To secure IoT Hub endpoints X.509 certificate PKI is used. The kind of certificate used differs by endpoint.

Application and Management Endpoints

For all application and management endpoints world-trusted certificates, issued by well-known certificate authorities, are used. This brings the advantage that most systems will be able to validate those certificates by default.

Device Endpoints

For the device endpoints and protocol adapters we use a more narrowed down certificate approach. Devices often do not have the resources to maintain and validate multiple root CAs. Thus we provide a single root certificate that can be placed on the device. For this certificate we grant stability for its whole lifetime.

Device Endpoint Certificate: