Review Azure services certificate authorities

Photo of Louis Baetens

Written by Louis Baetens in Technology

 

Microsoft is updating its Azure services to use Transport Layer Security (TLS) certificates from a different set of Root Certificate Authorities (CAs).

Shutterstock 1464414035

If you are using an azure PAAS/SAAS solution your applications may be impacted if you explicitly specify a list of acceptable CAs (a practice known as certificate pinning). Amongst these applications it could also impact SAP systems which communicate with Azure PAAS/SAAS solutions.Azure is making this change because the current CA certificates do not comply with one of the CA/Browser Forum Baseline requirements. This was reported back in 2020 and impacts multiple popular Public Key Infrastructure (PKI) providers worldwide. Today, most of the TLS certificates used by Azure services are issued from the Baltimore CyberTrust Root PKI. Following this change, Azure services will use certificates issued by a different set of CAs (Certificate Authorities), chaining up to different Root CAs.

Please Review Microsofts documentation which describes how to check if your application is impacted, and how to mitigate it. It includes the list of all the CA’s that you must trust when using Azure services.

If you have questions, do not hesitate to contact our support team at support@expertum.net.

About the author

Photo of Louis Baetens
Louis Baetens

Louis Baetens is an IT professional with broad system and networking experience. After gaining extensive knowledge as a System Engineer, he decided to specialize within SAP BC and focus on SAP NetWeaver and SAP S/4HANA environments. He is now a skilled SAP Basis/support Consultant with an extended knowledge of SAP support for different types of SAP systems on AIX, Linux and Windows servers.

Read more articles by Louis Baetens