Prerequiste
The prerequisite for Azure IoT Edge Transparent Gateway is to run through this tutorial to deploy Azure IoT Edge Runtime to your device. I used Raspberry Pi, and then referred to ARM32v7/armhf instruction.
https://docs.microsoft.com/en-us/azure/iot-edge/how-to-install-iot-edge-linux-arm
It is successful when you see edgeHub and edgeAgent are running on Raspberry Pi.
1. The gateway device settings (Raspberry Pi)
Then go through this instruction.
https://docs.microsoft.com/en-us/azure/iot-edge/how-to-create-transparent-gateway-linux
1.1
Choose a certain directory you want to work on, and download this to create your own X509 certificate at Raspberry Pi.
1.2
Create CERTDIR directory somewhere and copy all necessary files from the directory you downloaded from github, and make certGen.sh executable.
1.3
Create owner CA certificate and intermediate certificate by command below.
1.4
Next step is very tricky. The instruction mentions "DO NOT use a name that is the same as the gateway's DNS host name", but I did not get what this means. After having many trials, I used Raspberry Pi's local IP address as the gateway name here. The IP address should be fixed in this way. This does not look good, but I would discuss this later.
1.5
Then, create a certificate chain integrating certificates you prepared above. "azure-iot-test-only.root.ca.cert.pem" is generated.
cat ./certs/new-edge-device.cert.pem ./certs/azure-iot-test-only.intermediate.cert.pem ./certs/azure-iot-test-only.root.ca.cert.pem > ./certs/new-edge-device-full-chain.cert.pem
Open the yaml file
Change certificates and hostname
2. The downstream device settings (Windows 10 Surface)
2.1
Next step is to install certificate to the downstream device, which is Windows 10 Surface Book in this case. All above so far is done on Raspberry Pi, but here you work on Surface Book with Windows 10.
Copy "azure-iot-test-only.root.ca.cert.pem" from Raspberry Pi to Surface. I just copied the text like below from Bash windows connected to Raspberry Pi through SSH, and paste to a newly created text file and change the name and extension to "azure-iot-test-only.root.ca.cert.pem".
2.2
1. Navigate to "Manage Computer Certificates" application
2. Right click "Certificates - Local Computer > Trusted Root Certification Authorities > Certificates"
3. All Tasks > Import
4. Go through with the instruction and choose the file "azure-iot-test-only.root.ca.cert.pem" in the Windows 10 local folder
5. You can see the message "Successfully imported"
2.3
For the downstream device sending messages to the gateway, I use Visual Studio 2017 and .NET Core and Azure IoT Device SDK. You can use this sample below just for a connection trial. Put "Hostname" from IoT Hub, "DeviceId" from IoT Edge, "SharedAccessKey" from IoT Edge > Device Details > Primary Key, GateWayHostName from the gateway device name.
https://github.com/Azure-Samples/azure-iot-samples-csharp/blob/master/iot-hub/Quickstarts/simulated-device/SimulatedDevice.cs
Point 1 - hostname
The three names below should be the same. This time I used the current local IP address of Raspberry Pi "192.168.100.103"
Pattern 1
1) the Edge device CA certificate
Use the command below
2) hostname in config.yaml
3) connection string at Device SDK
Pattern 2
1) the Edge device CA certificate
When creating with this command below
2) hostname in config.yaml
3) connection string at Device SDK
Point 2 - Protocols
Now Azure IoT Edge Transparent Gateway does not support HTTP connection, but only MQTT and AMQP. According to the official documentation below, currently Edge Hub supports only MQTT and AMQP.
https://docs.microsoft.com/en-us/azure/iot-edge/iot-edge-runtime
Also, this page describes we cannot use HTTP and websocket for Azure IoT Edge Transparent Gateway because HTTP and websocket are not supported for X509-CA authentication.
https://github.com/Azure/azure-iot-sdk-csharp
