-
Notifications
You must be signed in to change notification settings - Fork 457
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatic EST certificate retrieval does not work on Ubuntu 22.04 #6973
Comments
This appears to be a known issue with openssl 3 (which is what's different about Ubuntu 22.04). We have seen this before. There's nothing we can do except wait for it to be fixed in openssl. |
@ggjjj is this the part where you can tell it's an openssl issue?
Does this mean that EST is a non-starter for Ubuntu 22.04, always? CC @gordonwang0 |
Gordon mentioned it as openssl issue |
Once this issue is fixed openssl/openssl#20161 it should work |
@gcobanhelin - it looks like we have a dependency on another issue, do you want to keep this issue open or close this issue, track the dependent issue and circle back on this one as needed? |
@ggjjj the openSSL issue was fixed yesterday (openssl/openssl#20161). What is the next step? |
With the fix, this issue should resolve as per @gordonwang0 |
Update: We need to wait for the next openssl release and also the updated openssl to be published to the package repositories. |
@gcobanhelin Closing the issue as the OpenSSL issue was fixed. The team that made the fix needs to produce the package and there is no further actions on IoT Edge team side. |
Writing this a a coworker of gcobanhelin, the inital starter of the topic. Please reopen this issue as it was fixed in openSSL but not in the ubuntu release. if so, this should be on the iotedge website as an install step in my opinion. any help appreciated. |
Expected Behavior
Using a valid bootstrap certificate and the right config file, IoT Edge should automatically get the device-id and est-id certificate from our EST endpoint and then provision with DPS. We have a working setup on Ubuntu 18.04, Ubuntu 20.04 and Debian Buster/Bullseye.
Current Behavior
IoT Edge cannot get any certificate, /var/lib/aziot/certd/certs is empty. iotedge system logs gives an error (see logs) and edge agent is not running.
Steps to Reproduce
Context (Environment)
Output of
iotedge check
Click here
Device Information
Runtime Versions
iotedge version
]: 1.4.9docker version
]: 20.10.23+azure-2Logs
aziot-edged logs
Additional Information
We are often getting the timeout in 'iotedge check' for the check 'configuration has correct URIs for daemon mgmt endpoint', also for our devices that the EST issuance works on
The text was updated successfully, but these errors were encountered: