Azure TLS certificate changes

Anuj 1 Reputation point
2020-10-09T12:42:34.703+00:00

Actually, I have host IIS websites on Azure VM Windows server 2019. and using SSL of ssl2buy. I just want to know I will be impacted or not.

I also received an email " We are updating Azure services in a phased manner to use Transport Layer Security (TLS) certificates from a different set of Root Certificate Authorities (CAs). This began 13 August 2020.

Your applications may be impacted if you explicitly specify a list of acceptable CAs (a practice known as certificate pinning).

We're making this change because the current CA certificates do not comply with one of the CA/Browser Forum Baseline requirements. This was reported on 1 July 2020 and impacts multiple popular Public Key Infrastructure (PKI) providers worldwide. Today, most of the TLS certificates used by Azure services are issued from the Baltimore CyberTrust Root PKI. Following this change, Azure services will use certificates issued by a different set of CAs (Certificate Authorities), chaining up to different Root CAs."

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,436 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,544 questions
{count} votes

2 answers

Sort by: Most helpful
  1. GitaraniSharma-MSFT 49,651 Reputation points Microsoft Employee
    2020-10-14T09:14:58.34+00:00

    Hello @Anuj ,

    As per the update from backend team, we expect that most Azure customers will not be impacted. However, your application may be impacted if it explicitly specifies a list of acceptable CAs. This practice is known as certificate pinning. There are some ways to detect if your application is impacted. You can follow the below article to find out more information:
    https://learn.microsoft.com/en-us/azure/security/fundamentals/tls-certificate-changes#will-this-change-affect-me

    If you have any specific question, you can post the same in the below thread which is being continuously monitored for Azure TLS certificate questions:
    https://learn.microsoft.com/en-us/answers/questions/117444/reminder-azure-tls-certificate-changes.html

    NOTE : This question is related to Security and is tagged incorrectly. I have changed it accordingly.

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  2. boss_mafia 1 Reputation point
    2021-02-02T12:02:38.537+00:00
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.