Introduction to Certificates

Something that most people experiences every day is the reassuring lock icon on the browser, telling the user that the connection is secure, and the site uses a “valid certificate issued by a trusted authority”:

Browser connection details indicating "Connection is secure"

Browser "Connection is secure" details

From time to time, though, a user may experience a “not secure” connection warning, which is recommending us not to share any sensitive information with the website because it uses an invalid certificate:

"Your connection to this site isn't secure"

Browser "Your connection to this site isn't secure" details

What do these messages mean? What is the “certificate” in question, and where does it come from? That’s the purpose of this content.

The content starts with an overview of digital certificates, including the underlying concepts, the concept of certificate trust, and the full certificate lifecycle. After that underlying foundation, there’s a discussion of how the Azure IoT platform uses certificates.