EEVblog Electronics Community Forum

General => General Technical Chat => Topic started by: Martin F on October 29, 2019, 11:43:06 am

Title: Azure: Install custom depreciated TLS certificate on storage server
Post by: Martin F on October 29, 2019, 11:43:06 am

Hi all,

We have a number of IoT devices deployed in the field, sending data to an Azure storage endpoint.
The devices upload data via HTTPS using the Azure root endpoint certificate, which worked up until recently.

About a week ago, all devices failed to connect - and the reason was a change in the Azure root endpoint from Digicert Global Root CA to Baltimore Cybertrust Root.

Updating a device with the new certificate makes it able to connect again - but we have many devices in the field that we would manually need to update, which would take weeks. The devices are limited in regards to the number of certificates and we only installed the root certificate, not knowing that this was subject to change within a short period - we are of course now wiser.

Our question: Do you know if it's possible to install the "old" certificate as a custom TLS certificate on our Azure server, while keeping the access key, secretkey, endpoint etc. constant? This would potentially allow the IoT devices in the field to re-connect, after which we could perform remote updates.

Your inputs are appreciated,
Martin

Title: Re: Azure: Install custom depreciated TLS certificate on storage server
Post by: amyk on October 29, 2019, 12:25:52 pm

Unless it's a VM that you have in Azure, Microsoft controls those servers, not you...