Include mention of the possibility of intermediate cert use

Author: wesmc7777

articles/iot-hub/iot-hub-security-x509-get-started.md

@@ -32,6 +32,9 @@ You may choose either of the following ways to get your certificates:
 
 * Create your own X.509 certificates using a third party tool such as [OpenSSL](https://www.openssl.org/). This will be fine for test and development purposes. See [Managing test CA certificates for samples and tutorials](https://github.com/Azure/azure-iot-sdk-c/blob/master/tools/CACertificates/CACertificateOverview.md) for information about generating test CA certificates using PowerShell or Bash. The rest of this tutorial uses test CA certificates generated by following the instructions in [Managing test CA certificates for samples and tutorials](https://github.com/Azure/azure-iot-sdk-c/blob/master/tools/CACertificates/CACertificateOverview.md).
 
+* Generate an [X.509 intermediate CA certificate](iot-hub-x509ca-overview.md#sign-devices-into-the-certificate-chain-of-trust) signed by an existing root CA certificate and upload it to the IoT Hub. Once the intermediate certificate is uploaded and verified, as instructed below, it can be used in the place of a root CA certificate in the IoT Hub. Tools like OpenSSL ([openssl req](https://www.openssl.org/docs/manmaster/man1/openssl-req.html) and [openssl ca](https://www.openssl.org/docs/manmaster/man1/openssl-ca.html)) can be used to generate and sign an intermediate CA certificate.
+
+
 ## Register X.509 CA certificates to your IoT hub
 
 These steps show you how to add a new Certificate Authority to your IoT hub through the portal.