Merge pull request #228018 from KennedyDMSFT/US61446

User Story 61446

Author: v-dirichards

articles/iot-hub/.openpublishing.redirection.iot-hub.json

@@ -1268,6 +1268,11 @@
       "redirect_url": "/azure/iot-hub/reference-x509-certificates",
       "redirect_document_id": true
     },
+    {
+      "source_path_from_root": "/articles/iot-hub/tutorial-x509-introduction.md",
+      "redirect_url": "/azure/iot-hub/tutorial-x509-prove-possession",
+      "redirect_document_id": false
+    },
     {
       "source_path_from_root": "/articles/iot-hub/tutorial-x509-self-sign.md",
       "redirect_url": "/azure/iot-hub/reference-x509-certificates",

articles/iot-hub/TOC.yml

@@ -44,9 +44,6 @@
       href: iot-hub-live-data-visualization-in-power-bi.md
     - name: Use X.509 certificates
       items:
-        - name: Introduction
-          displayName: X.509 certificates
-          href: tutorial-x509-introduction.md
         - name: Use OpenSSL to create test certificates
           displayName: X.509 certificates, root CA
           href: tutorial-x509-openssl.md

articles/iot-hub/index.yml

@@ -73,7 +73,7 @@ landingContent:
    - linkListType: tutorial
      links:
      - text: Use X.509 certificates to authenticate
-       url: tutorial-x509-introduction.md
+       url: tutorial-x509-prove-possession.md
    - linkListType: concept
      links:
      - text: Security best practices

articles/iot-hub/iot-hub-tls-support.md

@@ -128,7 +128,7 @@ After a successful TLS handshake, IoT Hub can authenticate a device using a symm
 
 ## Mutual TLS support
 
-Mutual TLS authentication ensures that the client _authenticates_ the server (IoT Hub) certificate and the server (IoT Hub) _authenticates_ the [X.509 client certificate or X.509 Thumbprint](tutorial-x509-introduction.md). _Authorization_ is performed by IoT Hub after _authentication_ is complete.
+Mutual TLS authentication ensures that the client _authenticates_ the server (IoT Hub) certificate and the server (IoT Hub) _authenticates_ the [X.509 client certificate or X.509 thumbprint](tutorial-x509-prove-possession.md). _Authorization_ is performed by IoT Hub after _authentication_ is complete.
 
 For AMQP and MQTT protocols, IoT Hub requests a client certificate in the initial TLS handshake. If one is provided, IoT Hub _authenticates_ the client certificate and the client _authenticates_ the IoT Hub certificate. This process is called mutual TLS authentication. When IoT Hub receives an MQTT connect packet or an AMQP link opens, IoT Hub performs _authorization_ for the requesting client and determines if the client requires X.509 authentication. If mutual TLS authentication was completed and the client is authorized to connect as the device, it is allowed. However, if the client requires X.509 authentication and client authentication was not completed during the TLS handshake, then IoT Hub rejects the connection.