Azure – You need to review if your certificates have been issued by compliant CA

As you know, certificates are more heavily used and important than ever to protect communication between clients and services.

Well, the Certificate Authority (CA) Browser (https://cabforum.org/) members recently published a report detailing multiple certificates issued by certification authorities (CA) were out the industry standard for publicly trusted CA’s.

You can read the reports here: https://bugzilla.mozilla.org/show_bug.cgi?id=1649951 and https://bugzilla.mozilla.org/show_bug.cgi?id=1650910

As a result, CA vendors have been starting revoking non-compliant CA’s and reissuing new compliant ones.

This means if you certificate(s) have been issued by one the impacted CA’s (aka revoked/being revoked), you will have to request a re-issue certificate for your services.

You can identify if you are impacted by using the Certificate Revocation tracker ( https://misissued.com/#revoked) or the DigiCert update (https://knowledge.digicert.com/alerts/DigiCert-ICA-Replacement).

Self-issued and Bring Your Own Certificate (BYOC) can also be impacted by the revocation process.

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies