Same X.509 in Azure APIM and IOT DPS

Question

I am trying to use same X.509 device certificate for authenticating IOT DPS and API management. Problem is DPS docs mentioning - registation_id of the device must match the subject common name in the device certificate, So we need to put unique ID in each device certificate then DPS provisioning works well.

But if we try to use same certificate in APIM , It is not working. APIM expecting common name has to be same for root, intermediate and client certificates. (I am using our domain name as common name).

Please let me know how I can modify APIM policy to use same client certificate on both APIM and DPS.

Answer 1

It not best you use same certificate for DPS and
API Management services.
One way is to add it Polices.
I followed this reference I for creating and uploading Thumbprint .

In policies

<inbound>
    <base />
    <set-header name="Authorization" exists-action="override">
        <value>Bearer {base64 encoded certificate}</value>
    </set-header>
</inbound>

Adding certificate API Management service

az iot dps enrollment create --dps-name {dps_name} --enrollment-id {domain_name}-{registration_id} --certificate-path {path_to_your_certificate}

we have to change unique ID since the Registration ID must match the subject common name on selected certificates.

Other Reference :
. I Referred for X.509