In my years of delivering technical projects, a common theme seems to be that people view "certificates" and "authentication" (by certificates) to be some sort of black magic art. At more than one place, understanding them at even a symbol block-diagram-level was deemed to be the domain of a subject matter expert with everyone else either ignoring their existence or talking about them in wrong or misleading terms.

Being a curious (or nosey) person, I've had times where trying to set something up at home has meant I've encountered "problems with certificates" and rather than just shrug my shoulders and turn off all associated security (which is another way people seem to avoiding having to get to grips with "certificates"), I've spent hours (whole evenings) searching and reading, trying examples, building a root CA and chain of certs and eventually getting some sort of shaky (but valid) solution to whatever "problems with certificates" that I had been having. In the process, I've realised that, actually, "certificates" are not really black magic and that if you take just a bit of time to step through it slowly, read through some of the terminology and (for commercial implementations, brand names), then actually the fundamentals are not that difficult.

A useful starter: http://www.networkworld.com/article/2226498/infrastructure-management/si...