You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-edge/tutorial-configure-est-server.md
+15-6Lines changed: 15 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@ title: Tutorial - Configure Enrollment over Secure Transport Server (EST) for Az
3
3
description: This tutorial shows you how to set up an Enrollment over Secure Transport (EST) server for Azure IoT Edge.
4
4
author: PatAltimore
5
5
ms.author: patricka
6
-
ms.date: 11/07/2024
6
+
ms.date: 03/10/2025
7
7
ms.topic: tutorial
8
8
ms.service: azure-iot-edge
9
9
services: iot-edge
@@ -23,8 +23,6 @@ This tutorial walks you through hosting a test EST server and configuring an IoT
23
23
> * Configure DPS group enrollment
24
24
> * Configure device
25
25
26
-
:::image type="content" source="./media/tutorial-configure-est-server/est-procedure.png" alt-text="Diagram showing high-level overview of the three steps needed to complete this tutorial.":::
27
-
28
26
## Prerequisites
29
27
30
28
* An existing IoT Edge device with the [latest Azure IoT Edge runtime](how-to-update-iot-edge.md) installed. If you need to create a test device, complete [Quickstart: Deploy your first IoT Edge module to a virtual Linux device](quickstart-linux.md).
@@ -68,7 +66,7 @@ The Dockerfile uses Ubuntu 18.04, a [Cisco library called `libest`](https://gith
68
66
> If you want to host your EST server in Azure Container Instance, change `myestserver.westus.azurecontainer.io` to the DNS name of your EST server. When choosing a DNS name, be aware the DNS label for an Azure Container instance must be at least five characters in length.
69
67
70
68
```dockerfile
71
-
# DO NOT USE IN PRODUCTION - Use only for testing #
69
+
# DO NOT USE IN PRODUCTION - Use only for testing
72
70
73
71
FROM ubuntu:18.04
74
72
@@ -83,11 +81,22 @@ The Dockerfile uses Ubuntu 18.04, a [Cisco library called `libest`](https://gith
83
81
84
82
# Setting the root CA expiration to 20 years
85
83
RUN sed -i "s|-days 365|-days 7300 |g" ./createCA.sh
86
-
84
+
85
+
## If you want to use the EST server to issue Edge CA certificates,
86
+
## uncomment the RUN sed section after this comment block.
87
+
## IMPORTANT:
88
+
## DO NOT issue Edge CA certificates in production.
89
+
## For production, use digital certificates from a trusted CA.
90
+
## Using EST for Edge CA is for demonstration and learning purposes only.
91
+
##
92
+
# RUN sed -i "s|basicConstraints=CA:FALSE|basicConstraints=critical,CA:TRUE,pathlen:0|g" ./estExampleCA.cnf && \
93
+
# sed -i "s|keyUsage=digitalSignature|keyUsage=critical,digitalSignature,keyCertSign|g" ./estExampleCA.cnf && \
94
+
# sed -i "s|authorityKeyIdentifier=keyid|authorityKeyIdentifier=keyid:always|g" ./estExampleCA.cnf
95
+
87
96
## If you want to host your EST server remotely (for example, an Azure Container Instance),
88
97
## change myestserver.westus.azurecontainer.io to the fully qualified DNS name of your EST server
89
98
## OR, change the IP address
90
-
## and uncomment the corresponding line.
99
+
## and uncomment the corresponding lines.
91
100
# RUN sed -i "s|DNS.2 = ip6-localhost|DNS.2 = myestserver.westus.azurecontainer.io|g" ./ext.cnf
92
101
# RUN sed -i "s|IP.2 = ::1|IP.2 = <YOUR EST SERVER IP ADDRESS>|g" ./ext.cnf
0 commit comments