I recently saw a comment in a discussion forum that kinda puzzled me.

The author of the comment is a person I consider a full-blown wizard of at least 7th order.
The thread in question has a comment by peterhinch stating "This TLS stuff is a black art".

This puzzled me, as I have profited from Peters comments on MycoPython a lot: He clearly knows this stuff inside and out - so much more than I do.
Such a firmware wizard is considering my daily practice a black art?

I am sure, he is wrong.
But to prove that, I will have to explain "this TLS stuff" a little.

Clarkes observation "Any sufficiently advanced technology is indistinguishable from magic." still lstands, of course.
But X.509 is very well on this side of what I call the Clarke-Barrier: it is not sufficiently advanced and is still very well distinguishable from magic.

So follow me - if you will - on what I intend to be a short introduction to the world of certificates.
Let's find out if I can fulfil on that promise of shortness for once :-)

I want to encourage you to create your own structure for issuing certificates to use in your own. local application, say your home automation network.
But instead of giving you a couple of connamds with openssl or suchlike, I want yout to understand the terminology.
That way you should be able to understand the openssl commands you will find in all the recepies on the BEI.