![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 65%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EY%3C/text%3E%3C/svg%3E)
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 74%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
@Yoga Are you referring to this documentation Migrate IoT Hub resources to a new TLS certificate root ?
Please check the below response and update us if you have any further queries.
AFAIK, PEM-type X.509 certificate (without private key) is binary equivalent of CRT-type X.509 certificate. If you just change the file extension from .pem to .crt, it just works.
Do I need to put Pem or CRT in my device's trusted root?
The answer for this question is Yes for many IoT devices, if you don't have automatic update process like Windows Root Certificate Program.
You need to configure the devices / client applications to trust certificates issued by DigiCert Global Root G2.
Do I need to upload any certificates in Azure IoT Hub Account?
Certificates uploaded to IoT Hub manually are used for device authentication only, which are not used as server certificate for TLS negotiation.
So, users don't need to upload their own certificate to adapt to G2 Root.
Can you please help us step by step integration on it?
This depends on your device OS and application implementations.
How can we cross-check this integration instead of a real device?
You can use the test environment described as below: Azure IoT TLS: Critical changes are almost here! (…and why you should care) - Microsoft Community Hub
Validation
We ask that you perform basic validation to mitigate any unforeseen impact to your IoT devices connecting to Azure IoT Hub and DPS. We are providing test environments for your convenience to verify that your devices can connect before we update these certificates in production environments.
Or you can migrate your own test IoT hub using migration tool manually: Optional manual IoT hub migration
If you've prepared your devices and are ready for the TLS certificate migration before February 2023, you can manually migrate your IoT hub root certificates yourself.
Hope this helps. Do let us know if you have any further queries.
If the response is helpful, please click "Accept Answer" and upvote it.