Cross Post: Windows Azure Root Certificate Migration

 

As part of our ongoing commitment to security we are making a change to our SSL certificate chain that will require a small number of customers to take action before April 15^th, 2013. Windows Azure currently uses the GTE CyberTrust Global Root and beginning on April 15^th, 2013 will migrate to the Baltimore CyberTrust Root. The new root certificate uses a stronger key length and hashing algorithm which ensures we remain consistent with industry-wide security best practices.  If your application does not accept certificates chained to both the GTE CyberTrust Global Root and the Baltimore CyberTrust Root, please take action prior to April 15^th, 2013 to avoid certificate validation errors. While we seek to minimize the need for customers to take specific action based on changes we make to the Windows Azure platform, we believe this is an important security improvement. The Baltimore CyberTrust Root can be downloaded from https://cacert.omniroot.com/bc2025.crt.

 

For more details, please refer to this official blog post