Hiya,
I created a brand new free tier test hub to make sure our devices can connect before and after cert migration.
I clicked on "Migrate to DigiCert Global G2" and after some time azure said the operation had completed.
I verified with az iot hub certificate root-authority show --hub-name mytesthub
{
"enableRootCertificateV2": true,
"lastUpdatedTimeUtc": "2023-05-03T10:05:05.3113965Z"
}
Yet my test devices could still connect with only Baltimore cert on old code without DigiCert so I ran
openssl s_client -connect mytesthub.azure-devices.net:8883
CONNECTED(00000003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = Microsoft Corporation, CN = MSFT BALT RS256 CA
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = *.azure-devices.net
verify return:1
Does this not show that the test hub is still using Baltimore?
I reverted the test hub back to Baltimore and then Migrated again to DigiCert yet still the problem persists.
Can I restart the hub to make it start using the new cert?
Or does it take a few hours for the cert to change?
Cheers.