azure database for postgres フレキシブルサーバーTLS証明書の更新について

taku kita 20 Reputation points
2024-07-02T05:11:12.5166667+00:00

現在azure database for postgres フレキシブルサーバーを利用しているのですが、azureからルートストアに関する証明書の更新について通知がありました。そこでは、クライアント側にて既存で利用しているDigicert グローバル ルート CAと併せて、Microsoft RSA Root Certificate Authority 2017の証明書を追加するように記載されています。azureの対象ページのドキュメントにはそのような記載が見当たらないのですが、証明書をクライアント側で利用している場合、この作業は必ず実施が必要なのでしょうか。

(ファイル名が2017という名称なので、それ以前に作成したサービスのみ対応が必要、などの条件があるか気になっています)

https://learn.microsoft.com/ja-jp/azure/postgresql/flexible-server/concepts-networking-ssl-tls

Azure Database for PostgreSQL
0 comments No comments
{count} votes

Accepted answer
  1. Amira Bedhiafi 19,056 Reputation points
    2024-07-05T22:47:24.3+00:00

    Welcome to Microsoft Learn ! Please keep in mind that you need to share your questions in English so we can help you.

    If you are using Azure Database for PostgreSQL Flexible Server and have received a notification from Azure regarding an update to the root store certificates, it is important to ensure your client-side configuration is up-to-date. The notification indicates that in addition to the existing Digicert Global Root CA, the Microsoft RSA Root Certificate Authority 2017 certificate should also be added.

    Q1: Yes, it is necessary to perform this update on the client side to maintain secure and uninterrupted connections to your database. Even if the Azure documentation does not explicitly mention this step, following the update instructions from Azure notifications is crucial.

    **Q2 :**The certificate update is not limited to services created before 2017. The name "Microsoft RSA Root Certificate Authority 2017" indicates the year the certificate was issued, not the services' creation date. Therefore, regardless of when your service was created, you should add this certificate to ensure compatibility and security.

    To implement the update:

    • Download the Microsoft RSA Root Certificate Authority 2017 from a trusted source or directly from Microsoft's documentation if provided.
    • Add this certificate to your client's trusted certificate store alongside the Digicert Global Root CA.
    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful