Azure IoT Hub Baltimore Root to G2 Root migration

Hi- checking in w/ Particle Community because my setup uses Particle Integrations into Azure IoT Hub, and Microsoft is sending out notices about migrating the Azure IoT Hub root certificate from Baltimore Root to G2 Root, starting 2/15/2023 and completing by 2/15/2024.

Given that the Borons (BRN402/BRN404) that I’m using connect to Azure IoT hub through Particle Integrations, are there any steps I need to take (on Particle devices) to prepare for this migration (beyond updating certificate on the Azure IoT Hub)?

Thank you for any information!

The note applies mainly to embedded devices that directly connect to Azure IoT hub and may have fixed or non-updating root certificate chains.

That’s not the case with the Particle Azure IoT hub integration, which is cloud-based, and we do not expect any issues. It will be tested prior to the deadline to make sure, however. In the unlikely event a fix is necessary it would be on the cloud side and would not require changes to Device OS or firmware on device.


Hi Rick, thank you for following up and addressing concern- to clarify: will the referenced changes on the cloud side need to be implemented by Microsoft, Particle, and/or the Particle user (i.e., me)?

Also, the Microsoft Azure migration guide “Migrate IoT Hub resources to a new TLS certificate root” at How to migrate hub root certificate - Azure IoT Hub | Microsoft Learn has the following checklist for changeover-prep, wasn’t sure if Particle Integrations would have to be updated / modified if the IoT hub IP address changes as part of the certificate change?

Thank you again for your expertise!

The DigiCert global G2 root is almost certainly already present on the integration servers, but that will be verified. In the unlikely event that it needed to be added, that would be handled by our cloud engineers and you would not need to change anything in the integration or on the device.

The Particle - Azure IoT Hub integration is different than a direct connection, and does not keep a connection up all the time or depend on IP addresses, so the other parts won’t be a problem either.

1 Like

The validation has been completed on our side and no changes are necessary. Nothing on our side, integrations, or user firmware.

1 Like

thank you very much for following up- appreciate help and seamless transition! :+1:t3:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.