IOT Hub - how to change TLS 1.0 to TLS 1.2

Madanala, Jayashree 151 Reputation points
2023-09-27T16:06:04.74+00:00

Hi Team,

How to change the TLS version 1.0 to 1.2 for Azure IoT Hub which is already created. Bcz we can see during creation of Iot Hub, there is option to set TLS 1.2. how to we changes after creation of IotHub.

Also we dont see TLS Certificate tab in Azure Portal --> IOT hub --> settings --> Certificates why?

Do we need to change the digicert CA certificate in all iot-edge devices? if yes what are the steps for ubuntu device.

Also any code changes required for TLS 1.2

Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,189 questions
0 comments No comments
{count} vote

Accepted answer
  1. Matthijs van der Veer 4,376 Reputation points MVP
    2023-09-28T07:25:29.7466667+00:00

    The minimum TLS version can't be changed after creation of the hub. It's a readonly property. If you aim to upgrade the minimum TLS version, you can create a new IoT Hub and migrate your configuration and devices to it. This migration can be automated through the Azure CLI. This is an experimental feature, but works quite well. You can read more about it in the docs.

    There will be impact to devices, as their connection string needs to point to the new IoT Hub. If you have DPS in place, this impact will be limited.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. LeelaRajeshSayana-MSFT 15,321 Reputation points Microsoft Employee
    2023-09-27T22:21:12.2833333+00:00

    Hi @Madanala, Jayashree Thank you for posting the question here.

    How to change the TLS version 1.0 to 1.2 for Azure IoT Hub which is already created

    Unfortunately, this property is read-only at the moment and cannot be changed after the IoT Hub creation. Please refer to the following note from the documentation - TLS 1.2 enforcement available in select regions

    User's image

    Also we dont see TLS Certificate tab in Azure Portal --> IOT hub --> settings --> Certificates why?

    If you referring to the root certificates that are recognized by the IoT Hub, you would find them under the certificates tab under your Device Provisioning Service. Please refer the below image for reference.

    User's image

    Do we need to change the digicert CA certificate in all iot-edge devices? if yes what are the steps for ubuntu device.

    The documentation - Migrate IoT Hub resources to a new TLS certificate root is a good place that answers your questions. You typically do not need to make changes on the IoT Edge devices. However, you can use the steps mentioned in the How to Check and Validation from the post link for more details on this.

    Also any code changes required for TLS 1.2

    There are no explicit code changes required to make this transition work.

    Hope this answers your questions. Please let us know if you need any further assistance or clarifications.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.