Issue connecting with x509 auth, unknown variant certificateAuthority

[FaehnrichLE]

I'm trying to use identity service, but it says it fails with an unknown variant of certificateAuthority, when it expects none, sas, or x509.

It says at the start it can provision, but for a later connection it fails. I've looked at the config files and they seem right. I've tried both manual and DPS with my certificate and key file. I know the cert and key files work to connect to a device because I can connect to the device without an issue using the C SDK.

Where does this certificateAuthority come from, should it be something else? If anything probably x509 in my case.

Here's a sample of the log:

.
Sep 12 12:17:05 checkpoint-vm-test systemd[1]: Starting Azure IoT Identity Service API socket.
Sep 12 12:17:05 checkpoint-vm-test systemd[1]: Listening on Azure IoT Identity Service API socket.
Sep 12 12:17:05 checkpoint-vm-test systemd[1]: Started Azure IoT Identity Service.
Sep 12 12:17:05 checkpoint-vm-test aziot-identityd[95615]: 2023-09-12T16:17:05Z [INFO] - Starting service...
Sep 12 12:17:05 checkpoint-vm-test aziot-identityd[95615]: 2023-09-12T16:17:05Z [INFO] - Version - 1.4.5
Sep 12 12:17:05 checkpoint-vm-test aziot-identityd[95615]: 2023-09-12T16:17:05Z [INFO] - Provisioning starting. Reason: Startup
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- GET /keypair/device-id?api-version=2021-05-01 {"host": "keyd.sock"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-certd[37790]: 2023-09-12T16:17:05Z [INFO] - <-- GET /certificates/device-id?api-version=2020-09-01 {"host": "certd.sock"}
Sep 12 12:17:05 checkpoint-vm-test aziot-certd[37790]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-identityd[95615]: 2023-09-12T16:17:05Z [INFO] - Updated device info for EV-Charger-DEV-HW-00000001.
Sep 12 12:17:05 checkpoint-vm-test aziot-identityd[95615]: 2023-09-12T16:17:05Z [INFO] - Provisioning complete.
Sep 12 12:17:05 checkpoint-vm-test aziot-identityd[95615]: 2023-09-12T16:17:05Z [INFO] - Identity reconciliation started. Reason: Startup
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- POST /encrypt?api-version=2021-05-01 {"content-length": "976", "content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-identityd[95615]: 2023-09-12T16:17:05Z [INFO] - Could not reconcile Identities with current device data. Reprovisioning.
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- GET /keypair/device-id?api-version=2021-05-01 {"host": "keyd.sock"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-certd[37790]: 2023-09-12T16:17:05Z [INFO] - <-- GET /certificates/device-id?api-version=2020-09-01 {"host": "certd.sock"}
Sep 12 12:17:05 checkpoint-vm-test aziot-certd[37790]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- POST /parameters/algorithm?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- POST /parameters/rsa-modulus?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- POST /parameters/rsa-exponent?api-version=2021-05-01 {"content-length": "248", "content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-identityd[95615]: 2023-09-12T16:17:05Z [INFO] - Updated device info for EV-Charger-DEV-HW-00000001.
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - <-- POST /encrypt?api-version=2021-05-01 {"content-length": "976", "content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-keyd[37778]: 2023-09-12T16:17:05Z [INFO] - --> 200 {"content-type": "application/json"}
Sep 12 12:17:05 checkpoint-vm-test aziot-identityd[95615]: 2023-09-12T16:17:05Z [ERR!] - Failed to provision with IoT Hub, and no valid device backup was found: Hub client error
Sep 12 12:17:05 checkpoint-vm-test aziot-identityd[95615]: 2023-09-12T16:17:05Z [ERR!] - service encountered an error
Sep 12 12:17:05 checkpoint-vm-test aziot-identityd[95615]: 2023-09-12T16:17:05Z [ERR!] - caused by: Hub client error
Sep 12 12:17:05 checkpoint-vm-test aziot-identityd[95615]: 2023-09-12T16:17:05Z [ERR!] - caused by: unknown variant `certificateAuthority`, expected one of `none`, `sas`, `x509` at line 1 column 398
Sep 12 12:17:05 checkpoint-vm-test aziot-identityd[95615]: 2023-09-12T16:17:05Z [ERR!] -    0: <unknown>
Sep 12 12:17:05 checkpoint-vm-test aziot-identityd[95615]:    1: <unknown>
Sep 12 12:17:05 checkpoint-vm-test systemd[1]: aziot-identityd.service: Main process exited, code=exited, status=1/FAILURE
Sep 12 12:17:05 checkpoint-vm-test systemd[1]: aziot-identityd.service: Failed with result 'exit-code'.

[arsing]

It's probably the HTTP response from IoT Hub to a list modules request, which identityd makes to determine what modules Hub thinks should exist on the device.

https://github.com/Azure/iot-identity-service/blob/1b8827750c19fa9e119e639eeb3a419bfc4fd257/identity/aziot-cloud-client-async/src/hub/mod.rs#L127 -> https://github.com/Azure/iot-identity-service/blob/1b8827750c19fa9e119e639eeb3a419bfc4fd257/identity/aziot-identity-common/src/lib.rs#L237 -> https://github.com/Azure/iot-identity-service/blob/1b8827750c19fa9e119e639eeb3a419bfc4fd257/identity/aziot-identity-common/src/lib.rs#L199-L203

identityd wouldn't have created the module with that auth type. Did you configure it yourself out-of-band (Portal / az CLI) ?

[FaehnrichLE]

I'm connecting to the device, not one of its modules. But there is a module that I created through the Portal. And I did make it set as X.509 CA Signed: "This module identity is being authenticated through a CA Certificate."

I just now got rid of that CA signed module and made another through the portal but with self signed. That then gave me the error unknown variant selfSigned.

So I just delete all modules under that device, and identity service is now connected and I use it.

Thank you for pointing out it could be the module on it. You have saved me probably several more hours of frustration (however now that frustration is transferred to why this error or documentation couldn't have been more helpful.)