish connection to the Azure server.

Moreover, we can return to the IoT Hub services in the Azure portal and check the device list. There we will see that the DPS service has created a new device identity named the same as what we specified in the '''REG_ID''' field in the script earlier.

After returning to the IoT Hub services in the Azure portal page it can be observed that the DPS service has created a new device identity was named the same as what we specified in the '''REG_ID''' field in the script.

[[File:Azure_RutOSconf_18.png|border|class=tlt-border]]

 

[[File:Azure symm example 3.png|border|class=tlt-border]]

</ul>

</ul>

To determine the appropriate payload and method to use we provide an additional file currently called '''teltonikaGenericDevice.json'''. This file is written in '''Digital Twin Definition Language (DTDL)'''. To learn more about DTDLs and Digital Twins read about it in Microsoft documentation [https://learn.microsoft.com/en-us/azure/digital-twins/concepts-models here].

To determine the appropriate payload and method to use we provide an additional file currently called '''teltonikaGenericDevice.json'''. This file is written in '''Digital Twin Definition Language (DTDL)'''. To learn more about DTDLs and Digital Twins read about it in Microsoft documentation [https://learn.microsoft.com/en-us/azure/digital-twins/concepts-models here].

In this file you can see that it supports the api_call method, which accepts three values. The request body is optional, as some methods, such as the GET method, may not require it. JSON files can be downloaded  [[Media:Teltonika-dtmi-docs.zip|here]]

In this file you can see that it supports the api_call method, which accepts three values. The request body is optional, as some methods, such as the GET method, may not require it. JSON files can be downloaded  [[Media:Teltonika-dtmi-docs.zip|here]].

The IoT Explorer can be configured to parse DTDL files and display them to the user for easier work:

The IoT Explorer can be configured to parse DTDL files and display them to the user for easier work: