Merge pull request #108027 from TimShererWithAquent/us1679050d

Change SSL to TLS per 1679050

Author: PRMerger16

articles/data-factory/create-self-hosted-integration-runtime.md

@@ -231,7 +231,7 @@ Here are the requirements for the TLS/SSL certificate that you use to secure com
 - The certificate must be a publicly trusted X509 v3 certificate. We recommend that you use certificates that are issued by a public partner certification authority (CA).
 - Each integration runtime node must trust this certificate.
 - We don't recommend Subject Alternative Name (SAN) certificates because only the last SAN item is used. All other SAN items are ignored. For example, if you have a SAN certificate whose SANs are **node1.domain.contoso.com** and **node2.domain.contoso.com**, you can use this certificate only on a machine whose fully qualified domain name (FQDN) is **node2.domain.contoso.com**.
-- The certificate can use any key size supported by Windows Server 2012 R2 for SSL certificates.
+- The certificate can use any key size supported by Windows Server 2012 R2 for TLS/SSL certificates.
 - Certificates that use CNG keys aren't supported.  
 
 > [!NOTE]

articles/data-factory/data-factory-troubleshoot-guide.md

@@ -1023,7 +1023,7 @@ To use Fiddler to create an HTTP session of the monitored web application:
 
    ![Fiddler options](media/data-factory-troubleshoot-guide/fiddler-options.png)
 
-1. If your application uses SSL certificates, add the Fiddler certificate to your device. Go to **Tools** > **Fiddler Options** > **HTTPS** > **Actions** > **Export Root Certificate to Desktop**.
+1. If your application uses TLS/SSL certificates, add the Fiddler certificate to your device. Go to **Tools** > **Fiddler Options** > **HTTPS** > **Actions** > **Export Root Certificate to Desktop**.
 
 1. Turn off capturing by going to **File** > **Capture Traffic**. Or press **F12**.
 

articles/data-factory/v1/data-factory-data-management-gateway-high-availability-scalability.md

@@ -164,7 +164,7 @@ Here are the requirements for the TLS/SSL certificate that is used for securing
   > Credential manager application is used while securely setting credential from Copy Wizard/ Azure Portal. And this can be fired from any machine within the same network as the on-premises/ private data store.
 - Wild card certificates are supported. If your FQDN name is **node1.domain.contoso.com**, you can use ***.domain.contoso.com** as subject name of the certificate.
 - SAN certificates are not recommended since only the last item of the Subject Alternative Names will be used and all others will be ignored due to current limitation. E.g. you have a SAN certificate whose SAN are **node1.domain.contoso.com** and **node2.domain.contoso.com**, you can only use this cert on machine whose FQDN is **node2.domain.contoso.com**.
-- Supports any key size supported by Windows Server 2012 R2 for SSL certificates.
+- Supports any key size supported by Windows Server 2012 R2 for TLS/SSL certificates.
 - Certificate using CNG keys are not supported.
 
 #### FAQ: When would I not enable this encryption?
@@ -240,7 +240,7 @@ When the available memory and CPU are not utilized well, but the idle capacity i
 - You cannot re-register a gateway node with the authentication key from another logical gateway to switch from the current logical gateway. To re-register, uninstall the gateway from the node, reinstall the gateway, and register it with the authentication key for the other logical gateway. 
 - If HTTP proxy is required for all your gateway nodes, set the proxy in diahost.exe.config and diawp.exe.config, and use the server manager to make sure all nodes have the same diahost.exe.config and diawip.exe.config. See [configure proxy settings](data-factory-data-management-gateway.md#configure-proxy-server-settings) section for details. 
 - To change encryption mode for node-to-node communication in Gateway Configuration Manager, delete all the nodes in the portal except one. Then, add nodes back after changing the encryption mode.
-- Use an official SSL certificate if you choose to encrypt the node-to-node communication channel. Self-signed certificate may cause connectivity issues as the same certificate may not be trusted in certifying authority list on other machines. 
+- Use an official TLS certificate if you choose to encrypt the node-to-node communication channel. Self-signed certificate may cause connectivity issues as the same certificate may not be trusted in certifying authority list on other machines. 
 - You cannot register a gateway node to a logical gateway when the node version is lower than the logical gateway version. Delete all nodes of the logical gateway from portal so that you can register a lower version node(downgrade) it. If you delete all nodes of a logical gateway, manually install and register new nodes to that logical gateway. Express setup is not supported in this case.
 - You cannot use express setup to install nodes to an existing logical gateway, which is still using cloud credentials. You can check where the credentials are stored from the Gateway Configuration Manager on the Settings tab.
 - You cannot use express setup to install nodes to an existing logical gateway, which has node-to-node encryption enabled. As setting the encryption mode involves manually adding certificates, express install is no more an option. 

articles/data-factory/v1/data-factory-data-management-gateway.md

@@ -327,7 +327,7 @@ The Settings page allows you to do the following actions:
 * View, change, and export **certificate** used by the gateway. This certificate is used to encrypt data source credentials.
 * Change **HTTPS port** for the endpoint. The gateway opens a port for setting the data source credentials.
 * **Status** of the endpoint
-* View **SSL certificate** is used for SSL communication between portal and the gateway to set credentials for data sources.
+* View **SSL certificate** is used for TLS/SSL communication between portal and the gateway to set credentials for data sources.
 
 ### Remote access from intranet
 This functionality will be enabled in the future. In the upcoming updates (v3.4 or later) we will let you enable/ disable any remote connectivity that today happens using port 8050 (see section above) while using PowerShell or Credential Manager application for encrypting credentials.

articles/data-factory/v1/data-factory-data-movement-security-considerations.md

@@ -188,7 +188,7 @@ The following cloud data stores require whitelisting of IP address of the gatewa
 **Answer:** Gateway makes HTTP-based connections to open internet. The **outbound ports 443 and 80** must be opened for gateway to make this connection. Open **Inbound Port 8050** only at the machine level (not at corporate firewall level) for Credential Manager application. If Azure SQL Database or Azure SQL Data Warehouse is used as source/ destination, then you need to open **1433** port as well. For more information, see [Firewall configurations and whitelisting IP addresses](#firewall-configurations-and-whitelisting-ip-address-of gateway) section. 
 
 **Question:** What are certificate requirements for Gateway?
-**Answer:** Current gateway requires a certificate that is used by the credential manager application for securely setting data store credentials. This certificate is a self-signed certificate created and configured by the gateway setup. You can use your own TLS/ SSL certificate instead. For more information, see [click-once credential manager application](#click-once-credentials-manager-app) section. 
+**Answer:** Current gateway requires a certificate that is used by the credential manager application for securely setting data store credentials. This certificate is a self-signed certificate created and configured by the gateway setup. You can use your own TLS/SSL certificate instead. For more information, see [click-once credential manager application](#click-once-credentials-manager-app) section. 
 
 ## Next steps
 For information about performance of copy activity, see [Copy activity performance and tuning guide](data-factory-copy-activity-performance.md).

articles/data-factory/v1/data-factory-gateway-release-notes.md

@@ -38,7 +38,7 @@ We no more maintain the Release notes here. Get latest release notes [here](http
 ## 2.10.6347.7
 ### Enhancements-
 - You can add DNS entries to whitelist service bus rather than whitelisting all Azure IP addresses from your firewall (if needed). You can find respective DNS entry on Azure portal (Data Factory -> ‘Author and Deploy’ -> ‘Gateways’ -> "serviceUrls" (in JSON)
-- HDFS connector now supports self-signed public certificate by letting you skip SSL validation.
+- HDFS connector now supports self-signed public certificate by letting you skip TLS validation.
 - Fixed: Issue with gateway offline during update (due to clock skew)
 
 

articles/data-factory/v1/data-factory-troubleshoot-gateway-issues.md

@@ -195,7 +195,7 @@ When you see this error, the settings page of Data Management Gateway Configurat
 ![Database cannot be reached](media/data-factory-troubleshoot-gateway-issues/database-cannot-be-reached.png)
 
 #### Cause
-The SSL certificate might have been lost on the gateway machine. The gateway computer cannot load the certificate currently that is used for SSL encryption. You might also see an error message in the event log that is similar to the following message.
+The TLS/SSL certificate might have been lost on the gateway machine. The gateway computer cannot load the certificate currently that is used for TLS encryption. You might also see an error message in the event log that is similar to the following message.
 
  `Unable to get the gateway settings from cloud service. Check the gateway key and the network connection. (Certificate with thumbprint cannot be loaded.)`
 
@@ -204,10 +204,10 @@ Follow these steps to solve the problem:
 
 1. Start Data Management Gateway Configuration Manager.
 2. Switch to the **Settings** tab.  
-3. Click the **Change** button to change the SSL certificate.
+3. Click the **Change** button to change the TLS/SSL certificate.
 
    ![Change certificate button](media/data-factory-troubleshoot-gateway-issues/change-button-ssl-certificate.png)
-4. Select a new certificate as the SSL certificate. You can use any SSL certificate that is generated by you or any organization.
+4. Select a new certificate as the TLS/SSL certificate. You can use any TLS/SSL certificate that is generated by you or any organization.
 
    ![Specify certificate](media/data-factory-troubleshoot-gateway-issues/specify-http-end-point.png)