Incorp, round 1

Author: KennedyDMSFT

articles/iot-hub/.openpublishing.redirection.iot-hub.json

@@ -1265,37 +1265,37 @@
     },
     {
       "source_path_from_root": "/articles/iot-hub/tutorial-x509-certificates.md",
-      "redirect_url": "/azure/iot-hub/tutorial-x509-test-ca-certs",
+      "redirect_url": "/azure/iot-hub/tutorial-x509-test-certs",
       "redirect_document_id": true
     },
     {
       "source_path_from_root": "/articles/iot-hub/tutorial-x509-introduction.md",
-      "redirect_url": "/azure/iot-hub/tutorial-x509-test-ca-certs",
+      "redirect_url": "/azure/iot-hub/tutorial-x509-test-certs",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/iot-hub/tutorial-x509-openssl.md",
-      "redirect_url": "/azure/iot-hub/tutorial-x509-test-ca-certs",
+      "redirect_url": "/azure/iot-hub/tutorial-x509-test-certs",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/iot-hub/tutorial-x509-prove-possession.md",
-      "redirect_url": "/azure/iot-hub/tutorial-x509-test-ca-certs",
+      "redirect_url": "/azure/iot-hub/tutorial-x509-test-certs",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/iot-hub/tutorial-x509-self-sign.md",
-      "redirect_url": "/azure/iot-hub/tutorial-x509-test-ca-certs",
+      "redirect_url": "/azure/iot-hub/tutorial-x509-test-certs",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/iot-hub/tutorial-x509-scripts.md",
-      "redirect_url": "/azure/iot-hub/tutorial-x509-test-ca-certs",
+      "redirect_url": "/azure/iot-hub/tutorial-x509-test-certs",
       "redirect_document_id": false
     },
     {
       "source_path_from_root": "/articles/iot-hub/tutorial-x509-test-certificate.md",
-      "redirect_url": "/azure/iot-hub/tutorial-x509-test-ca-certs",
+      "redirect_url": "/azure/iot-hub/tutorial-x509-test-certs",
       "redirect_document_id": false
     },
     {

articles/iot-hub/TOC.yml

@@ -42,11 +42,9 @@
     - name: Data visualization in Power BI
       displayName: Stream Analytics
       href: iot-hub-live-data-visualization-in-power-bi.md
-    - name: Use X.509 certificates
-      items:
-        - name: Create and upload certificates for testing
-          displayName: X.509 certificates, root certificate authority (CA), verify certificate, certificate signing request (CSR)
-          href: tutorial-x509-test-ca-certs.md
+    - name: Create and upload certificates for testing
+      displayName: X.509 certificates, root certificate authority (CA), verify certificate, certificate signing request (CSR)
+      href: tutorial-x509-test-certs.md
 - name: Concepts
   items:
     - name: IoT Hub concepts overview

articles/iot-hub/index.yml

@@ -73,7 +73,7 @@ landingContent:
    - linkListType: tutorial
      links:
      - text: Create and upload certificates for testing
-       url: tutorial-x509-test-ca-certs.md
+       url: tutorial-x509-test-certs.md
    - linkListType: concept
      links:
      - text: Security best practices

articles/iot-hub/iot-hub-dev-guide-sas.md

@@ -266,7 +266,7 @@ The result, which would grant access to read all device identities, would be:
 
 ### Supported X.509 certificates
 
-You can use any X.509 certificate to authenticate a device with IoT Hub by uploading either a certificate thumbprint or a certificate authority (CA) to Azure IoT Hub. To learn more, see [Device Authentication using X.509 CA Certificates](iot-hub-x509ca-overview.md). For information about how to upload and verify a certificate authority with your IoT hub for testing, see [Tutorial: Create and upload certificates for testing](tutorial-x509-test-ca-certs.md).
+You can use any X.509 certificate to authenticate a device with IoT Hub by uploading either a certificate thumbprint or a certificate authority (CA) to Azure IoT Hub. To learn more, see [Device Authentication using X.509 CA Certificates](iot-hub-x509ca-overview.md). For information about how to upload and verify a certificate authority with your IoT hub for testing, see [Tutorial: Create and upload certificates for testing](tutorial-x509-test-certs.md).
 
 ### Enforcing X.509 authentication
 

articles/iot-hub/iot-hub-mqtt-support.md

@@ -114,7 +114,7 @@ If a device can't use the device SDKs, it can still connect to the public device
   `SharedAccessSignature sig={signature-string}&se={expiry}&sr={URL-encoded-resourceURI}`
 
   > [!NOTE]
-  > If you use X.509 certificate authentication, SAS token passwords are not required. For more information, see [Tutorial: Create and upload certificates for testing](tutorial-x509-test-ca-certs.md) and follow code instructions in the [TLS/SSL configuration section](#tlsssl-configuration).
+  > If you use X.509 certificate authentication, SAS token passwords are not required. For more information, see [Tutorial: Create and upload certificates for testing](tutorial-x509-test-certs.md) and follow code instructions in the [TLS/SSL configuration section](#tlsssl-configuration).
 
   For more information about how to generate SAS tokens, see the [Use SAS tokens as a device](iot-hub-dev-guide-sas.md#use-sas-tokens-as-a-device) section of [Control access to IoT Hub using Shared Access Signatures](iot-hub-dev-guide-sas.md).
 

articles/iot-hub/iot-hub-tls-support.md

@@ -128,7 +128,7 @@ After a successful TLS handshake, IoT Hub can authenticate a device using a symm
 
 ## Mutual TLS support
 
-Mutual TLS authentication ensures that the client _authenticates_ the server (IoT Hub) certificate and the server (IoT Hub) _authenticates_ the [X.509 client certificate or X.509 thumbprint](tutorial-x509-test-ca-certs.md#create-a-client-certificate-for-a-device). _Authorization_ is performed by IoT Hub after _authentication_ is complete.
+Mutual TLS authentication ensures that the client _authenticates_ the server (IoT Hub) certificate and the server (IoT Hub) _authenticates_ the [X.509 client certificate or X.509 thumbprint](tutorial-x509-test-certs.md#create-a-client-certificate-for-a-device). _Authorization_ is performed by IoT Hub after _authentication_ is complete.
 
 For AMQP and MQTT protocols, IoT Hub requests a client certificate in the initial TLS handshake. If one is provided, IoT Hub _authenticates_ the client certificate and the client _authenticates_ the IoT Hub certificate. This process is called mutual TLS authentication. When IoT Hub receives an MQTT connect packet or an AMQP link opens, IoT Hub performs _authorization_ for the requesting client and determines if the client requires X.509 authentication. If mutual TLS authentication was completed and the client is authorized to connect as the device, it is allowed. However, if the client requires X.509 authentication and client authentication was not completed during the TLS handshake, then IoT Hub rejects the connection.
 

articles/iot-hub/iot-hub-x509-certificate-concepts.md

@@ -121,10 +121,10 @@ To learn more about the fields that make up an X.509 certificate, see [X.509 cer
 
 If you're already familiar with X.509 certificates, and you want to generate test versions that you can use to authenticate to your IoT hub, see the following articles:
 
-* [Tutorial: Create and upload certificates for testing](tutorial-x509-test-ca-certs.md)
+* [Tutorial: Create and upload certificates for testing](tutorial-x509-test-certs.md)
 * If you want to use self-signed certificates for testing, see the [Create a self-signed certificate](reference-x509-certificates.md#create-a-self-signed-certificate) section of [X.509 certificates](reference-x509-certificates.md).
 
     >[!IMPORTANT]
     >We recommend that you use certificates signed by an issuing Certificate Authority (CA), even for testing purposes. Never use self-signed certificates in production.
 
-If you have a root CA certificate or subordinate CA certificate and you want to upload it to your IoT hub, you must verify that you own that certificate. For more information, see [Tutorial: Create and upload certificates for testing](tutorial-x509-test-ca-certs.md).
+If you have a root CA certificate or subordinate CA certificate and you want to upload it to your IoT hub, you must verify that you own that certificate. For more information, see [Tutorial: Create and upload certificates for testing](tutorial-x509-test-certs.md).

articles/iot-hub/iot-hub-x509ca-overview.md

@@ -30,7 +30,7 @@ The X.509 CA certificate is at the top of the chain of certificates for each of
 
 For production environments, we recommend that you purchase an X.509 CA certificate from a professional certificate services provider. Purchasing a CA certificate has the benefit of the root CA acting as a trusted third party to vouch for the legitimacy of your devices. Consider this option if your devices are part of an open IoT network where they interact with third-party products or services.
 
-You may also create a self-signed X.509 CA certificate for testing purposes. For more information about creating certificates for testing, see [Create and upload certificates for testing](tutorial-x509-test-ca-certs.md).
+You may also create a self-signed X.509 CA certificate for testing purposes. For more information about creating certificates for testing, see [Create and upload certificates for testing](tutorial-x509-test-certs.md).
 
 >[!NOTE]
 >We do not recommend the use of self-signed certificates for production environments.
@@ -55,7 +55,7 @@ The upload process entails uploading a file that contains your certificate.  Thi
 
 The proof of possession step involves a cryptographic challenge and response process between you and IoT Hub.  Given that digital certificate contents are public and therefore susceptible to eavesdropping, IoT Hub has to verify that you really own the CA certificate.  You can choose to either automatically or manually verify ownership. For manual verification, Azure IoT Hub generates a random challenge that you sign with the CA certificate's corresponding private key.  If you kept the private key secret and protected as recommended, then only you possess the knowledge to complete this step. Secrecy of private keys is the source of trust in this method.  After signing the challenge, you complete this step and manually verify your certificate by uploading a file containing the results.
 
-Learn how to [register your CA certificate](tutorial-x509-test-ca-certs.md#register-your-subordinate-ca-certificate-to-your-iot-hub).
+Learn how to [register your CA certificate](tutorial-x509-test-certs.md#register-your-subordinate-ca-certificate-to-your-iot-hub).
 
 ## Create a device on IoT Hub