关于 X.509 证书和 MXChip IoT DevKit 的问题

Question Regarding X.509 Certificates and MXChip IoT DevKit

我正在关注 Azure MXChip IoT DevKit DPS 的 MXChip IoT DevKit 的设备配置示例,并且对 X.509 证书有疑问。

当我按照示例操作时,一切正常。但是,当我更改设备上的代码并上传修改后的代码时,出现以下错误:

{"errorCode":401002,"trackingId":"3f308efd-9274-4a7a-8994-56781ce87942","message":"Invalid certificate.","timestampUtc":"2020-06-18T00:29:58.411225Z"}

经过进一步调查,我似乎每次更改代码时都必须创建一个新的 X.509 证书。这是正确的行为吗?我似乎找不到任何解释,希望有人能给我有关错误原因的信息。我猜它会在代码和证书之间进行 CRC 检查(或类似检查)以验证代码未被篡改。

有人可以验证一下吗? 谢谢

这是来自 Microsoft/azure-iot-developer-kit Gitter 论坛的回复。

Yes, the certificate that the MXChip presents to DPS/IoT Hub is effectively the signature of the actual binary, using the unique device secret as the key for signing. Therefore, everytime the binary code changes you will want to re-run the command line tool that can simulate the certificate that MXChip will automatically generate on the fly, and configure this cert in your DPS enrollment.