1

I am doing operations on azure DPS via REST apis. I am able to post a new provision successfully in "Create new individual enrollment", via REST API.The Url is used is, "https://name.azure-devices-provisioning.net/enrollments/registrationId?api-version=2019-03-31";. My current task is to update the certificate for an individual enrollment in DPS. I am extracting the body of the certificate and attaching it to the request body and doing the PUT operation. But I am getting an error saying "Enrollment already exists with different cert info". I am providing the content-type and authorization sas token as headers. And in request body, I am passing the eTag along. I guess I have cleared all the pre-requisites for an update operation. Please help me to understand if I am doing something wrong here. Thanks in advance!

Rakesh S
  • 31
  • 2

2 Answers2

0

For updating the individual enrollment in DPS you also have to add the etag value in the request header. The header property name for this is If-Match. For details see https://learn.microsoft.com/en-us/rest/api/iot-dps/createorupdateindividualenrollment/createorupdateindividualenrollment#request-headers

Anush
  • 43
  • 5
  • I did try adding etag as the value in If-Match and even i tried to keep it as *. Still I was getting the same error. Certificate updation is not happening via this method – Rakesh S Jan 23 '21 at 05:55
  • Can you please share the activity id for this request. – Anush Jan 25 '21 at 20:03
0

We can start by step by step process where I have successfully updated my x509 certificate with Azure DPS via REST API call. I hope this helps with your query.

Step1: Create the Individual Enrollment with the x509 certificate, pass it in base64 format. Please make a note of the 'eTag' value in the response.

61573-image.png

Verify In the Azure DPS portal. I see the thumbprint matches my x509 certificate.

61603-image.png

Step 2: Now time for updating the existing Enrollment with a new certificate. use the base64 format. use the "If-Match" in the request header and the value is the "eTag" obtained/copied from the previous step.

Below image shows the Request Header with the "If-match =eTag" for updating the existing entity. 61544-image.png

Finally, we can see the response is a success for the update operation.

61518-image.png

Verify In the Azure DPS portal. I see the thumbprint matches my new x509 certificate.

61588-image.png

Sample Request body, in case, if it is useful to anyone.

 {
  "attestation": {
         "type": "x509",
         "X509": {
            "clientCertificates": {
                                "primary":{
                                 "certificate":"base64 string of your cert"
                                 }
                                 }    
                                   }
     },
 "registrationId":"testenrollment10",
 "capabilities":{"iotEdge":false},
 "provisioningStatus": "enabled"
 }

Please leave your comment below to this response if you need further help in this matter.

SatishBoddu
  • 752
  • 6
  • 13