redirects

asergaz · dominicbetts · commit 2ff242dee968 · 2025-05-28T14:55:28.000+01:00
diff --git a/articles/iot-operations/.openpublishing.redirection.iot-operations.json b/articles/iot-operations/.openpublishing.redirection.iot-operations.json
@@ -549,6 +549,11 @@
             "source_path_from_root": "/articles/iot-operations/reference/observability-metrics-akri.md",
             "redirect_url": "/azure/iot-operations/reference/observability-metrics-opcua-broker",
             "redirect_document_id": false
+        },
+        {
+            "source_path": "articles/iot-operations/secure-iot-ops/concept-default-root-ca.md",
+            "redirect_url": "/azure/iot-operations/secure-iot-ops/howto-manage-certificates",
+            "redirect_document_id": true
         }
     ]
 }
diff --git a/articles/iot-operations/connect-to-cloud/howto-configure-mqtt-endpoint.md b/articles/iot-operations/connect-to-cloud/howto-configure-mqtt-endpoint.md
@@ -38,7 +38,7 @@ The default endpoint uses the following settings:
 - Host: `aio-broker:18883` through the [default MQTT broker listener](../manage-mqtt-broker/howto-configure-brokerlistener.md#default-brokerlistener)
 - Authentication: service account token (SAT) through the [default BrokerAuthentication resource](../manage-mqtt-broker/howto-configure-authentication.md#default-brokerauthentication-resource)
 - TLS: Enabled
-- Trusted CA certificate: The default CA certificate `azure-iot-operations-aio-ca-trust-bundle` from the [default root CA](../deploy-iot-ops/concept-default-root-ca.md)
+- Trusted CA certificate: The default CA certificate `azure-iot-operations-aio-ca-trust-bundle` from the [default root CA](../secure-iot-ops/howto-manage-certificates.md)
 
 > [!CAUTION]
 > Don't delete the default endpoint. If you delete the default endpoint, you must recreate it with the same settings.
diff --git a/articles/iot-operations/deploy-iot-ops/concept-production-guidelines.md b/articles/iot-operations/deploy-iot-ops/concept-production-guidelines.md
@@ -40,7 +40,7 @@ Create an Arc-enabled K3s cluster that meets the system requirements.
 Consider the following measures to ensure your cluster setup is secure before deployment.
 
 * [Validate images](../secure-iot-ops/howto-validate-images.md) to ensure they're signed by Microsoft.
-* When doing TLS encryption, [bring your own issuer](../secure-iot-ops/concept-default-root-ca.md#bring-your-own-issuer) and integrate with an enterprise PKI.
+* When doing TLS encryption, [bring your own issuer](../secure-iot-ops/howto-manage-certificates.md#bring-your-own-issuer) and integrate with an enterprise PKI.
 * [Use secrets](../secure-iot-ops/howto-manage-secrets.md) for on-premises authentication.
 * Use [user-assigned managed identities](./howto-enable-secure-settings.md#set-up-a-user-assigned-managed-identity-for-cloud-connections) for cloud connections.
 * Keep your cluster and Azure IoT Operations deployment up to date with the latest patches and minor releases to get all available security and bug fixes.
diff --git a/articles/iot-operations/deploy-iot-ops/howto-deploy-iot-operations.md b/articles/iot-operations/deploy-iot-ops/howto-deploy-iot-operations.md
@@ -52,7 +52,7 @@ A cluster host:
 
 * (Optional) Prepare your cluster for observability before deploying Azure IoT Operations: [Configure observability](../configure-observability-monitoring/howto-configure-observability.md).
 
-* (Optional) Configure your own certificate authority issuer before deploying Azure IoT Operations: [Bring your own issuer](../secure-iot-ops/concept-default-root-ca.md#bring-your-own-issuer).
+* (Optional) Configure your own certificate authority issuer before deploying Azure IoT Operations: [Bring your own issuer](../secure-iot-ops/howto-manage-certificates.md#bring-your-own-issuer).
 
 ## Deploy
 
diff --git a/articles/iot-operations/deploy-iot-ops/howto-prepare-cluster.md b/articles/iot-operations/deploy-iot-ops/howto-prepare-cluster.md
@@ -245,7 +245,7 @@ Then, once you have an Azure Arc-enabled Kubernetes cluster, you can [deploy Azu
 At this point, when you have an Azure Arc-enabled Kubernetes cluster but before you deploy Azure IoT Operations to it, you might want to configure your cluster for advanced scenarios.
 
 * If you want to enable observability features on the cluster, follow the steps in [Deploy observability resources and set up logs](../configure-observability-monitoring/howto-configure-observability.md).
-* If you want to configure your own certificate issuer on the cluster, follow the steps in [Certificate management > Bring your own issuer](../secure-iot-ops/concept-default-root-ca.md#bring-your-own-issuer).
+* If you want to configure your own certificate issuer on the cluster, follow the steps in [Certificate management > Bring your own issuer](../secure-iot-ops/howto-manage-certificates.md#bring-your-own-issuer).
 
 ## Next steps
 
diff --git a/articles/iot-operations/discover-manage-assets/howto-configure-opcua-certificates-infrastructure.md b/articles/iot-operations/discover-manage-assets/howto-configure-opcua-certificates-infrastructure.md
@@ -20,7 +20,7 @@ Based on the [OPC UA specification](https://reference.opcfoundation.org/), the c
 
 The connector for OPC UA must trust the OPC UA servers it connects to. The connector maintains a list of trusted certificates. To learn more, see:
 
-- [Certificate management for Azure IoT Operations](../secure-iot-ops/concept-default-root-ca.md) - this article describes how Azure IoT Operations uses Azure Key Vault to manage certificates.
+- [Certificate management for Azure IoT Operations](../secure-iot-ops/howto-manage-certificates.md) - this article describes how Azure IoT Operations uses Azure Key Vault to manage certificates.
 - [OPC UA certificates infrastructure for the connector for OPC UA](overview-opcua-broker-certificates-management.md) - this article describes the roles of the trusted certificates list and issuer certificates list.
 
 ## Prerequisites
diff --git a/articles/iot-operations/manage-mqtt-broker/howto-configure-brokerlistener.md b/articles/iot-operations/manage-mqtt-broker/howto-configure-brokerlistener.md
@@ -206,7 +206,7 @@ To create a new listener, specify the following settings:
 This example shows how to create a new listener with the `LoadBalancer` service type. The BrokerListener resource defines two ports that accept MQTT connections from clients.
 
 - The first port listens on port 1883 without TLS and authentication. This setup is suitable for testing only. [Don't use this configuration in production](./howto-test-connection.md#only-turn-off-tls-and-authentication-for-testing).
-- The second port listens on port 8883 with TLS and authentication enabled. Only [authenticated clients with a Kubernetes service account token](./howto-configure-authentication.md#default-brokerauthentication-resource) can connect. TLS is set to [automatic mode](#enable-tls-automatic-certificate-management-for-a-port), using cert-manager to manage the server certificate from the [default issuer](../secure-iot-ops/concept-default-root-ca.md#default-self-signed-issuer-and-root-ca-certificate-for-tls-server-certificates). This setup is closer to a production configuration.
+- The second port listens on port 8883 with TLS and authentication enabled. Only [authenticated clients with a Kubernetes service account token](./howto-configure-authentication.md#default-brokerauthentication-resource) can connect. TLS is set to [automatic mode](#enable-tls-automatic-certificate-management-for-a-port), using cert-manager to manage the server certificate from the [default issuer](../secure-iot-ops/howto-manage-certificates.md#default-self-signed-issuer-and-root-ca-certificate-for-tls-server-certificates). This setup is closer to a production configuration.
 
 # [Portal](#tab/portal)
 
@@ -750,7 +750,7 @@ Remember to specify authentication methods if needed.
 
 ### Default root CA and issuer
 
-To help you get started, IoT Operations is deployed with a default "quickstart" CA certificate and issuer for TLS server certificates. You can use this issuer for development and testing. For more information, see [Default root CA and issuer for TLS server certificates](../deploy-iot-ops/concept-default-root-ca.md).
+To help you get started, IoT Operations is deployed with a default "quickstart" CA certificate and issuer for TLS server certificates. You can use this issuer for development and testing. For more information, see [Default root CA and issuer for TLS server certificates](../secure-iot-ops/howto-manage-certificates.md).
 
 For production, you must configure a CA issuer with a certificate from a trusted CA, as described in the previous sections.
 
diff --git a/articles/iot-operations/secure-iot-ops/howto-manage-certificates.md b/articles/iot-operations/secure-iot-ops/howto-manage-certificates.md
diff --git a/articles/iot-operations/toc.yml b/articles/iot-operations/toc.yml
@@ -46,7 +46,7 @@ items:
     - name: Secure your deployment
       items:
       - name: Manage certificates
-        href: secure-iot-ops/concept-default-root-ca.md
+        href: secure-iot-ops/howto-manage-certificates.md
         displayName: TLS, X.509, certificate, root CA, self-signed, trusted CA, CA, issuer, cert-manager, trust-manager
       - name: Manage secrets
         href: secure-iot-ops/howto-manage-secrets.md

Original file line number	Diff line number	Diff line change
`@@ -549,6 +549,11 @@`
`549`	`549`	`"source_path_from_root": "/articles/iot-operations/reference/observability-metrics-akri.md",`
`550`	`550`	`"redirect_url": "/azure/iot-operations/reference/observability-metrics-opcua-broker",`
`551`	`551`	`"redirect_document_id": false`
	`552`	`+ },`
	`553`	`+ {`
	`554`	`+ "source_path": "articles/iot-operations/secure-iot-ops/concept-default-root-ca.md",`
	`555`	`+ "redirect_url": "/azure/iot-operations/secure-iot-ops/howto-manage-certificates",`
	`556`	`+ "redirect_document_id": true`
`552`	`557`	`}`
`553`	`558`	`]`
`554`	`559`	`}`