question

RiccardoGatti-2736 avatar image
0 Votes"
RiccardoGatti-2736 asked PM-8786 commented

SCIM application with Let’s Encrypt

Hello, I'm looking to create a new Non-Gallery Application on my Azure AD. I saw the list of the trusted CA in the guide but I have a certificate issued by the new CA of Let's Encrypt that now is ISRG Root X1 and not anymore DST Root CA X3

Is the new CA (ISRG Root X1) of Let's Encrypt certificate supported by Azure?



azure-ad-user-provisioningazure-ad-app-management
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RiccardoGatti-2736 ,
Let me check this internally and get back to you on this.

0 Votes 0 ·

1 Answer

ZollnerD avatar image
0 Votes"
ZollnerD answered PM-8786 commented

Hi @RiccardoGatti-2736 - the root CAs listed in our documentation are the only ones that are supported. We do not have any plans at this time to expand the list of root CAs.

Documentation: https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#building-a-custom-scim-endpoint

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

That's unfortunate; support for ISRG Root X1 would be useful given it's prevalence and the small number of supported root certs Azure supports for SCIM.

Hopefully Microsoft won't become stuck in the old days again with this type of requirement that doesn't allow us to grow and support what our clients request. If a client is already using Let's Encrypt forcing them to get another cert that now has to be renewed at least yearly causes friction we don't need (from a standpoint of having them use our product which supports Azure). It's interesting that other SCIM implementations don't force you into such limited certificate requirements.

Given that Let's Encrypt is supported elsewhere in Azure, hopefully you will reconsider - I mean it's been around for almost a decade. Too soon? I think they claim to be used in over 8% of all websites. That's more than some of the others you support (just behind Sectigo/Comodo and more than Go Daddy).

0 Votes 0 ·