Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Baltimore CyberTrust Root CA Migration #2531

Closed
Tintin4000 opened this issue Mar 21, 2023 · 1 comment
Closed

Baltimore CyberTrust Root CA Migration #2531

Tintin4000 opened this issue Mar 21, 2023 · 1 comment
Assignees
@CIPop
Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. IoT question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@Tintin4000
Copy link

I have been notified by Microsoft Azure team that the Baltimore certificate will be retiring in favour of DigiCert Global G2 Root, is this something that you are planning to do to avoid any disruption of service?
@ghost ghost added needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Mar 21, 2023
@RickWinter RickWinter added the IoT label Mar 29, 2023
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Mar 29, 2023
@CIPop
Copy link
Member

CIPop commented Mar 30, 2023

That is correct: we have made the announcement in 2021 (e.g., see pinned issue #1777 at https://github.com/Azure/azure-sdk-for-c/issues).

All devices must have the ability to upgrade any component part of the secure communication with our services to ensure continuous connectivity:

  1. Information used to authenticate the remote Azure servers:
    1. Certification Authorities such as Baltimore, DigiCert and Microsoft RSA CA.
    2. Azure Device Update Root Keys
  2. Information used to authenticate the device (to Azure servers) - we always recommend having at least a backup (primary/secondary):
    1. Shared Access Keys (used for SAS)
    2. X.509 certificate
  3. TLS stack configuration (e.g. buffer sizes unless they are configured to the RFC defaults) or cipher-suites

In the absence of a continuous connection for firmware updates (e.g. the device is shelved, or communications are unavailable for very long periods of time), we provide a reference implementation of a device recovery service that can be hosted on Azure services:

https://github.com/Azure-Samples/iot-middleware-freertos-samples/tree/main/demos/projects/ESPRESSIF/az-ca-recovery

@CIPop CIPop closed this as completed Mar 30, 2023
@github-actions github-actions bot locked and limited conversation to collaborators Jun 28, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@CIPop CIPop

Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. IoT question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@RickWinter @CIPop @Tintin4000