Skip to content

Commit c3b4acc

Browse files
author
Joshua McCarthy
committed
moving things around
1 parent b121117 commit c3b4acc

File tree

1 file changed

+1
-4
lines changed

1 file changed

+1
-4
lines changed

includes/virtual-machines-imds.md

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1181,7 +1181,7 @@ The `nonce` in the signed document can be compared if you provided a `nonce` par
11811181
11821182
In cases where the intermediate certificate can't be downloaded due to network constraints during validation, you can pin the intermediate certificate. Azure rolls over the certificates, which is standard PKI practice. You must update the pinned certificates when rollover happens. Whenever a change to update the intermediate certificate is planned, the Azure blog is updated, and Azure customers are notified.
11831183

1184-
You can find the intermediate certificates in the [PKI repository](https://www.microsoft.com/pki/mscorp/cps/default.htm). The intermediate certificates for each of the regions can be different.
1184+
You can find the intermediate certificates on [this page](../articles/security/fundamentals/azure-CA-details.md). The intermediate certificates for each of the regions can be different.
11851185

11861186
> [!NOTE]
11871187
> The intermediate certificate for Azure China 21Vianet will be from DigiCert Global Root CA, instead of Baltimore.
@@ -1190,9 +1190,6 @@ If you pinned the intermediate certificates for Azure China as part of a root ch
11901190
> [!NOTE]
11911191
> Starting February 2022, our Attested Data certificates will be impacted by a TLS change. Due to this, the root CA will change from Baltimore CyberTrust to DigiCert Global G2 only for Public and US Government clouds. If you have the Baltimore CyberTrust cert or other intermediate certificates listed in **[this post](https://techcommunity.microsoft.com/t5/azure-governance-and-management/azure-instance-metadata-service-attested-data-tls-critical/ba-p/2888953)** pinned, please follow the instructions listed there **immediately** to prevent any disruptions from using the Attested Data endpoint.
11921192
1193-
> [!NOTE]
1194-
> For a list of intermediate certificates, please reference **[this page](../articles/security/fundamentals/azure-CA-details.md)**.
1195-
11961193
## Managed identity
11971194

11981195
A managed identity, assigned by the system, can be enabled on the VM. You can also assign one or more user-assigned managed identities to the VM.

0 commit comments

Comments
 (0)