![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 75%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,121 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 57.99999999999999%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
@P Ramanjaneyulu (TCIN) Welcome to Microsoft Q&A, thank you for posting your here!!
We understand you've recently been notified of the changes with the headline "If you use certificate pinning, update your trusted root store for Azure Storage services by 29 February 2024".
Azure Storage services use intermediate TLS certificates that are set to expire in June 2024.
In preparation, we'll begin rolling out updates in March for these expiring certificates in Azure Storage Cloud services, in the public Azure cloud and US Government cloud. (Blob, ADLS Gen2, File, Table, Queue, static websites)
Most Azure Storage customers will not be impacted, but applications using "certificate pinning" may be affected.
If your application explicitly specifies a list of acceptable CAs, your application was likely impacted. This practice is known as certificate pinning. Review the Microsoft Tech Community article on Azure Storage TLS changes for more information on how to determine if your services were impacted and next steps.
Here are some ways to detect if your application was impacted:
Search your source code for the thumbprint, Common Name, and other cert properties of any of the Microsoft IT TLS CAs in the Microsoft PKI repository. If there's a match, then your application will be impacted. To resolve this problem, update the source code include the new CAs. As a best practice, ensure that CAs can be added or edited on short notice. Industry regulations require CA certificates to be replaced within seven days of the change and hence customers relying on pinning need to react swiftly.
Required action:
If you have client applications that have pinned to intermediate certificate authorities, take one of these actions by 29 February 2024 to prevent interruptions to your connections:
- Add the issuing certificate authorities to your trusted root store and keep using the current intermediate certificate authorities until they're updated. See: Azure Storage TLS changes: Intermediate certificate renewals - Microsoft Community Hub.-,How%20to%20check,-If%20your%20client"https://techcommunity.microsoft.com/t5/azure-storage-blog/azure-storage-tls-changes-intermediate-certificate-renewals/ba-p/3929149#:~:text=prevent%20connection%20interruption).-,how%20to%20check,-if%20your%20client")
- Or to avoid the effects of this update and future certificate updates, discontinue certificate pinning in your applications. Links:
Certificate pinning - Certificate pinning and Azure services | Microsoft Learn
Azure TLS Certificate Changes | Microsoft Learn
Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.