You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-edge/tutorial-configure-est-server.md
+7-3Lines changed: 7 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,11 +15,11 @@ services: iot-edge
15
15
16
16
With Azure IoT Edge, you can configure your devices to use an Enrollment over Secure Transport (EST) server to manage x509 certificates.
17
17
18
-
This tutorial walks you through hosting a test EST server and configuring an IoT Edge device for the enrollment and renewal of x509 certificates. In this tutorial, you learn how to:
18
+
This tutorial walks you through hosting a test EST server and configuring an IoT Edge device for the enrollment and renewal of device identity x509 certificates. In this tutorial, you learn how to:
19
19
20
20
> [!div class="checklist"]
21
21
>
22
-
> * Create and host a test EST server
22
+
> * Create and host a test EST server for device identity certificates
23
23
> * Configure DPS group enrollment
24
24
> * Configure device
25
25
@@ -41,7 +41,9 @@ Enrollment over Secure Transport (EST) is a cryptographic protocol that automate
41
41
For certificate issuance and renewal, you need an EST server accessible to your devices.
42
42
43
43
> [!IMPORTANT]
44
-
> For enterprise grade solutions, consider: [GlobalSign IoT Edge Enroll](https://www.globalsign.com/en/iot-edge-enroll) or [DigiCert IoT Device Manager](https://www.digicert.com/iot/iot-device-manager).
44
+
> For production, use [GlobalSign IoT Edge Enroll](https://www.globalsign.com/en/iot-edge-enroll) or [DigiCert IoT Device Manager](https://www.digicert.com/iot/iot-device-manager).
45
+
>
46
+
> For more information using GlobalSign's EST service, see [Automatic IoT Edge Certificate Management with GlobalSign EST](https://techcommunity.microsoft.com/blog/iotblog/automatic-iot-edge-certificate-management-with-globalsign-est/4384385).
45
47
46
48
For testing and development, you can use a test EST server. In this tutorial, we'll create a test EST server.
47
49
@@ -87,6 +89,8 @@ The Dockerfile uses Ubuntu 18.04, a [Cisco library called `libest`](https://gith
87
89
## IMPORTANT:
88
90
## DO NOT issue Edge CA certificates in production.
89
91
## For production, use digital certificates from a trusted CA.
92
+
## See https://techcommunity.microsoft.com/blog/iotblog/automatic-iot-edge-certificate-management-with-globalsign-est/4384385
93
+
##
90
94
## Using EST for Edge CA is for demonstration and learning purposes only.
91
95
##
92
96
# RUN sed -i "s|basicConstraints=CA:FALSE|basicConstraints=critical,CA:TRUE,pathlen:0|g" ./estExampleCA.cnf && \
0 commit comments