Azure IoT TLS: Critical changes are almost here! (…and why you should care)

Published May 27 2021 02:49 PM 18.8K Views
Microsoft

Updated April 7, 2022 -- We have decided to postpone the start date of the Azure IoT root certificate migration from June 1st, 2022, to start no earlier than Feb 15th, 2023.

 

In the meantime, we are working on additional features to support you during this migration, including new testing endpoints for SHA-256 and a self-migration tool that you can use to move your own IoT hubs whenever you’re ready. We will continue to use this channel for updates and announcements, so stay tuned.

 

This blog post contains important information about TLS certificate changes for Azure IoT Hub and DPS endpoints that will impact IoT device connectivity.

 

In 2020 most Azure services were updated to use TLS certificates from Certificate Authorities (CAs) that chain up to the DigiCert Global G2 root. However, Azure IoT Hub and Device Provisioning Service (DPS), remained on TLS certificates issued by the Baltimore CyberTrust Root. The time has come now to switch from the Baltimore CyberTrust CA Root for Azure IoT Hub and DPS, which will migrate to the DigiCert Global G2 CA root starting in February 2023, and finish by or before September 2023. This change is for these services in public Azure cloud and does not impact sovereign clouds.

 

Why is this important? After the migration is complete, devices that don't have DigiCert Global G2 won't be able to connect to Azure IoT anymore. You must make certain your IoT devices include the DigiCert Global G2 root cert by February 15, 2023, to ensure your devices can connect after this change.

We expect that many Azure IoT customers have devices which will be impacted by this IoT service root CA update; specifically, smaller, constrained devices that specify a list of acceptable CAs.

The following services used by Azure IoT devices will migrate from the Baltimore CyberTrust Root to the DigiCert Global G2 Root starting February 15, 2023 completing on or before September 2023.

  1. Azure IoT Hub
  2. Azure IoT Hub Device Provisioning Service (DPS)

If any client application or device does not have the DigiCert Global G2 Root in their Certificate Stores, action is required to prevent disruption of IoT device connectivity to Azure.

 

RAMIoT_3-1649357866708.png

 

 

 

 

Action Required

 

  1. Keep using Baltimore in your device until the transition period is completed (necessary to prevent connection interruption).
  2. In addition to Baltimore, add the DigiCert Global root G2 to your trusted root store.
  3. Make sure SHA384 for Server certificate processing is enabled on the device.

 

How to check

 

  1. If your devices use a connection stack other than the ones provided in an Azure IoT SDK, then action is required:
  • To continue without disruption due to this change, Microsoft recommends that client applications or devices trust the DigiCert Global G2 root:

DigiCert Global Root G2

  • To prevent future disruption, client applications or devices should also add the following root to the trusted store:

Microsoft RSA Root Certificate Authority 2017
(Thumbprint: 73a5e64a3bff8316ff0edccc618a906e4eae4d74)

  1. If your client applications, devices, or networking infrastructure (e.g. firewalls) perform any sub root validation in code, immediate action is required:
    1. If you have hard coded properties like Issuer, Subject Name, Alternative DNS, or Thumbprint, then you will need to modify this to reflect the properties of the new certificates.
    2. This extra validation, if done, should cover all the certificates to prevent future disruptions in connectivity.
  2. If your devices (a) trust the DigiCert Global G2 root CA among others, (b) depend on the operating system certificate store that has OS updates enabled for getting these roots or (c) use the device/gateway SDKs as provided, then no action is required, but validation of compatibility would be prudent:
    1. Please verify that your respective store contains both the Baltimore and the Global G2 roots for a seamless transition:
      1.      Instructions for Windows here
      2.      Instructions for Ubuntu here
    2. Ensure that the device SDKs in use, if relying on hard coded certificates or on language runtimes have the DigiCert Global G2 root as appropriate.

 

Validation

 

We ask that you perform basic validation to mitigate any unforeseen impact to your IoT devices connecting to Azure IoT Hub and DPS. We are providing test environments for your convenience to verify that your devices can connect before we update these certificates in production environments.

This test can be performed using one of the endpoints provided (one for IoT Hub and one for DPS).

A successful TLS connection to the test environment indicates a positive result outcome – that your infrastructure and devices will work as-is and can connect with these changes. The credentials contain invalid data and are only good to establish a TLS connection, so once that happens any run time operations (e.g. sending telemetry) performed against these services will fail. This is by design since these test resources exist solely for customers to validate device TLS connectivity.

The credentials for the test environments are:

  • IoT Hub endpoint: g2cert.azure-devices.net
  • Connection String: HostName=g2cert.azure-devices.net;DeviceId=TestDevice1;SharedAccessKey=iNULmN6ja++HvY6wXvYW9RQyby0nQYZB+0IUiUPpfec=
  • Device Provisioning Service (DPS):
    • Global Service Endpoint: global-canary.azure-devices-provisioning.net
    • ID SCOPE:  0ne002B1DF7
    • Registration ID: abc

If the test described above with the TLS connection is not sufficient to validate your scenarios, you can request the creation of devices or enrollments for tests in special canary regions by contacting the Azure support team (see Support below).

The test environments will be available until all public cloud regions have completed their update to the new root CA.

 

Support

 

If you have any technical questions on implementing these changes or to request the creation of your own device or enrollment for tests, please open a support request with the options below and a member from our engineering team will get back to you shortly.

  • Issue Type: Technical
  • Service: Internet of Things/IoT SDKs
  • Problem type: Connectivity
  • Problem subtype: Unable to connect.

 

Certificate Summary

 

The table below provides information about the certificates that are being updated. Depending on which certificate your device or gateway clients use for establishing TLS connections, action may be needed to prevent loss of connectivity.

 

Certificate

Current

Post Update (Feb 15, 2023 – Sept 1, 2023)

Action

Root

Thumbprint: d4de20d05e66fc53fe1a50882c78db2852cae474
Expiration: Monday, May 12, 2025, 4:59:00 PM
Subject Name:
CN = Baltimore CyberTrust Root

OU = CyberTrust
O = Baltimore
C = IE

Thumbprint: df3c24f9bfd666761b268073fe06d1cc8d4f82a4

Expiration: ‎Friday, ‎January ‎15, ‎2038 5:00:00 AM

Subject Name:

CN = DigiCert Global Root G2

OU = www.digicert.com

O = DigiCert Inc

C = US 

Required

Intermediates

Thumbprints:

 

CN = Microsoft RSA TLS CA 01

Thumbprint: 417e225037fbfaa4f95761d5ae729e1aea7e3a42

----------------------------------------------------

CN = Microsoft RSA TLS CA 02

Thumbprint: b0c2d2d13cdd56cdaa6ab6e2c04440be4a429c75

----------------------------------------------------

 

Expiration: ‎Tuesday, ‎October ‎8, ‎2024 12:00:00 AM;
Subject Name:

O = Microsoft Corporation

C = US

Thumbprints:

 

Will be provided once the test endpoints are updated. Stay tuned!

----------------------------------------------------

Required

Leaf (IoT Hub)
 

Subject Name:

CN = *.azure-devices.net

Subject Name:
CN = *.azure-devices.net

Required

Leaf (DPS)
 

Subject Name:

CN = *.azure-devices-provisioning.net

Subject Name:
CN = *.azure-devices-provisioning.net

Required

Note: Both the intermediate and leaf certificates are expected to change frequently. We recommend not taking dependencies on them and instead trust the root certificate.

 

 

 

31 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-2393169%22%20slang%3D%22en-US%22%3EAzure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2393169%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EThis%20blog%20post%20contains%20important%20information%20about%20TLS%20certificate%20changes%20for%20Azure%20IoT%20Hub%20and%20DPS%20endpoints%20that%20%3CU%3Ewill%3C%2FU%3E%20impact%20IoT%20device%20connectivity.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%202020%20most%20Azure%20services%20were%20updated%20to%20use%20TLS%20certificates%20from%20Certificate%20Authorities%20(CAs)%20that%20chain%20up%20to%20the%20DigiCert%20Global%20G2%20root.%20However%2C%20%3CSTRONG%3E%3CEM%3EAzure%20IoT%20Hub%3C%2FEM%3E%3C%2FSTRONG%3E%20and%20%3CSTRONG%3E%3CEM%3EDevice%20Provisioning%20Service%20(DPS)%3C%2FEM%3E%3C%2FSTRONG%3E%2C%20remained%20on%20TLS%20certificates%20issued%20by%20the%20Baltimore%20CyberTrust%20Root.%20The%20time%20has%20come%20now%20to%20switch%20from%20the%20Baltimore%20CyberTrust%20CA%20Root%20for%20Azure%20IoT%20Hub%20and%20DPS%2C%20which%20will%20migrate%20to%20the%20DigiCert%20Global%20G2%20CA%20root%20starting%20in%20June%202022%2C%20and%20finish%20by%20or%20before%20October%202022.%20This%20change%20is%20for%20these%20services%20in%20%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fregions%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Epublic%20Azure%20cloud%3C%2FA%3E%20and%20does%20not%20impact%20sovereign%20clouds.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWhy%20is%20this%20important%3F%3C%2FSTRONG%3E%20After%20the%20migration%20is%20complete%2C%20devices%20that%20don't%20have%20DigiCert%20Global%20G2%20won't%20be%20able%20to%20connect%20to%20Azure%20IoT%20anymore.%20You%20must%20make%20certain%20your%20IoT%20devices%20include%20the%20DigiCert%20Global%20G2%20root%20cert%20by%20June%201%2C%202022%20to%20ensure%20your%20devices%20can%20connect%20after%20this%20change.%3C%2FP%3E%0A%3CP%3EWe%20expect%20that%20many%20Azure%20IoT%20customers%20have%20devices%20which%20will%20be%20impacted%20by%20this%20IoT%20service%20root%20CA%20update%3B%20specifically%2C%20smaller%2C%20constrained%20devices%20that%20specify%20a%20list%20of%20acceptable%20CAs.%3C%2FP%3E%0A%3CP%3EThe%20following%20services%20used%20by%20Azure%20IoT%20devices%20will%20migrate%20from%20the%20Baltimore%20CyberTrust%20Root%20to%20the%20DigiCert%20Global%20G2%20Root%20%3CSTRONG%3E%3CU%3Estarting%20June%201%2C%202022%26nbsp%3B%20completing%20on%20or%20before%20Oct%202022.%3C%2FU%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EAzure%20IoT%20Hub%3C%2FLI%3E%0A%3CLI%3EAzure%20IoT%20Hub%20Device%20Provisioning%20Service%20(DPS)%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%3CSTRONG%3EIf%20any%20client%20application%20or%20device%20does%20not%20have%20the%20DigiCert%20Global%20G2%20Root%20in%20their%20Certificate%20Stores%3C%2FSTRONG%3E%2C%20%3CFONT%20color%3D%22%23FF0000%22%3E%3CSTRONG%3Eaction%20is%20required%3C%2FSTRONG%3E%3C%2FFONT%3E%20to%20prevent%20disruption%20of%20IoT%20device%20connectivity%20to%20Azure.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22wduraes_0-1622138842351.png%22%20style%3D%22width%3A%201038px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F284365i223DA1A3A52B3A7A%2Fimage-dimensions%2F1038x380%3Fv%3Dv2%22%20width%3D%221038%22%20height%3D%22380%22%20role%3D%22button%22%20title%3D%22wduraes_0-1622138842351.png%22%20alt%3D%22wduraes_0-1622138842351.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%20id%3D%22toc-hId--463295434%22%3EAction%20Required%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EKeep%20using%20Baltimore%20in%20your%20device%20until%20the%20transition%20period%20is%20completed%20(necessary%20to%20prevent%20connection%20interruption).%3C%2FLI%3E%0A%3CLI%3EIn%20addition%20to%20Baltimore%2C%20add%20the%20%3CA%20href%3D%22https%3A%2F%2Fwww.digicert.com%2Fkb%2Fdigicert-root-certificates.htm%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EDigiCert%20Global%20root%20G2%3C%2FA%3E%20to%20your%20trusted%20root%20store.%3C%2FLI%3E%0A%3CLI%3EMake%20sure%20SHA384%20for%20Server%20certificate%20processing%20is%20enabled%20on%20the%20device.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%20id%3D%22toc-hId-2024217399%22%3EHow%20to%20check%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EIf%20your%20devices%20use%20a%20connection%20stack%20other%20than%20the%20ones%20provided%20in%20an%20Azure%20IoT%20SDK%2C%20then%20%3CSTRONG%3E%3CFONT%20color%3D%22%23FF0000%22%3Eaction%20is%20required%3C%2FFONT%3E%3A%20%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CUL%3E%0A%3CLI%3ETo%20continue%20without%20disruption%20due%20to%20this%20change%2C%20Microsoft%20recommends%20that%20client%20applications%20or%20devices%20trust%20the%20DigiCert%20Global%20G2%20root%3A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20style%3D%22%20padding-left%20%3A%2090px%3B%20%22%3E%3CA%20href%3D%22https%3A%2F%2Fwww.digicert.com%2Fkb%2Fdigicert-root-certificates.htm%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EDigiCert%20Global%20Root%20G2%3C%2FA%3E%3C%2FP%3E%0A%3CUL%20class%3D%22lia-list-style-type-lower-alpha%22%3E%0A%3CLI%3ETo%20prevent%20future%20disruption%2C%20client%20applications%20or%20devices%20should%20also%20add%20the%20following%20root%20to%20the%20trusted%20store%3A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20style%3D%22%20padding-left%20%3A%2090px%3B%20%22%3E%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fpkiops%2Fcerts%2FMicrosoft%2520RSA%2520Root%2520Certificate%2520Authority%25202017.crt%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20RSA%20Root%20Certificate%20Authority%202017%3C%2FA%3E%3CBR%20%2F%3E(Thumbprint%3A%2073a5e64a3bff8316ff0edccc618a906e4eae4d74)%3C%2FP%3E%0A%3COL%20start%3D%222%22%3E%0A%3CLI%3EIf%20your%20client%20applications%2C%20devices%2C%20or%20networking%20infrastructure%20(e.g.%20firewalls)%20perform%20any%20sub%20root%20validation%20in%20code%2C%20%3CSTRONG%3E%3CFONT%20color%3D%22%23FF0000%22%3Eimmediate%20action%20is%20required%3A%3C%2FFONT%3E%3C%2FSTRONG%3E%3COL%3E%0A%3CLI%3EIf%20you%20have%20hard%20coded%20properties%20like%20Issuer%2C%20Subject%20Name%2C%20Alternative%20DNS%2C%20or%20Thumbprint%2C%20then%20you%20will%20need%20to%20modify%20this%20to%20reflect%20the%20properties%20of%20the%20new%20certificates.%3C%2FLI%3E%0A%3CLI%3EThis%20extra%20validation%2C%20if%20done%2C%20should%20cover%20%3CSTRONG%3Eall%3C%2FSTRONG%3E%20the%20certificates%20to%20prevent%20future%20disruptions%20in%20connectivity.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FLI%3E%0A%3CLI%3EIf%20your%20devices%20(a)%20trust%20the%20DigiCert%20Global%20G2%20root%20CA%20among%20others%2C%20(b)%20depend%20on%20the%20operating%20system%20certificate%20store%20that%20has%20OS%20updates%20enabled%20for%20getting%20these%20roots%20or%20(c)%20use%20the%20device%2Fgateway%20SDKs%20as%20provided%2C%20then%20%3CFONT%20color%3D%22%23FF0000%22%3E%3CSTRONG%3Eno%20action%20is%20required%2C%20but%20validation%20of%20compatibility%20would%20be%20prudent%3A%20%3C%2FSTRONG%3E%3C%2FFONT%3E%3COL%3E%0A%3CLI%3EPlease%20verify%20that%20your%20respective%20store%20contains%20both%20the%20Baltimore%20and%20the%20Global%20G2%20roots%20for%20a%20seamless%20transition%3A%3COL%3E%0A%3CLI%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Instructions%20for%20Windows%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-hardware%2Fdrivers%2Finstall%2Ftrusted-root-certification-authorities-certificate-store%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Instructions%20for%20Ubuntu%20%3CA%20href%3D%22https%3A%2F%2Fmanpages.ubuntu.com%2Fmanpages%2Fprecise%2Fman8%2Fupdate-ca-certificates.8.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehere%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FLI%3E%0A%3CLI%3EEnsure%20that%20the%20device%20SDKs%20in%20use%2C%20if%20relying%20on%20hard%20coded%20certificates%20or%20on%20language%20runtimes%20have%20the%20DigiCert%20Global%20G2%20root%20as%20appropriate.%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%20id%3D%22toc-hId-216762936%22%3EValidation%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20ask%20that%20you%20perform%20basic%20validation%20to%20mitigate%20any%20unforeseen%20impact%20to%20your%20IoT%20devices%20connecting%20to%20Azure%20IoT%20Hub%20and%20DPS.%20We%20are%20providing%20test%20environments%20for%20your%20convenience%20to%20verify%20that%20your%20devices%20can%20connect%20before%20we%20update%20these%20certificates%20in%20production%20environments.%3C%2FP%3E%0A%3CP%3EThis%20test%20can%20be%20performed%20using%20one%20of%20the%20endpoints%20provided%20(one%20for%20IoT%20Hub%20and%20one%20for%20DPS).%3C%2FP%3E%0A%3CP%3EA%20successful%20TLS%20connection%20to%20the%20test%20environment%20indicates%20a%20positive%20result%20outcome%20%E2%80%93%20that%20your%20infrastructure%20and%20devices%20will%20work%20as-is%20and%20can%20connect%20with%20these%20changes.%20The%20credentials%20contain%20invalid%20data%20and%20are%20only%20good%20to%20establish%20a%20TLS%20connection%2C%20so%20once%20that%20happens%20any%20run%20time%20operations%20(e.g.%20sending%20telemetry)%20performed%20against%20these%20services%20will%20fail.%20This%20is%20by%20design%20since%20these%20test%20resources%20exist%20solely%20for%20customers%20to%20validate%20device%20TLS%20connectivity.%3C%2FP%3E%0A%3CP%3EThe%20credentials%20for%20the%20test%20environments%20are%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EIoT%20Hub%20endpoint%3C%2FSTRONG%3E%3A%20g2cert.azure-devices.net%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CUL%3E%0A%3CLI%3EConnection%20String%3A%20HostName%3Dg2cert.azure-devices.net%3BDeviceId%3DTestDevice1%3BSharedAccessKey%3DiNULmN6ja%2B%2BHvY6wXvYW9RQyby0nQYZB%2B0IUiUPpfec%3D%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EDevice%20Provisioning%20Service%3C%2FSTRONG%3E%20(DPS)%3A%3C%2FLI%3E%0A%3CUL%3E%0A%3CLI%3EGlobal%20Service%20Endpoint%3A%20global-canary.azure-devices-provisioning.net%3C%2FLI%3E%0A%3CLI%3EID%20SCOPE%3A%20%26nbsp%3B0ne002B1DF7c%3C%2FLI%3E%0A%3CLI%3ERegistration%20ID%3A%20abc%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3EIf%20the%20test%20described%20above%20with%20the%20TLS%20connection%20is%20not%20sufficient%20to%20validate%20your%20scenarios%2C%20you%20can%20request%20the%20creation%20of%20devices%20or%20enrollments%20for%20tests%20in%20special%20canary%20regions%20by%20contacting%20the%20Azure%20support%20team%20(see%20Support%20below).%3C%2FP%3E%0A%3CP%3EThe%20test%20environments%20will%20be%20available%20until%20all%20public%20cloud%20regions%20have%20completed%20their%20update%20to%20the%20new%20root%20CA.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%20id%3D%22toc-hId--1590691527%22%3ESupport%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20have%20any%20technical%20questions%20on%20implementing%20these%20changes%20or%20to%20request%20the%20creation%20of%20your%20own%20device%20or%20enrollment%20for%20tests%2C%20please%20open%20a%20support%20request%20with%20the%20options%20below%20and%20a%20member%20from%20our%20engineering%20team%20will%20get%20back%20to%20you%20shortly.%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EIssue%20Type%3C%2FSTRONG%3E%3A%20Technical%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EService%3C%2FSTRONG%3E%3A%20Internet%20of%20Things%2FIoT%20SDKs%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EProblem%20type%3C%2FSTRONG%3E%3A%20Connectivity%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EProblem%20subtype%3C%2FSTRONG%3E%3A%20Unable%20to%20connect.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%20id%3D%22toc-hId-896821306%22%3ECertificate%20Summary%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20table%20below%20provides%20information%20about%20the%20certificates%20that%20are%20being%20updated.%20Depending%20on%20which%20certificate%20your%20device%20or%20gateway%20clients%20use%20for%20establishing%20TLS%20connections%2C%20action%20may%20be%20needed%20to%20prevent%20loss%20of%20connectivity.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2212%25%22%3E%3CP%3E%3CSTRONG%3ECertificate%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2238%25%22%3E%3CP%3E%3CSTRONG%3ECurrent%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2238%25%22%3E%3CP%3E%3CSTRONG%3EPost%20Update%20(June%201%2C%202022%20%E2%80%93%20October%201%2C%202022)%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2212%25%22%3E%3CP%3E%3CSTRONG%3EAction%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2212%25%22%3E%3CP%3ERoot%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2238%25%22%20style%3D%22word-break%3A%20break-all%3B%22%3E%3CP%3EThumbprint%3A%20d4de20d05e66fc53fe1a50882c78db2852cae474%3CBR%20%2F%3EExpiration%3A%20Monday%2C%20May%2012%2C%202025%2C%204%3A59%3A00%20PM%3CBR%20%2F%3ESubject%20Name%3A%3CBR%20%2F%3ECN%20%3D%20Baltimore%20CyberTrust%20Root%3C%2FP%3E%0A%3CP%3EOU%20%3D%20CyberTrust%3CBR%20%2F%3EO%20%3D%20Baltimore%3CBR%20%2F%3EC%20%3D%20IE%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2238%25%22%20style%3D%22word-break%3A%20break-all%3B%22%3E%3CP%3EThumbprint%3A%20df3c24f9bfd666761b268073fe06d1cc8d4f82a4%3C%2FP%3E%0A%3CP%3EExpiration%3A%20%E2%80%8EFriday%2C%20%E2%80%8EJanuary%20%E2%80%8E15%2C%20%E2%80%8E2038%205%3A00%3A00%20AM%3C%2FP%3E%0A%3CP%3ESubject%20Name%3A%3C%2FP%3E%0A%3CP%3ECN%20%3D%20DigiCert%20Global%20Root%20G2%3C%2FP%3E%0A%3CP%3EOU%20%3D%20%3CA%20href%3D%22http%3A%2F%2Fwww.digicert.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ewww.digicert.com%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EO%20%3D%20DigiCert%20Inc%3C%2FP%3E%0A%3CP%3EC%20%3D%20US%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2212%25%22%3E%3CP%3E%3CSTRONG%3ERequired%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2212%25%22%3E%3CP%3EIntermediates%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2238%25%22%20style%3D%22word-break%3A%20break-all%3B%22%3E%3CP%3E%3CU%3EThumbprints%3A%3C%2FU%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECN%20%3D%20Microsoft%20RSA%20TLS%20CA%2001%3C%2FP%3E%0A%3CP%3EThumbprint%3A%20417e225037fbfaa4f95761d5ae729e1aea7e3a42%3C%2FP%3E%0A%3CP%3E----------------------------------------------------%3C%2FP%3E%0A%3CP%3ECN%20%3D%20Microsoft%20RSA%20TLS%20CA%2002%3C%2FP%3E%0A%3CP%3EThumbprint%3A%20b0c2d2d13cdd56cdaa6ab6e2c04440be4a429c75%3C%2FP%3E%0A%3CP%3E----------------------------------------------------%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EExpiration%3A%20%E2%80%8ETuesday%2C%20%E2%80%8EOctober%20%E2%80%8E8%2C%20%E2%80%8E2024%2012%3A00%3A00%20AM%3B%20%3CBR%20%2F%3ESubject%20Name%3A%3C%2FP%3E%0A%3CP%3EO%20%3D%20Microsoft%20Corporation%3C%2FP%3E%0A%3CP%3EC%20%3D%20US%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2238%25%22%20style%3D%22word-break%3A%20break-all%3B%22%3E%3CP%3E%3CU%3EThumbprints%3A%20%3C%2FU%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECN%20%3D%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fpkiops%2Fcerts%2FMicrosoft%2520Azure%2520TLS%2520Issuing%2520CA%252001.cer%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Azure%20TLS%20Issuing%20CA%2001%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EThumbprint%3A%202f2877c5d778c31e0f29c7e371df5471bd673173%3C%2FP%3E%0A%3CP%3E----------------------------------------------------%3C%2FP%3E%0A%3CP%3ECN%20%3D%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fpkiops%2Fcerts%2FMicrosoft%2520Azure%2520TLS%2520Issuing%2520CA%252002.cer%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Azure%20TLS%20Issuing%20CA%2002%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EThumbprint%3A%20e7eea674ca718e3befd90858e09f8372ad0ae2aa%3C%2FP%3E%0A%3CP%3E----------------------------------------------------%3C%2FP%3E%0A%3CP%3ECN%20%3D%20Microsoft%20Azure%20TLS%20Issuing%20CA%2003%3C%2FP%3E%0A%3CP%3EThumbprint%3A%206c3af02e7f269aa73afd0eff2a88a4a1f04ed1e5%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E----------------------------------------------------%3C%2FP%3E%0A%3CP%3ECN%20%3D%20Microsoft%20Azure%20TLS%20Issuing%20CA%2004%3C%2FP%3E%0A%3CP%3EThumbprint%3A%2030e01761ab97e59a06b41ef20af6f2de7ef4f7b0%3C%2FP%3E%0A%3CP%3E----------------------------------------------------%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EExpiration%3A%20%E2%80%8EFriday%2C%20%E2%80%8EJune%20%E2%80%8E28%2C%20%E2%80%8E2024%205%3A29%3A59%20AM%3C%2FP%3E%0A%3CP%3ESubject%20Name%3A%3C%2FP%3E%0A%3CP%3EO%20%3D%20Microsoft%20Corporation%3C%2FP%3E%0A%3CP%3EC%20%3D%20US%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2212%25%22%3E%3CP%3E%3CSTRONG%3ERequired%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2212%25%22%3E%3CP%3ELeaf%20(IoT%20Hub)%3CBR%20%2F%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2238%25%22%3E%3CP%3ESubject%20Name%3A%3C%2FP%3E%0A%3CP%3ECN%20%3D%20*.azure-devices.net%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2238%25%22%3E%3CP%3ESubject%20Name%3A%20%3CBR%20%2F%3ECN%20%3D%20*.azure-devices.net%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2212%25%22%3E%3CP%3E%3CSTRONG%3ERequired%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2212%25%22%3E%3CP%3ELeaf%20(DPS)%3CBR%20%2F%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2238%25%22%3E%3CP%3ESubject%20Name%3A%3C%2FP%3E%0A%3CP%3ECN%20%3D%20*.azure-devices-provisioning.net%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2238%25%22%3E%3CP%3ESubject%20Name%3A%20%3CBR%20%2F%3ECN%20%3D%20*.azure-devices-provisioning.net%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2212%25%22%3E%3CP%3E%3CSTRONG%3ERequired%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%3CSTRONG%3ENote%3C%2FSTRONG%3E%3A%20Both%20the%20intermediate%20and%20leaf%20certificates%20are%20expected%20to%20change%20frequently.%20We%20recommend%20not%20taking%20dependencies%20on%20them%20and%20instead%20trust%20the%20root%20certificate.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2393169%22%20slang%3D%22en-US%22%3E%3CDIV%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22TLS%20Critical%20changes.jpg%22%20style%3D%22width%3A%20370px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F284474iF1F1FEDE462E3E70%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22TLS%20Critical%20changes.jpg%22%20alt%3D%22TLS%20Critical%20changes.jpg%22%20%2F%3E%3C%2FSPAN%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FDIV%3E%0A%3CDIV%3EAction%20required%3A%20The%20Azure%20IoT%20Baltimore%20Root%20CA%20is%20being%20replaced%20starting%20in%20June%202022%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2461776%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2461776%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EWould%20it%20be%20possible%20to%20get%20some%20insights%20as%20to%20what%20this%20means%20for%20existing%20IoT%20Edge%20devices%3F%20(or%20new%20IoT%20Edge%20devices)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20what%20we%20need%20to%20do%20for%20these%3F%20(And%20how%20to%20do%20it%3F).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20Regards%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2492799%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2492799%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1082145%22%20target%3D%22_blank%22%3E%40PerKops%3C%2FA%3E%2C%20in%20most%20cases%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fiot-edge%2Fabout-iot-edge%3Fview%3Diotedge-2020-11%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20IoT%20Edge%3C%2FA%3E%20devices%20(that%20are%20based%20on%20the%20Edge%20runtime)%20will%20be%20updated%20without%20need%20for%20user%20intervention.%20However%2C%20given%20this%20is%20a%20very%20flexible%20platform%20which%20allows%20for%20multiple%20configurations%2C%20the%20best%20way%20to%20ensure%20your%20Edge%20solution%20is%20ready%20for%20this%20change%20is%20to%20perform%20a%20test%20using%20the%20information%20in%20this%20blog%20post.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2494349%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2494349%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20any%20steps%20needed%20to%20update%2Ftest%20the%20certificate%20trust%20on%20an%20Azure%20Sphere%20IoT%20device%2C%20such%20as%20the%20%3CA%20href%3D%22https%3A%2F%2Fwww.avnet.com%2Fshop%2Fus%2Fproducts%2Favnet-engineering-services%2Faes-ms-mt3620-sk-g-3074457345636825680%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EAvnet%20Azure%20Sphere%20MT3620%20Starter%20Kit%3C%2FA%3E%2C%20or%20is%20this%20handled%20automatically%20through%20the%20regular%20OS%20and%20SDK%20update%20process%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2494636%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2494636%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F728463%22%20target%3D%22_blank%22%3E%40mhummel%3C%2FA%3E%2C%20the%20regular%20Azure%20Sphere%20update%20process%20will%20update%20the%20certs%20on%20the%20device%20automatically%20with%20a%20future%20OS%20update.%20That%20said%2C%20I%20still%20recommend%20running%20through%20the%20tests%20outlined%20in%20the%20blog%20post%20during%20the%20retail%20evaluation%20period%20of%20the%20OS%20update.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2604351%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2604351%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20modified%20the%20following%20for%20the%20validation%20using%20DPS%3A-%3C%2FP%3E%3CP%3E1)%20static%20const%20char*%20global_prov_uri%20%3D%20%22global-canary.azure-devices-provisioning.net%22%3B%3C%2FP%3E%3CP%3E2)%20Id%20scope%20to%26nbsp%3B%3CSPAN%3E0ne002B1DF7c%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E3)%20Registration%20Id%20to%20abc%20-%26gt%3B%20Prov_Device_SetOption(prov_device_handle%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BPROV_REGISTRATION_ID%2C%3CBR%20%2F%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%22abc%22)%3B%3C%2FP%3E%3CP%3E4)%20And%20however%20DigiCert%20Global%20Root%20G2%20certificate%20already%20exists%20and%20is%20part%20of%20trustable%20root%20certs.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20the%20changes%2C%20I%20am%20getting%20below%20error%2Flogs%20and%20am%20confused%20whether%20those%20logs%20are%20as%20expected%2C%20can%20you%20please%20confirm%20from%20the%20below%20logs%20that%20whether%20the%20TLS%20handshake%20is%20happening.%20(or)%20Please%20guide%20if%20I%20miss%20anything%20in%20the%20changes%20to%20be%20done%20for%20validation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Elocal3.info%2C2021-08-03%2011%3A55%3A59%2C00001F%2CCommunicationManager%5B1223%5D%3A%2C%20Info%3A%20Provisioning%20API%20Version%3A%201.3.4%23015%3CBR%20%2F%3Elocal3.info%2C2021-08-03%2011%3A55%3A59%2C00001F%2CCommunicationManager%5B1223%5D%3A%2C%20Info%3A%20Iothub%20API%20Version%3A%201.3.4%23015%3CBR%20%2F%3Elocal3.info%2C2021-08-03%2011%3A55%3A59%2C00001F%2CCommunicationManager%5B1223%5D%3A%2C%20Info%3A%20Iothub%20Global%20Prov%20Uri%3A%20global-canary.azure-devices-provisioning.net%23015%3CBR%20%2F%3Elocal3.info%2C2021-08-03%2011%3A55%3A59%2C00001F%2CCommunicationManager%5B1223%5D%3A%2C%20Info%3A%20Iothub%20Id%20Scope%3A%200ne002B1DF7c%23015%3CBR%20%2F%3Elocal3.info%2C2021-08-03%2011%3A55%3A59%2C00001F%2CCommunicationManager%5B1223%5D%3A%2C%20Info%3A%20Registering%20Device%23015%3CBR%20%2F%3Elocal3.err%2C2021-08-03%2011%3A56%3A01%2C00001F%2CCommunicationManager%5B1223%5D%3A%2C%20Error%3A%20File%3A%2Fusr%2Fsrc%2Fdebug%2Fazure-iot-sdk-c%2F1.3.4-r1%2Fgit%2Fprovisioning_client%2Fsrc%2Fprov_transport_mqtt_common.c%20Func%3Amqtt_operation_complete_callback%20Line%3A208%20Connection%20Not%20Accepted%3A%200x3%3A%20Server%20Unavailable%3CBR%20%2F%3Elocal3.err%2C2021-08-03%2011%3A56%3A01%2C00001F%2CCommunicationManager%5B1223%5D%3A%2C%20Error%3A%20File%3A%2Fusr%2Fsrc%2Fdebug%2Fazure-iot-sdk-c%2F1.3.4-r1%2Fgit%2Fprovisioning_client%2Fsrc%2Fprov_transport_mqtt_common.c%20Func%3Amqtt_error_callback%20Line%3A139%20MQTT%20communication%20error%3CBR%20%2F%3Elocal3.err%2C2021-08-03%2011%3A56%3A01%2C00001F%2CCommunicationManager%5B1223%5D%3A%2C%20Error%3A%20File%3A%2Fusr%2Fsrc%2Fdebug%2Fazure-iot-sdk-c%2F1.3.4-r1%2Fgit%2Fprovisioning_client%2Fsrc%2Fprov_device_ll_client.c%20Func%3Aon_transport_registration_data%20Line%3A763%20Failure%20retrieving%20data%20from%20the%20provisioning%20service%3CBR%20%2F%3Elocal3.err%2C2021-08-03%2011%3A56%3A01%2C00001F%2CCommunicationManager%5B1223%5D%3A%2C%20Error%3A%20File%3A%2Fusr%2Fsrc%2Fdebug%2Fazure-iot-sdk-c%2F1.3.4-r1%2Fgit%2Fiothub_client%2Fsrc%2Fiothub_c2d_communication.c%20Func%3Aregister_device_callback%20Line%3A187%20Failure%20registering%20device%3A%20PROV_DEVICE_RESULT_DEV_AUTH_ERROR%23015%3CBR%20%2F%3Elocal3.info%2C2021-08-03%2011%3A56%3A01%2C00001F%2CCommunicationManager%5B1223%5D%3A%2C%20registration%20status%20%3A%207%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%20%26amp%3B%20Regards.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2606673%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2606673%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1119305%22%20target%3D%22_blank%22%3E%40Sai_Charan_Ganji%3C%2FA%3E%26nbsp%3B%20-%20It%20appears%20that%20you%20are%20trying%20to%20test%20the%20DPS%20workflow.%20For%20testing%20this%2C%20you%20need%20to%20do%20an%20enrollment.%20Please%20look%20at%20the%20Support%20section%20of%20the%20blog%20that%20describes%20the%20process%20of%20opening%20a%20support%20ticket%20in%20the%20portal.%20Once%20a%20ticket%20is%20submitted%2C%20someone%20will%20create%20a%20device%20ID%20for%20you%20and%20you%20will%20be%20able%20to%20test.%20I%20hope%20this%20helps!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2610067%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2610067%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F765039%22%20target%3D%22_blank%22%3E%40RAMIoT%3C%2FA%3E%2C%20thanks%20for%20the%20response.%26nbsp%3B%3CSPAN%3EFrom%20the%20description%20in%20the%20blog%20I%20understood%20that%20if%20we%20just%20want%20to%20verify%20the%20TLS%20connection%2C%20there%20is%20no%20need%20to%20add%2Fcreate%20a%20device%20(or)%20enrollment%20for%20test.%20In%20my%20case%20I%20just%20want%20to%20verify%20the%20TLS%20connection%2C%20please%20correct%20me%20if%20am%20wrong.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAnd%20in%20case%20if%20we%20want%20to%20generate%20support%20request%2C%20can%20I%20post%20the%20request%20in%20the%20comment%20box%20below%20(or)%20do%20we%20have%20any%20other%20separate%20channel%20for%20that.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2611886%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2611886%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1119305%22%20target%3D%22_blank%22%3E%40Sai_Charan_Ganji%3C%2FA%3E%26nbsp%3BIf%20you're%20a%20hub%20customer%2C%20this%20is%20true.%20If%20you're%20specifically%20trying%20to%20test%20the%20DPS%20workflow%2C%20an%20enrollment%20will%20be%20needed.%20No%2C%20posting%20in%20the%20comment%20box%20will%20not%20work%2C%20please%20contact%20support%20from%20the%20Azure%20portal.%20They%20will%20get%20back%20to%20you%20within%20a%20day%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fms.portal.azure.com%2F%23blade%2FMicrosoft_Azure_Support%2FHelpAndSupportBlade%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ENew%20support%20request%20-%20Microsoft%20Azure%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2638671%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2638671%22%20slang%3D%22en-US%22%3E%3CP%3EHello.%26nbsp%3B%3C%2FP%3E%3CP%3EShould%20the%20Baltimore%20certificate%20be%20removed%20from%20the%20device%20store%20after%20October%202022%2C%20or%20can%20if%20left%20in%20place%20to%20prevent%20us%20having%20to%20update%20our%20entire%20install%20base%3F%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2642375%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2642375%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1126544%22%20target%3D%22_blank%22%3E%40Nautech%3C%2FA%3E%26nbsp%3BThe%20Baltimore%20root%20isn't%20required%20post%20the%20migration%2C%20and%20you%20can%20remove%20it%20at%20your%20own%20convenience.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2864137%22%20slang%3D%22zh-CN%22%3EReply%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(...%20and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2864137%22%20slang%3D%22zh-CN%22%3E%3CP%3EError%3A%20Time%3AWed%20Oct%2020%2015%3A01%3A53%202021%20File%3Ac%3A%5Crepos%5Cpanel%5Cdaisy%5Cdaisy%5Cassistant%5Cmialib%5Cazure_iot_sdk_c%5Cprovisioning_client%5Csrc%5Cprov_device_ll_client.c%20Func%3A_prov_transport_%20process_json_reply%20Line%3A670%20Unsuccessful%20json%20encountered%3A%20%7B%22errorCode%22%3A401002%2C%22trackingId%22%3A%22523c9a5a-9ad7-%20%3CBR%20%2F%3E%20Error%3A%20Time%3AWed%20Oct%2020%2015%3A01%3A53%202021%20File%3Ac%3A%5Crepos%5Cpanel%5Cdaisy%5C%20daisy%5Cassistant%5Cmialib%5Cazure_iot_sdk_c%5Cprovisioning_client%5Csrc%5Cprov_transport_mqtt_common.c%20Func%3A_prov_transport_common_mqtt_dowork%20Line%3A1016%20Unable%20to%20process%20registration%20reply.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2864158%22%20slang%3D%22en-US%22%3E%E5%9B%9E%E5%A4%8D%EF%BC%9A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2864158%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Roger199404_0-1634715412344.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F318635i3A1BAF945F53B0FC%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Roger199404_0-1634715412344.png%22%20alt%3D%22Roger199404_0-1634715412344.png%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Roger199404_1-1634715423552.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F318636i2C2C089402399384%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Roger199404_1-1634715423552.png%22%20alt%3D%22Roger199404_1-1634715423552.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2864188%22%20slang%3D%22en-US%22%3E%E5%9B%9E%E5%A4%8D%EF%BC%9A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2864188%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20add%20the%20DigiCert%20Global%20root%20G2%20and%20make%20sure%20SHA384%20is%20enabled%20on%20the%20device%20%2C%20but%20i%20can't%20connect%20the%20DPS%2C%20the%20error%20is%20above.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2866159%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2866159%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1190576%22%20target%3D%22_blank%22%3E%40Roger199404%3C%2FA%3E%26nbsp%3Bif%20you%20wish%20to%20test%20the%20DPS%20workflow%2C%20please%20check%20out%20the%20%22Support%22%20section.%20Once%20you%20open%20a%20support%20request%2C%20our%20support%20team%20will%20help%20you%20do%20an%20enrollment%20and%20test%20out%20the%20DPS%20flow.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2871462%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2871462%22%20slang%3D%22en-US%22%3E%3CP%3EAn%20earlier%20version%20of%20this%20article%20(link%20below)%20suggested%20that%20as%20long%20as%20the%20device%20is%20not%20pinned%20to%20an%20Intermediate%20or%20Leaf%20certificate%20an%20IoT%20device%20can%20carry%20on%20using%20the%20Baltimore%20Root%20Cert%20(until%20its%20expiry%20in%202025).%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Finternet-of-things%2Fazure-iot-tls-changes-are-coming-and-why-you-should-care%2Fba-p%2F1658456%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Finternet-of-things%2Fazure-iot-tls-changes-are-coming-and-why-you-should-care%2Fba-p%2F1658456%3C%2FA%3E%3C%2FP%3E%3CP%3EWould%20it%20be%20possible%20to%20carry%20on%20using%20the%20Baltimore%20root%20cert%20after%20Oct-2022%20(until%202025)%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2998282%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2998282%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all.%3CBR%20%2F%3EAbout%20this%20requirement%3A%3CBR%20%2F%3E%3CEM%3E%26nbsp%3B%20Action%20Required%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%26nbsp%3B%20(...)%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%26nbsp%3B%20Make%20sure%20SHA384%20for%20Server%20certificate%20processing%20is%20enabled%20on%20the%20device.%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%26nbsp%3B%20(...)%3C%2FEM%3E%3CBR%20%2F%3EI'd%20like%20to%20know%3A%3CBR%20%2F%3E%26nbsp%3B%20-%20Is%20SHA384%20really%20mandatory%3F%3CBR%20%2F%3E%26nbsp%3B%20-%20Is%20it%20used%20for%20message%20authentication%20code%20purposes%3F%3CBR%20%2F%3E%26nbsp%3B%20-%20It%20seems%20our%20device%20(Sierra%20Wireless%20HL6528RD%20based)%20only%20supports%20MD5%2FSHA1%2FAEAD%20for%20message%20authentication%20code%20algorithm%3A%20any%20chances%20it%20would%20work%3F%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EThank%20you%20in%20advance.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EP.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3064471%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3064471%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F765039%22%20target%3D%22_blank%22%3E%40RAMIoT%3C%2FA%3E%26nbsp%3B%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F631715%22%20target%3D%22_blank%22%3E%40wduraes%3C%2FA%3E%26nbsp%3B%3A%20Will%20MS%20support%20both%20Certificates%20till%20October%202022%20for%20all%20region%3F%20or%20Once%20transition%20complete%20in%20my%20region%20MS%20will%20stop%20supporting%20old%20certificate%20completely%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3070763%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3070763%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHi%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F765039%22%20target%3D%22_blank%22%3E%40RAMIoT%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%2C%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F631715%22%20target%3D%22_blank%22%3E%40wduraes%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20simple%20devices%20that%20use%20MQTT%20and%20not%20the%20SDK%20directly.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20the%20IoT%20Hub%20environment%2C%20how%20can%20we%20generate%20a%20SAS%20token%3F%20If%20we%20generate%20the%20SAS%20token%20on%20our%20side%20we%20require%20the%20IoT%20hub%20ower%26nbsp%3B%3CSPAN%3EConnection%20String%20and%20not%20the%20device%20string.%20Would%20it%20be%20possible%20for%20you%20to%20generate%20it%20for%20us%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWe%20require%20this%20for%20the%20test%20connection%20we%20hope%20to%20do%20to%20confirm%20the%20TLS%20connection.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3070878%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3070878%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1227693%22%20target%3D%22_blank%22%3E%40pt70f%3C%2FA%3E%26nbsp%3B%20The%20hashing%20algorithm%20used%20by%20the%20issuing%20CA%20for%20signing%20the%20server%20certificate%20that%20is%20presented%20by%20Hub%20and%20DPS%20is%20currently%20SHA-384%20for%20these%20test%20endpoints.%20We%20are%20in%20the%20process%20of%20procuring%20a%20SHA-256%20based%20intermediate%20CA%20so%20that%20it%20mirrors%20the%20current%20Baltimore%20based%20ICA%20in%20production.%20If%20your%20devices%20are%20currently%20working%20in%20prod%2C%20then%20you%20should%20be%20fine.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1279058%22%20target%3D%22_blank%22%3E%40Onkar_Kulkarni%3C%2FA%3E%26nbsp%3BYes%2C%20we%20will%20support%20both%20certificates%20during%20the%20transition%20phase%2C%20however%2C%20once%20we%20complete%20a%20region%2C%20if%20there%20are%20certain%20Hubs%20that%20need%20to%20remain%20on%20Baltimore%20for%20any%20reason%2C%20we%20will%20be%20able%20to%20rollback%20those%20Hubs%20to%20Baltimore%20while%20we%20continue%20with%20other%20regions.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1285625%22%20target%3D%22_blank%22%3E%40DJ200%3C%2FA%3E%26nbsp%3BPlease%20open%20a%20support%20request%20as%20described%20in%20the%20Support%20section%20above%20and%20we%20should%20be%20able%20to%20help%20you%20out%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3071530%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3071530%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20managed%20to%20connect%20to%20the%20IoT%20Hub.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20seems%20that%20the%26nbsp%3B%3CSPAN%3EBaltimore%20CyberTrust%20Root%20certificate%20is%20still%20working%20on%20this%20IoT%20Hub.%20Should%20this%20be%20happening%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CBR%20%2F%3EHow%20can%20I%20confirm%20that%20the%20certificate%20is%20being%20applied%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3072326%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3072326%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20RAMIoT%20and%20thanks%20for%20your%20reply%2C%20but%20I'm%20not%20sure%20I%20fully%20understood%20it.%3C%2FP%3E%3CP%3EPlease%2C%20can%20you%20elaborate%20more%20about%20it%3F%3C%2FP%3E%3COL%3E%3CLI%3EWill%20you%20provide%20an%20alias%20hostname%20that%20will%20keep%20working%20as%20is%20now%20in%20prod%3F%3C%2FLI%3E%3CLI%3EOr%20our%20devices%20(very%20constrained%2C%20no%20Azure%20IoT%20SDK)%20should%20trust%20that%20future%20intermediate%20CA%20as%20a%20root%20one%3F%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards%2C%3C%2FP%3E%3CP%3EP.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3096297%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3096297%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1285625%22%20target%3D%22_blank%22%3E%40DJ200%3C%2FA%3E%26nbsp%3Bwhat%20IoT%20Hub%20did%20you%20connect%20to%3F%20Was%20it%20%3CSPAN%3Eg2cert.azure-devices.net%3F%20Please%20test%20against%20this%20hub%20as%20descibed%20in%20the%20Validation%20section%20in%20the%20blog%20above.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1227693%22%20target%3D%22_blank%22%3E%40pt70f%3C%2FA%3E%26nbsp%3BYou%20need%20to%20add%20the%20DigiCert%20Global%20G2%20Root%20CA%20in%20ALL%20your%20devices%20to%20prepare%20for%20the%20migration.%20Please%20do%20NOT%20remove%20the%20Baltimore%20root%20CA%20until%20IoT%20Hub%20has%20fully%20migrated.%20Regarding%20alias%20hostname%2C%20I%20do%20not%20follow%20exactly%20-%20please%20email%20%3CA%20href%3D%22mailto%3Aiot-ca-updates%40microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Eiot-ca-updates%40microsoft.com%3C%2FA%3E%26nbsp%3Bwith%20more%20details%20and%20I%20will%20be%20able%20to%20assist%20better.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3097507%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3097507%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20is%20the%26nbsp%3B%3CSPAN%3E%26nbsp%3Bg2cert.azure-devices.net%20and%20my%20device%20is%20the%20Quectel%20Bg95%2C%20which%20does%20not%20have%20the%20new%26nbsp%3BDigiCert%20Global%20G2%20Root%20cert.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3098326%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3098326%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F765039%22%20target%3D%22_blank%22%3E%40RAMIoT%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20emailed%20iot-ca-updates%20at%20microsoft%20dot%20com%20as%20you%20suggested%20but%20I%20received%20this%20reply%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3E%3CSPAN%20class%3D%22%22%3EThe%20message%20could%20not%20be%20delivered%20to%20iot-ca-updates%20at%20microsoft%20dot%20com.%0A%0AThe%20iot-ca-updates%20group%20only%20accepts%20messages%20from%20users%20(...)%20but%20your%20email%20address%20is%20not%20on%20the%20list.%3C%2FSPAN%3E%3C%2FPRE%3E%3CP%3ECan%20you%20help%20me%3F%3C%2FP%3E%3CP%3EBest%20regards%2C%3C%2FP%3E%3CP%3EP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3100758%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3100758%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1227693%22%20target%3D%22_blank%22%3E%40pt70f%3C%2FA%3E%26nbsp%3BSorry%2C%20I%20have%20fixed%20it.%20Please%20try%20again.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1285625%22%20target%3D%22_blank%22%3E%40DJ200%3C%2FA%3E%26nbsp%3BCan%20you%20confirm%20whether%20your%20TLS%20implementation%20has%20server%20validation%20turned%20on%3F%20Are%20you%20using%20any%20of%20our%20SDKs%3F%20If%20yes%2C%20which%20one%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3100859%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3100859%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHi%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F765039%22%20target%3D%22_blank%22%3E%40RAMIoT%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EMy%20primary%20devices%20does%20not%20use%20any%20SDK%2C%20as%20its%20MQTT%20Stack%20on%20a%20GSM%20module%2C%20so%20I%26nbsp%3Bam%20running%20on%20MQTT%20platform%20in%20short.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20small%20experiment%20I%20had%20a%20ESp32%20dev%20kit%2C%20so%20i%20used%20the%20following%20stack%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fespressif%2Fesp-azure%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fespressif%2Fesp-azure%3C%2FA%3E%26nbsp%3B%2C%20which%20I%20believe%20uses%20the%20C%20SDK.%20This%20also%20proved%20successful%20as%20i%20was%20able%20to%20connect%20without%20the%20new%20cert.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20will%20need%20to%20check%20in%20regards%20to%20%22server%20validation%20turned%20on%22%2C%20does%20this%20make%20a%20difference%3F%20If%20for%20example%20this%20i%20switched%20OFF%20on%20the%20device%2C%20would%20still%20be%20able%20to%20connect%20without%20the%20new%20cert%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFurther%3CSPAN%3E%26nbsp%3Bto%20my%20issue%20%2C%20I%26nbsp%3Balso%26nbsp%3Btried%20connecting%20to%20the%20I%20hot%20hub%26nbsp%3Bg2cert.azure%2C%20without%20any%20certs%20using%20the%20following%20steps%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fweblogs.asp.net%2Fmorteza%2Fhow-to-send-mqtt-messages-to-an-azure-iothub-by-mqttfx-client%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fweblogs.asp.net%2Fmorteza%2Fhow-to-send-mqtt-messages-to-an-azure-iothub-by-mqttfx-client%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EUsing%20MQTT.fx%2C%20and%20was%20able%20to%20connect%20successfully.%20Can%20please%20advice%20why%20this%20is%20possible%3F%3C%2FSPAN%3E%3C%2FP%3E%3CH1%20id%3D%22toc-hId--2139467107%22%20id%3D%22toc-hId-886318202%22%20id%3D%22toc-hId-886318202%22%20id%3D%22toc-hId-886318202%22%20id%3D%22toc-hId-886318202%22%20id%3D%22toc-hId-886318202%22%20id%3D%22toc-hId-886318202%22%20id%3D%22toc-hId-886318202%22%20id%3D%22toc-hId-886318202%22%3E%26nbsp%3B%3C%2FH1%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3260845%22%20slang%3D%22fr-FR%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(...%20and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3260845%22%20slang%3D%22fr-FR%22%3E%3CP%3EDELETED%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3268838%22%20slang%3D%22fr-FR%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(...%20and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3268838%22%20slang%3D%22fr-FR%22%3E%3CP%3EHello%2CWe%3CBR%20%2F%3E%20are%20designer%20and%20manufacturer%20of%20electronic%20devices%20for%20industrial%20customers.%3CBR%20%2F%3ESince%201%20year%20we%20have%20one%20of%20our%20products%20that%20sends%20analysis%20data%20to%20a%20site%20Azur%20iot-hub.%3CBR%20%2F%3EThe%20datas%20are%20sent%20via%20the%20mqtts%20protocol%20in%20Json%20format.%20The%20connection%20security%20is%20based%20on%20shared%20symmetrical%20keys.%3CBR%20%2F%3EEverything%20was%20going%20well%20until%20Tuesday%20March%2022%2C%202022.%3CBR%20%2F%3ESince%20this%20date%20the%20connection%20is%20always%20refused%2C%20(error%20x10085%20NXD_MQTT_ERROR_NOT_AUTHORIZED).%3CBR%20%2F%3EWe%20are%20still%20using%20the%20only%20Root%20CA%20Baltimore%20certificate%2C%20as%20the%20migration%20campaign%20on%20the%20Azure%20side%20does%20not%20start%20until%20June%201%2C%202022...%20Has%20there%20been%20a%20change%20in%20this%20date%3F%3CBR%20%2F%3EThanks%20for%20your%20help.%3C%2FP%3E%3CP%3EEric%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3268891%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3268891%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Eric%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBased%20on%20my%20communication%20with%20the%20support%20team%2C%20this%20has%20been%20put%20back%20to%202023%2C%20between%20Febuary-July%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3341140%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3341140%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F765039%22%20target%3D%22_blank%22%3E%40RAMIoT%3C%2FA%3E%26nbsp%3B%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F631715%22%20target%3D%22_blank%22%3E%40wduraes%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EI%20would%20like%20to%20generate%20a%20SAS%20token%20equivalent%20to%20the%20above%20connection%20string%20for%20testing%20the%20new%20CA%3CBR%20%2F%3E%3CBR%20%2F%3EHow%20can%20I%20get%20support%20for%20this%3F%3CBR%20%2F%3E%3CBR%20%2F%3ECould%20not%20find%20a%20supporting%20page%20%2F%20link%3CBR%20%2F%3E%3CBR%20%2F%3ERegards!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3347200%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20IoT%20TLS%3A%20Critical%20changes%20are%20almost%20here!%20(%E2%80%A6and%20why%20you%20should%20care)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3347200%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1345556%22%20target%3D%22_blank%22%3E%40ClairitEF%3C%2FA%3E%26nbsp%3B-%20this%20doesn't%20seem%20to%20be%20related%20to%20this%20effort.%20I%20would%20reach%20out%20to%20support.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1384507%22%20target%3D%22_blank%22%3E%40yuvalom%3C%2FA%3E%26nbsp%3BI'm%20not%20sure%20what%20you%20mean.%20That%20is%20a%20symmetric%20key-based%20connection%20string%2C%20except%20the%20credential%20is%20fake.%20All%20that%20needs%20to%20be%20tested%20is%20the%20TLS%20handshake.%20However%2C%20if%20you%20need%20additional%20help%2C%20please%20open%20a%20support%20request%20as%20described%20in%20the%20Support%20section%20above.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Apr 07 2022 12:11 PM
Updated by: