Azure IoT root certificate changes

I need some assistance/advice. TLS/Root Certificates/etc is not my strong area. It appears Azure IoT is changing their Root Certificate. Azure IoT TLS: Critical changes are almost here! (…and why you should care) - Microsoft Tech Community

The actions required indicate I need to add DigiCert Global root G2 to my devices. I also need to enable SHA384. Does TinyCLR support SHA384?

Based on that document is there anything else I should be worried about.

I have a lot of devices in the field that will need to be updated remotely.

Do you know if DigiCert Global Root G2 is ready for testing now or not yet?
In TinyCLR, we see the flag SHA384 enabled but not tried on 384 yet.

In your project, where is certificate loaded? from SD/USB or from resource?

I would assume it is ready. Yesterday was the first I heard about this change. I am still confused about their timing. The email says the change is happening on July 1, 2022. But the blog says they have pushed things out to 2023. So I am a bit confused.
It appears that both certs will be valid until Sept 2023.

I currently store the Cert in flash storage. I load it over-the-air using a connection through my SIM provider Hologram. Currently, I only support 1 cert in my code I will have to do OTA updates to existing devices. I can kick off the OTA through the same connection so I don’t need Azure IoT to control the update process.

There are test endpoints available with SHA256 (see that same posting) and SHA384. The cut-over is in early 2023. I haven’t tried the new certs or hash myself yet.

1 Like