Why is this important? Because the goal here is to use this "high assurance" client certificate to authenticate the Azure Sphere device to the Azure IoT Edge server and pass it telemetry or other data. This ensures a secure authentication method as opposed to static hardcoded passwords.
A couple of other things to remember for this demo:
The Azure Sphere device must be able to communicate to the internet in order to perform DAA, obtain OS updates and other AS3 service communications.
The Azure Sphere device must also have an explicit entry in the application manifest in order to communicate with the IoT Edge server:
A list of DNS host names or IP addresses (IPv4) to which the application is allowed to connect. If the application uses an Azure IoT Hub, the list must include the IP address or DNS host name for the hub, typically hub-name.azure-devices.net. Port numbers and wildcard characters in names and IP addresses are not accepted.
For the chain and private key use the "edge_ca" section
# ============================================================================== # Edge CA certificate # ============================================================================== # # If you have your own Edge CA certificate that you want all module certificates # to be issued by, uncomment this section and replace the values with your own. # [edge_ca] cert = "file:///edge_certs/iot-edge-device-ca-spatDeviceCA-full-chain.cert.pem" pk = "file:///edge_certs/iot-edge-device-ca-spatDeviceCA.key.pem"