Merge pull request #194591 from meenasaravanan02/cert-management

PRMerger5 · web-flow · commit 3388b1ad15e2 · 2022-04-08T12:38:11.000-07:00
Update cluster-security-certificate-management.md
diff --git a/articles/service-fabric/cluster-security-certificate-management.md b/articles/service-fabric/cluster-security-certificate-management.md
@@ -108,7 +108,7 @@ In either case, the rotated certificate is now provisioned to all of the nodes,
   - existing connections will be kept alive/allowed to naturally expire or otherwise terminate; an internal handler will have been notified that a new match exists
 
 > [!NOTE] 
-> Prior to version 7.2.445 (7.2 CU4), Service Fabric selected the farthest expiring certificate (the certificate with the farthest 'NotAfter' property)
+> Currently (7.2 CU4+), Service Fabric selects the cert with the largest 'NotBefore' property value (most recently issued). Prior to 7.2CU4 Service Fabric picked the valid cert with the largest NotAfter (furthest expiring).
 
 This translates into the following important observations:
   - The renewal certificate may be ignored if its expiration date is sooner than that of the certificate currently in use.
