MC1184506: Finance and operations apps - Rotate SSL certificates on your cloud-hosted environments by November 15
We have determined that a subset of SSL certificates issued between July 21, 2024, and April 21, 2025, to one or more of your Dynamics 365 finance and operations Cloud-Hosted Environments (CHE) were incorrectly issued with intermediate certificates. This affected certificates from the following issuers:
- Microsoft Azure RSA TLS Issuing CA 03
- Microsoft Azure RSA TLS Issuing CA 04
- Microsoft Azure RSA TLS Issuing CA 07
- Microsoft Azure RSA TLS Issuing CA 08
On November 15, 2025, these intermediate certificates will be revoked, which will degrade your environment's functionality.
What action do I need to take?
The certificates for affected environments must be rotated before November 15, 2025, to avoid impact to your environments. To do this, first validate whether your CHE environment is utilizing an affected certificate by running the following query:Get-ChildItem -Path Cert:\LocalMachine\My |
Where-Object {
$_.Issuer -match 'Microsoft Azure RSA TLS Issuing CA (03|04|07|08)' -and
$_.NotBefore -ge (Get-Date '2024-07-21') -and
$_.NotBefore -le (Get-Date '2025-04-21')
} |
Select-Object Subject, Issuer, NotBefore, NotAfter, Thumbprint
For each affected environment, rotate the certificate by performing the following actions:
- Sign into Lifecycle Services (LCS), open your project, and navigate to Cloud Hosted Environments.
- Select an environment and click on Full Details.
- On the Environment details page, click Maintain > Rotate Secrets --> Rotate SSL Certificate.
- After rotating it, validate the new certificate chain and confirm services initiate correctly.
Why is this action needed?
The intermediate certificates assigned to affected environments will be revoked on November 15, 2025. Once it is revoked, users will begin to receive HTTPS failures, service connectivity failures, and web browser security warnings.
Please contact Microsoft Support if you need further assistance.