This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 26%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Hello Team,
There are a few applications that use Azure Logic Apps and Azure Functions. We have spotted that this week the Azure Logic Apps URL has a new intermediary certificate. It has changed the intermediary from 'Microsoft Azure RSA TLS Issuing CA 07' to 'Microsoft Azure RSA TLS Issuing CA 08'. Due to this certificate change, the handshake has been broken. Is there any tracking page, that we can follow for any similar certificate update plan on Azure Logic Apps , Functions, etc.?
This will save us from being broken, and we can maintain the same intermediary certificate in advance at API Gateway for handshakes.
Thanks,
Sanjay Kumar Patel
Hi,
Sounds like you have Certificate pinning.
Usually, your subscription owners should have received an email alert about the change before it happened to give you time to prepare; you can see the Changelog of the change Under the Past changes heading of the Certificate Authority page below.
Reference:
Thanks Luke. I have not received any notification so not sure. Is there any Microsoft page to subscribe to receive notifications on TLS changes ?
Hi, unfortunately not. Usually, customer affected outages are emailed to subscription owners,, the blogs on the TechCommunity under Azure, is also a good place to keep an eye on any changes.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 59%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
@Patel, Sanjaykumar Thanks for reaching out. Certificate changes are something we don't have a way to advertise. Customers should make sure that all security patches are installed in their operating systems Whenever new certs are rolled out, OS security patches make sure that those are trusted root certs on the machine.
Avoid using certificate pinning. please refer: https://learn.microsoft.com/en-us/azure/security/fundamentals/certificate-pinning
https://learn.microsoft.com/en-us/azure/security/fundamentals/tls-certificate-changes
Monitor the Azure Service Updates page to stay informed about any upcoming changes to the intermediary certificates used by Azure services.
https://azure.microsoft.com/en-us/updates/?query=TLS
please refer this blog for more information https://techcommunity.microsoft.com/t5/azure-storage-blog/azure-storage-tls-changes-intermediate-certificate-renewals/ba-p/3929149
do let me know incase of further queries, I would be happy to assist you.