How to use a CA signed Certificate in Event Grid Namespace MQTT broker

Satyam Chauhan 607 Reputation points
2024-12-02T10:18:17.53+00:00

Hi,

I am using Azure Event Grid Namespace MQTT Broker and MQTTX application for testing the clients authentication using Self-signed certificates. It is working fine, clients are able to Publish to the topic spaces and other clients are able to Subscribe and receive messages using the Topic spaces. For this I created self-signed certificates using the openssl commands and authenticated using the Thumbprints. Followed mqtt-client-certificate-authentication.

Now I want the clients to be authenticated using CA signed certificate instead of Self-signed certificate as there can be large number of clients please help how can I do it with CA certificate. I have CA certificate from obtained from Entrust. There are various options to select the certificate type, I tried selecting the Apache(Windows) and downloaded the certificate. Then uploaded the chainBundle.crt in CA certificates of MQTT broker in Azure portal, the certificate subject is having a long value with spaces included. And while creating the client I tried to add the subject value as the client ID but it does not follow the azure policy.

Please provide any detailed documentation or article which I can refer as I don't have very good knowledge with certificates.

Azure Event Grid
Azure Event Grid
An Azure event routing service designed for high availability, consistent performance, and dynamic scale.
411 questions
0 comments No comments
{count} votes

Accepted answer
  1. Shireesha Eeraboina (Quadrant Resource LLC) 575 Reputation points Microsoft Vendor
    2024-12-02T13:54:38.8933333+00:00

    Hi @satyam chauhan ,

    Welcome to the Microsoft Q&A Platform!

    To use a CA signed certificate in Event Grid Namespace MQTT broker, you can follow these steps:

    1. Obtain the CA signed certificate: You mentioned that you have obtained a CA signed certificate from Entrust. Make sure you have the certificate file and any intermediate certificates that may be required.
    2. Upload the CA certificate to Azure: In the Azure portal, go to the Event Grid Namespace MQTT broker and navigate to the "CA certificates" section. Upload the chainBundle.crt file that contains the CA certificate and any intermediate certificates.
    3. Create a client certificate: You can use the openssl commands to create a client certificate signed by the CA certificate. Make sure to include the client's Common Name (CN) in the certificate subject.
    4. Upload the client certificate to Azure: In the Azure portal, go to the Event Grid Namespace MQTT broker and navigate to the "Client certificates" section. Upload the client certificate and any intermediate certificates.
    5. Configure the client to use the certificate: In the MQTTX application, configure the client to use the client certificate for authentication. You may need to specify the path to the certificate file and any required passwords.
    6. Test the client authentication: Test the client authentication by connecting to the MQTT broker and publishing or subscribing to a topic. Make sure the client is able to authenticate using the CA signed certificate.

    Below are the Documents for your references :https://zcusa.951200.xyz/en-us/azure/event-grid/mqtt-certificate-chain-client-authentication

    https://zcusa.951200.xyz/en-us/azure/event-grid/mqtt-client-authentication

    I hope this helps! Let me know if you have any further questions.

    Thank you.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.