question

JeonJune-0542 avatar image
0 Votes"
JeonJune-0542 asked AshokPeddakotla-MSFT commented

Azure IoT root CA (DigiCert Global G2) update for Azure IoT SDK

We are using AZ IoT SDK 1.3.8 with ESP32 platform.
As I noticed that as long as we use AZ IoT SDK, we do not need to update the certificate. however, the SDK includes cert.c which includes multiple root CAs.
So, my questions are :
1. do we still need to update the certificate as long as we use only IoT hub and DPS?
2. If we use other service which requires https connection, do we need to update it?

azure-iot-hubazure-iot-sdkazure-iot-dps
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JeonJune-0542 Welcome to Microsoft Q&A forum!

You have mentioned "As I noticed that as long as we use AZ IoT SDK, we do not need to update the certificate.", Could you please share the reference which mentions these lines?
azure iot sdk C has the list of Root CAs. They need to be updated when the Root CA changes.

Regarding your specific queries, Please provide more details. Certificates are always needed for the connectivity. Are you talking about renewing?
Please have a look at this article and let us know if that helps.


0 Votes 0 ·
JeonJune-0542 avatar image JeonJune-0542 AshokPeddakotla-MSFT ·

Thanks for your comment.
I read the article

In the article "If your devices use a connection stack other than the ones provided in an Azure IoT SDK, then action is required:"
So, as it said using a connection stack from AZ IoT SDK does not require to update the certificate

Please advise me the details and exact requirements.

Thanks,


0 Votes 0 ·

@JeonJune-0542
Just checking in to see if the below answer(s) helped.
If an answer is helpful, please "Accept answer" or "Up-Vote" for the same which might be beneficial to other community members reading this thread.

0 Votes 0 ·

1 Answer

AshokPeddakotla-MSFT avatar image
0 Votes"
AshokPeddakotla-MSFT answered

@JeonJune-0542 Apologies for the delay in response. Below is an update from our team on your queries.

https://github.com/Azure/azure-iot-sdk-c/pull/1971/files adds support for the DigiCert Global Root. Both RSA and ECC certs are supported with this change. Of course, you need to still validate your application and configuration of the ESP32 wifi as defined here https://techcommunity.microsoft.com/t5/internet-of-things/azure-iot-tls-critical-changes-are-almost-here-and-why-you/ba-p/2393169

Hope this helps. Do let us know if you have any further queries.

If the response is helpful, please click "Accept Answer" and upvote it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.