Share via

WordPress Microsoft | App Service | Changes in the root certificate rotation for Azure Database for MySQL

Agner Souza Bezerra 40 Reputation points
2025-07-02T14:25:36.6333333+00:00

Hello everyone,

I need some assistance regarding my WordPress setup on Azure App Service, which connects to an Azure Database for MySQL.

Microsoft recently published an article about root certificate rotation for MySQL Flexible Server. My questions are:

Do I need to take any action?

Will the current certificate update automatically, or do I need to manually intervene?

If manual steps are required, what exactly should I do?

For reference, my current certificate is: GeoTrust Global TLS RSA 4096 SHA 256 2022 CA1.

I appreciate any guidance on this matter. Thank you!

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,983 questions
0 comments
Accepted answer
  1. Bhargavi Naragani 6,535 Reputation points Microsoft External Staff Moderator
    2025-07-02T17:54:47.4466667+00:00

    Hi Agner Souza Bezerra,

    Azure is updating the Certificate Authority (CA) root certificates that are used to establish secure SSL/TLS connections between your app (in this case, your WordPress app hosted on Azure App Service) and the Azure Database for MySQL Flexible Server.

    These certificates are important to ensure:

    • Secure encrypted traffic between your web app and database.
    • Trust validation using known CA root certificates.

    Starting October 2025, the older root certificates will no longer be trusted, and connections will fail if your app is not set up to trust the new ones.

    In most cases, no action is needed if you're using:

    • Default Azure App Service platform
    • WordPress configured without custom SSL certificate pinning

    That’s because App Service automatically trusts Microsoft-managed root CAs, including the new DigiCert root. So, if you're not overriding any SSL certificate behavior, you’re safe, no changes needed.

    However, You Do Need to Act If:

    • You’re explicitly referencing a .pem certificate file in wp-config.php or a custom MySQL client.
    • You’re using a custom Docker image that bundles a specific or outdated CA trust store.

    In these cases, the connection might fail once the old certificate is retired, so you must update your certificate.

    If affected, please follow below steps:

    1. Download the New Root Certificate https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-connect-tls-ssl
    2. Update Your App (If Using Custom Cert Reference)
    • Upload the new .crt.pem file to your App Service app or Docker image
    • Update your wp-config.php or environment settings to use the new certificate
    1. Restart the app and ensure successful MySQL connection over SSL with the new root.

    https://learn.microsoft.com/en-us/answers/questions/2288431/root-certificates-for-azure-database-for-mysql-fle

    Hope this helps, if you have any further concerns or queries, please feel free to reach out to us.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Agner Souza Bezerra 40 Reputation points
    2025-07-03T20:55:04.6966667+00:00

    Hi Bhargavi Naragani,

    Thank you for your response—it was incredibly helpful and provided exactly the guidance I needed. I truly appreciate you taking the time to assist me.

    Best regards.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.