Azure IoT Baltimore Certificate Migration (DigiCert Global G2 Root)

General
#1

As described in the link below there is a mandatory change concerning the root certificate of Azure IoT. All devices without ‘DigiCert Global G2 Root’ will not be able to connect to the Azure Iot hub after October 2022 anymore.
My questions:

  • What actions must be done for the IoT devices running with Mongoose?
  • Does Mongoose provide an adapted ‘ca.pem’ and if so, (since) when?

Details see here:
https://techcommunity.microsoft.com/t5/internet-of-things-blog/azure-iot-tls-critical-changes-are-almost-here-and-why-you/ba-p/2393169

#2

I’m clueless about Azure, I’ve tested GCP and AWS.
Certificate is something for the broker to provide, mos tool merely acts as an intermediary to make your task easier. In the Google case, mos tool will ask for the keys and certificate; in the case of Amazon, mos tool generates the private key locally and asks AWS to sign it and to get its certificate.
Depending on how mos tool and Azure handle this, new devices may just work automagically or an update to mos tool would have to take place.
However, since your keys have to be signed by the new authority, you won’t be able to keep your old keys and will need to generate new ones, that is, you’ll probably have to run the device setup again on those devices you have already running.
If Azure provides a way for you to perform this action on its console or equivalent, you can just get your keys and certificates from them and just replace those in your device flash.
If Azure keeps the current procedure and provides the new information, mos tool won’t need to be updated.
However, as I said, I don’t use Azure so I might be missing something important, take these as my 2 cents.

#3

Thanks for your answer!
How do you see MOS after October 2022? Do you plan to provide a new ‘ca.pem’ containing the new certificate?
I think, otherwise no new customer will be able to connect to Azure and all actual customers have a serious problem.
What do you think?
Kind regards
Rolf