Share via

How can you see if a device is connected with the primary or secondary certificate in IoT Central

Oetze van den Broek 131 Reputation points
2025-03-19T10:49:03.6366667+00:00

We are currently replacing some intermediate and device certificates for our devices in IoT Central.

We use a device connection group where the primary and secondary certificate are set.

I've succesfully updated one certificate and connected with it. But it's hard to for to see with what certificate (primary or secondary) the device is connected.

In the device connections groups option on the device page it is also showing the old thumbprints (see image) User's image

I've replaced the primary certificate, which has a thumbprint which starts with 4E

Is there a way to see what the current used certificate (thumbprint) is?

The devices are in the field and i don't want to update the firmware to achieve the result.

Azure IoT Central
Azure IoT Central
An Azure hosted internet of things (IoT) application platform.
375 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Manas Mohanty 3,700 Reputation points Microsoft External Staff Moderator
    2025-03-19T13:26:44.5466667+00:00

    Hi Oetze van den Broek

    You can use "Export devices" Option to get below details for all selected devices in Devices menu.

    • IOTC_DEVICEID
    • IOTC_DEVICENAME
    • IOTC_SASKEY_PRIMARY
    • IOTC_SASKEY_SECONDARY
    • IOTC_X509THUMBPRINT_PRIMARY
    • IOTC_X509THUMBPRINT_SECONDARY

    Here are the steps

    1. Choose Devices on the left pane.
    2. On the left pane, choose the device template from which you want to export the devices.
    3. Select the devices that you want to export and then select the Export action.
    4. The export process starts. You can track the status using the Device Operations panel.
    5. When the export completes, a success message is shown along with a link to download the generated file.
    6. Select the Download File link to download the file to a local folder on the disk.Screenshot that shows a successful device export. User's image

    Reference -Manage Devices in Bulk

    Hope it helps address the issue.

    Please don’t forget to Accept Answer and Yes for "was this answer helpful" wherever the information provided helps you, this can be beneficial to other community members.

    Thank You.

    0 comments
  2. Sander van de Velde | MVP 36,236 Reputation points MVP Moderator
    2025-03-19T20:45:27.2366667+00:00

    Hello @Oetze van den Broek ,

    welcome to this moderated Azure community forum.

    Azure IoT Central is based on common Azure PaaS resources like the Azure IoT Hub and the Azure Device Provisioning Service.

    For as far as I know, the device client logic choses the key/certificate to use and does not expose the actual key/certificate being used.

    The export only shows the administration of devices, not the actual usage of keys.

    The normal procedure is to roll on of the two keys/certificate so the client is forced to use the other one. This makes it hard for hackers to follow the rolling of keys.

    Because the device client logic in the app knows which one is use, you could provide extra custom startup data when the device connects.

    If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.