Skip to content

Commit 548252d

Browse files
AbhishekMallick-MSAbhishekMallick-MS
committed
TLS updates
1 parent f83ba65 commit 548252d

File tree

1 file changed

+22
-1
lines changed

1 file changed

+22
-1
lines changed

articles/backup/transport-layer-security.md

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
title: Transport Layer Security in Azure Backup
33
description: Learn how to enable Azure Backup to use the encryption protocol Transport Layer Security (TLS) to keep data secure when being transferred over a network.
44
ms.topic: conceptual
5-
ms.date: 11/01/2020
5+
ms.date: 09/20/2022
66
---
77

88
# Transport Layer Security in Azure Backup
@@ -52,6 +52,27 @@ The following registry keys configure .NET Framework to support strong cryptogra
5252
"SchUseStrongCrypto" = dword:00000001
5353
```
5454

55+
## Azure TLS certificate changes\
56+
57+
Azure TLS/SSL endpoints now contains updated certificates chaining up to new root CAs. Ensure that the following changes include the updated root CAs. [Learn more](../security/fundamentals/tls-certificate-changes.md#what-changed) about the possible impacts on your applications.
58+
59+
Earlier, most of the TLS certificates, used by Azure services, chained up to the following Root CA:
60+
61+
Common name of CA | Thumbprint (SHA1)
62+
--- | ---
63+
[Baltimore CyberTrust Root](https://cacerts.digicert.com/BaltimoreCyberTrustRoot.crt) | d4de20d05e66fc53fe1a50882c78db2852cae474
64+
65+
Now, TLS certificates, used by Azure services, helps to chain up to one of the following Root CAs:
66+
67+
Common name of CA | Thumbprint (SHA1)
68+
--- | ---
69+
[DigiCert Global Root G2](https://cacerts.digicert.com/DigiCertGlobalRootG2.crt) | df3c24f9bfd666761b268073fe06d1cc8d4f82a4
70+
[DgiCert Global Root CA](https://cacerts.digicert.com/DigiCertGlobalRootG2.crt) | a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436
71+
[Baltimore CyberTrust Root](https://cacerts.digicert.com/BaltimoreCyberTrustRoot.crt)| d4de20d05e66fc53fe1a50882c78db2852cae474
72+
[D-TRUST Root Class 3 CA 2 2009](https://www.d-trust.net/cgi-bin/D-TRUST_Root_Class_3_CA_2_2009.crt) | 58e8abb0361533fb80f79b1b6d29d3ff8d5f00f0
73+
[Microsoft RSA Root Certificate Authority 2017](https://www.microsoft.com/pkiops/certs/Microsoft RSA Root Certificate Authority 2017.crt) | 73a5e64a3bff8316ff0edccc618a906e4eae4d74
74+
[Microsoft ECC Root Certificate Authority 2017](https://www.microsoft.com/pkiops/certs/Microsoft ECC Root Certificate Authority 2017.crt) | 999a64c37ff47d9fab95f14769891460eec4c3c5
75+
5576
## Frequently asked questions
5677

5778
### Why enable TLS 1.2?

0 commit comments

Comments
 (0)