To secure IoT Hub endpoints X.509 certificate PKI is used. The kind of certificate used differs by endpoint.
Application and management endpoints
For all application and management endpoints world-trusted certificates, issued by well-known certificate authorities, are used. This brings the advantage that most systems will be able to validate those certificates by default.
For the device endpoints and protocol adapters we use a more narrowed down certificate approach. Devices often do not have the resources to maintain and validate many multiple root CAs. Our device certificates are therefore all issued by the Let’s Encrypt Certificate Authority.
Device endpoint certificate: