Azure IoT hub - new DigiCert Global Root G2 root certificate

Hi
I had a working solution based on MKR 1010 that sent telemetry data to Azure IOT HUB that worked with Baltimore root certificate.

Now Microsoft decides to automatically migrate from Baltimore CyberTrust Root to **DigiCert Global G2 Root before October 2023 or you can do it yourself before to avoid last minute problems.

So I decided to migrate IOT HUB to DigiCert first by myself (to migrate there is a wizard on Azure console)

So in my MKR1010 I uploaded the new root cert by adding this url: global-root-g2.chain-demos.digicert.com:443

But now nothing works
mqtt connection return -2

Anyone have an idea?

If I restore Baltimora cert on azure iot hub, everything works again.

Thank you

We solve.
Hi

Reading this Cannot install library with Arduino IDE 2.0.3 - #8 by ptillisch I discover the problem is a bug in versione 2.x of Arduino IDE about wrong management of proxy (and for this wrong uploading of root certificate)

To solve it we had to manually fix file C:\Users<username>.arduinoIDE\arduino-cli.yaml
Arduino IDE didn't show a configuration proxy setted before.

Bye

Bye

Hi @supersor

I have referred your query in the forum.
I am using an MKR GSM 1400 to send some telemetry data.
So, migrating of certificate from Baltimore to digiCert is also done.
But when code is uploaded from Arduino 2.1.1 . I am too unable to connect to MQTT and error of Error: -2 is shown.

Can you please expand the steps you have taken to solve the problem.

Hi
Check your C:\Users.arduinoIDE\arduino-cli.yaml and verify proxy configuration is what you want.

Is it perhaps necessary to create a new certificate on the Arudino and then to deposit a new self-signed x.509 key?

I manually created new certificates and added them to the NBRootCerts.h file.
You can copy the complete file from here:
https://forum.arduino.cc/t/mkr-nb-1500-azure-iot-hub-new-digicert-global-root-g2-root-certificate/1118180/7?u=cabsteena

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.