Azure – You need to review if your certificates have been issued by compliant CA

As you know, certificates are more heavily used and important than ever to protect communication between clients and services.

Well, the Certificate Authority (CA) Browser (https://cabforum.org/) members recently published a report detailing multiple certificates issued by certification authorities (CA) were out the industry standard for publicly trusted CA’s.

You can read the reports here: https://bugzilla.mozilla.org/show_bug.cgi?id=1649951 and https://bugzilla.mozilla.org/show_bug.cgi?id=1650910

As a result, CA vendors have been starting revoking non-compliant CA’s and reissuing new compliant ones.

This means if you certificate(s) have been issued by one the impacted CA’s (aka revoked/being revoked), you will have to request a re-issue certificate for your services.

You can identify if you are impacted by using the Certificate Revocation tracker ( https://misissued.com/#revoked) or the DigiCert update (https://knowledge.digicert.com/alerts/DigiCert-ICA-Replacement).

Self-issued and Bring Your Own Certificate (BYOC) can also be impacted by the revocation process.