Added device connect with X509 information

Author: gsteve88

includes/iot-hub-howto-auth-device-cert-dotnet.md

@@ -0,0 +1,50 @@
+---
+title: How to connect a device to IoT Hub using a certificate (.NET)
+titleSuffix: Azure IoT Hub
+description: Learn how to connect a device to IoT Hub using a certificate and the Azure IoT Hub SDK for .NET.
+author: kgremban
+ms.author: kgremban
+ms.service: iot-hub
+ms.devlang: csharp
+ms.topic: include
+ms.manager: lizross
+ms.date: 11/19/2024
+ms.custom: mqtt, devx-track-csharp, devx-track-dotnet
+---
+
+1. Use [DeviceAuthenticationWithX509Certificate](/dotnet/api/microsoft.azure.devices.client.deviceauthenticationwithx509certificate) to create an object that contains certificate information that will be passed to `Create` (step 2).
+
+2. Use [Create](https://learn.microsoft.com/en-us/dotnet/api/microsoft.azure.devices.client.deviceclient.create?#microsoft-azure-devices-client-deviceclient-create(system-string-microsoft-azure-devices-client-iauthenticationmethod)) to connect the device to IoT Hub using a X.509 certificate.
+
+This example shows certificate input parameter values as local variables for clarity. In a production system, store sensitive input parameters in environment variables or another more secure storage location. For example, use `Environment.GetEnvironmentVariable("HOSTNAME")` to read the host name environment variable.
+
+```csharp
+RootCertPath = "~/certificates/certs/sensor-thl-001-device.cert.cer";
+Intermediate1CertPath = "";
+Intermediate2CertPath = "";
+DevicePfxPath = "~/certificates/certs/sensor-thl-001-device.cert.pfx";
+DevicePfxPassword = "1234";
+DeviceName = "MyDevice";
+HostName = "xxxxx.azure-devices.net";
+
+var chainCerts = new X509Certificate2Collection();
+chainCerts.Add(new X509Certificate2(RootCertPath));
+chainCerts.Add(new X509Certificate2(Intermediate1CertPath));
+chainCerts.Add(new X509Certificate2(Intermediate2CertPath));
+using var deviceCert = new X509Certificate2(DevicePfxPath, DevicePfxPassword);
+using var auth = new DeviceAuthenticationWithX509Certificate(DeviceName, deviceCert, chainCerts);
+
+using var deviceClient = DeviceClient.Create(
+    HostName,
+    auth,
+    TransportType.Amqp);
+```
+
+For more information about certificate authentication, see:
+
+* [Authenticate identities with X.509 certificates](/azure/iot-hub/authenticate-authorize-x509)
+* [Create and upload certificates for testing](/azure/iot-hub/tutorial-x509-test-certs)
+
+##### Code samples
+
+For a working sample of device X.509 certificate authentication, see [x509 device certificate with chain sample](https://github.com/Azure/azure-iot-sdk-csharp/tree/main/iothub/device/samples/how%20to%20guides/X509DeviceCertWithChainSample).

includes/iot-hub-howto-auth-device-cert-java.md

@@ -0,0 +1,51 @@
+---
+title: How to connect a device to IoT Hub using a certificate (Java)
+titleSuffix: Azure IoT Hub
+description: Learn how to connect a device to IoT Hub using a certificate and the Azure IoT Hub SDK for Java.
+author: kgremban
+ms.author: kgremban
+ms.service: iot-hub
+ms.devlang: java
+ms.topic: include
+ms.manager: lizross
+ms.date: 11/19/2024
+---
+
+To connect a device to IoT Hub using an X.509 certificate:
+
+1. Build the [SSLContext](https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLContext.html) object using [buildSSLContext](https://hc.apache.org/httpcomponents-core-4.4.x/current/httpcore/apidocs/org/apache/http/ssl/SSLContextBuilder.html)
+1. Add the `SSLContext` information to a [ClientOptions](/java/api/com.microsoft.azure.sdk.iot.device.clientoptions) object.
+1. Call [DeviceClient](/java/api/com.microsoft.azure.sdk.iot.device.deviceclient?view=azure-java-stable#com-microsoft-azure-sdk-iot-device-deviceclient-deviceclient(java-lang-string-com-microsoft-azure-sdk-iot-device-iothubclientprotocol-com-microsoft-azure-sdk-iot-device-clientoptions)) using the `ClientOptions` information to create the device-to-IoT Hub connection.
+
+This example shows certificate input parameter values as local variables for clarity. In a production system, store sensitive input parameters in environment variables or another more secure storage location. For example, use `Environment.GetEnvironmentVariable("PUBLICKEY")` to read a public key certificate string environment variable.
+
+```java
+private static final String publicKeyCertificateString =
+        "-----BEGIN CERTIFICATE-----\n" +
+        "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n" +
+        "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n" +
+        "-----END CERTIFICATE-----\n";
+
+//PEM encoded representation of the private key
+private static final String privateKeyString =
+        "-----BEGIN EC PRIVATE KEY-----\n" +
+        "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n" +
+        "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n" +
+        "-----END EC PRIVATE KEY-----\n";
+
+SSLContext sslContext = SSLContextBuilder.buildSSLContext(publicKeyCertificateString, privateKeyString);
+ClientOptions clientOptions = ClientOptions.builder().sslContext(sslContext).build();
+DeviceClient client = new DeviceClient(connString, protocol, clientOptions);
+```
+
+For more information about certificate authentication, see:
+
+* [Authenticate identities with X.509 certificates](/azure/iot-hub/authenticate-authorize-x509)
+* [Create and upload certificates for testing](/azure/iot-hub/tutorial-x509-test-certs)
+
+##### Code samples
+
+For working samples of device X.509 certificate authentication, see:
+
+* [Send-receive x509 sample](https://github.com/Azure/azure-iot-sdk-java/tree/main/iothub/device/iot-device-samples/send-receive-x509-sample)
+* [Send event x509](https://github.com/Azure/azure-iot-sdk-java/blob/main/iothub/device/iot-device-samples/send-event-x509/src/main/java/samples/com/microsoft/azure/sdk/iot/SendEventX509.java)

includes/iot-hub-howto-auth-device-cert-node.md

@@ -0,0 +1,47 @@
+---
+title: How to connect a device to IoT Hub using a certificate (Node.js)
+titleSuffix: Azure IoT Hub
+description: Learn how to connect a device to IoT Hub using a certificate and the Azure IoT Hub SDK for Node.js.
+author: kgremban
+ms.author: kgremban
+ms.service: iot-hub
+ms.devlang: python
+ms.topic: include
+ms.manager: lizross
+ms.date: 12/06/2024
+---
+
+Using the Node.js SDK, the X.509 certificate is attached to the device-to-IoT Hub connection transport.
+
+To configure a device-to-IoT Hub connection using an X.509 certificate:
+
+1. Call [fromConnectionString](/javascript/api/azure-iothub/client?view=azure-node-latest#azure-iothub-client-fromconnectionstring) to add the device connection string and transport type.
+1. Configure a JSON variable with certificate details and pass it to [DeviceClientOptions](/javascript/api/azure-iot-device/deviceclientoptions).
+1. Call [setOptions](/javascript/api/azure-iot-device/client?#azure-iot-device-client-setoptions-1) to add an X.509 certificate and key (and optionally, passphrase) to the client transport.
+1. Call [open](/javascript/api/azure-iothub/client?view=azure-node-latest#azure-iothub-client-open) to open the connection from the device to IoT Hub.
+
+This example shows certificate configuration information within a JSON variable. The certification configuration `options` are passed to `setOptions` and the connection is opened using `open`.
+
+```javascript
+var options = {
+   cert: myX509Certificate,
+   key: myX509Key,
+   passphrase: passphrase,
+   http: {
+     receivePolicy: {
+       interval: 10
+     }
+   }
+ }
+ client.setOptions(options, callback);
+ client.open(connectCallback);
+```
+
+For more information about certificate authentication, see:
+
+* [Authenticate identities with X.509 certificates](/azure/iot-hub/authenticate-authorize-x509)
+* [Create and upload certificates for testing](/azure/iot-hub/tutorial-x509-test-certs)
+
+##### Code samples
+
+For a working sample of device X.509 certificate authentication, see  [Simple sample device X.509](https://github.com/Azure/azure-iot-sdk-node/blob/main/device/samples/javascript/simple_sample_device_x509.js).

includes/iot-hub-howto-auth-device-cert-python.md

@@ -29,7 +29,7 @@ device_id = "MyDevice"
 # The X.509 certificate file name
 cert_file = "~/certificates/certs/sensor-thl-001-device.cert.pfx"
 key_file = "~/certificates/certs/sensor-thl-001-device.cert.key"
-# The certificate pass phrase is optional
+# The optional certificate pass phrase
 pass_phrase = "1234"
 
 x509 = X509(

includes/iot-hub-howto-file-upload-dotnet.md

@@ -31,6 +31,17 @@ Follow this procedure to upload a file from a device to IoT hub:
 
 ### Connect to the device
 
+A device app can authenticate with IoT Hub using the following methods:
+
+* X.509 certificate
+* Shared access key
+
+#### Authenticate using an X.509 certificate
+
+[!INCLUDE [iot-hub-howto-auth-device-cert-dotnet](iot-hub-howto-auth-device-cert-python.md)]
+
+#### Authenticate using a shared access key
+
 Call [CreateFromConnectionString](/dotnet/api/microsoft.azure.devices.client.deviceclient.createfromconnectionstring?#microsoft-azure-devices-client-deviceclient-createfromconnectionstring(system-string)) to connect to the device. Pass the device primary connection string.
 
 `AMQP` is the default transport protocol.

includes/iot-hub-howto-file-upload-java.md

@@ -37,7 +37,18 @@ File upload operations always use HTTPS, but [DeviceClient](/java/api/com.micros
 IotHubClientProtocol protocol = IotHubClientProtocol.MQTT;
 ```
 
-### Connect to the device
+### Connect a device to IoT Hub
+
+A device app can authenticate with IoT Hub using the following methods:
+
+* X.509 certificate
+* Shared access key
+
+#### Authenticate using an X.509 certificate
+
+[!INCLUDE [iot-hub-howto-auth-device-cert-java](iot-hub-howto-auth-device-cert-java.md)]
+
+#### Authenticate using a shared access key
 
 Instantiate the `DeviceClient` to connect to the device using the device primary connection string.
 

includes/iot-hub-howto-file-upload-python.md

@@ -47,7 +47,7 @@ from azure.storage.blob import BlobClient
 
 ### Connect a device to IoT Hub
 
-A device app can authenticate using the following methods:
+A device app can authenticate with IoT Hub using the following methods:
 
 * X.509 certificate
 * Shared access key