Azure Communication Services TLS Certificate Changes

Azure Communication Services is updating the Root Certificate Authorities (CAs) referenced in TLS certificates under *.communication.azure.com, which powers messaging, meetings, telephony, voice, and video capabilities. This change is being made because the current Root CA will expire in May 2025.

Services began transitioning to the new Root CAs beginning in January 2022 and will continue through October 2022.

The new Root CA "DigiCert Global Root G2" is widely trusted by operating systems including Windows, macOS, Android, and iOS and by browsers such as Microsoft Edge, Chrome, Safari, and Firefox. We expect that most Azure Communication Services customers will not be impacted.

However, your application may be impacted if it explicitly specifies a list of acceptable CAs. This practice is known as "certificate pinning". Customers who do not have the new Root CAs in their list of acceptable CAs will receive certificate validation errors, which may impact the availability or function of your application.

For more details on how to determine if you are affected by this change as well as the details of the new Root CAs, please refer to the technical guidance at Office TLS Certificate Changes.