We are currently implementing an IoT Edge on a lot of Devices which will be at remote locations.
We have cleared out that IoT Edge can use up to 3 certificates:
Certificate to perform the TLS communication with IoT Hub
Device certificates for internal use with modules, leave devices, etc.
DPS (Optional is you use certificates)
We are currently looking for a solution for point 1 and 2.
1. We understand that this can be solved with keeping IoT Edge up-to-date, but how do perform this is these devices are Remote and we have a lot of them? I know this will not happen that often that this certificate will expire but still it can, so we want to be prepared.
2. Device certificates should also be renewed from time to time. How can you also orchestrated form IoT Hub? We currently where thinking of building a module, but when the device comes online again after some time and in the main time, the certificate has expired, than the module is not able to talk to IoT Hub. Or do you just install a device certificate a installation which will have an expiration date longer then the expected device lifetime?