Problems with https when connecting Netduino W3 to Azure IOT Hub

Heinrich_Braasch · August 15, 2018, 1:29am

The Netduino W3 is marketed as an excellent device for IOT, so why is it so difficult to connect with Azure IOT Hub?
I could not find any sample code on the Wilderness Labs site to assist.

To start I’m trying to simply send events to the Azure IOT Hub…

I’m using code from the Azure-Samples/azure-iot-samples-csharp GitHub repository:

github.com

Azure/azure-iot-sdk-csharp/blob/master/iothub/device/samples/NetMFDeviceClientHttpSample_43/Program.cs

using Microsoft.Azure.Devices.Client;
using Microsoft.SPOT;
using System;
using System.Text;
using System.Threading;

namespace MFTestApplication
{
    public class Program
    {
        // String containing Hostname, Device Id & Device Key in one of the following formats:
        //  "HostName=<iothub_host_name>;DeviceId=<device_id>;SharedAccessKey=<device_key>"
        //  "HostName=<iothub_host_name>;CredentialType=SharedAccessSignature;DeviceId=<device_id>;SharedAccessSignature=SharedAccessSignature sr=<iot_host>/devices/<device_id>&sig=<token>&se=<expiry_time>";
        private const string DeviceConnectionString = "<replace>";

        private static int MESSAGE_COUNT = 5;

        public static void Main()
        {
            try

This file has been truncated. show original

I had to include the applicable azure library source code into my solution because I could not get a NetMF ready Nuget equivalent for ‘Microsoft.Azure.Devices.Client’.
This NETMF library was found at C:\Downloads\NetDuino\azure-iot-sdk-csharp-master\iothub\device\src.NetMF in the Azure IOT SDK.

Now, my problem… Once I send the event command, the app fails inside the library at the first ‘webRequest.GetRequestStream’ command it encounters, and I think its because of SSL authentication issues.
The reason for thinking so is the errormessage, and an old (2015) Netduino forum topic I came across (http://forums.netduino.com/index.php?/topic/12141-ssl-not-working/):
Microsoft.SPOT.Net.Security.SslStream::Authenticate
Microsoft.SPOT.Net.Security.SslStream::AuthenticateAsClient
System.Net.HttpWebRequest::EstablishConnection
System.Net.HttpWebRequest::SubmitRequest
System.Net.HttpWebRequest::GetRequestStream

I looks as if the url used to communicate with Azure uses https, and the necessary Azure certificate is not present on the Netduino.
I then tried to add the Azure ‘DigiCertBaltimoreRoot’ certificate to the webRequest object using the following code.
webRequest.HttpsAuthentCerts = new X509Certificate[] {
new X509Certificate(‘Certificate string converted to byte array’)};
I could not get it to work, and I’m now out of ideas.

Please, can someone show me how to get a Netduino to talk to the Azure IOT HUB?

bryancostanich · August 15, 2018, 2:36am

Embarrassingly, it’s an issue with SSL. SSL and Azure used to work, until they upgraded their SSL.

We have an issue filed here and we’ve been working on it as part of the 4.4 firmware updates, which you can follow here.

Heinrich_Braasch · August 15, 2018, 4:59am

Glad to see its being addressed. Thanks for the fast response.

In the meanwhile, can’t somebody show us a temporary workaround…
Maybe on the line of adding an Azure certificate to the WebRequest certs? Or something else…

Heinrich_Braasch · August 15, 2018, 5:11am

I’d like to continue looking for alternative short-term solutions.
Unfortunately my attempt to load a certificate from a text string appears to be dodgy.

After doing this:

byte[] certificate1 = Convert.FromBase64String(@“MIIFtDCCBJygAwIBAgIQCLh6UBu+nNotFk0+OV…etc”);
var certificate = new X509Certificate(certificate1);
webRequest.HttpsAuthentCerts = new X509Certificate[] { certificate };

When inspecting the properties of ‘certificate’, they are either empty, null or nonsensical. So I must be doing something wrong in this early stage.

If someone can point me in the right direction on how to create the certificate, I can at least investigate further.

Thanks