Lots of folks are moving toX.509 certificate-based authenticationas they start to use theAzure IoT Hub Device Provisioning Service, which is great! But I've gotten lots of questions about what the best practices are, and how to go about doing it at scale. There are a lot of variables that influence where certs come from and how they are installed, and who owns each stage depends on the specific processes and business relationships in place. This blog post is meant to provide some clarity around the cert generation and installation process for IoT devices at production-level scales.
One note before I begin, if you already have a system in place for installing certificates on your IoT devices and its working out for you, great! Feel free to stop reading and check out some of ourother content. This blog post is for folks who are just making the switch to using certificates on IoT devices and are struggling with figuring out what works best.