Our parent company are having issues in UKSouth but we're spread across UKSouth and UKWest and not seeing any issues. Apparently Functionapps also having issues, but we're seeing nothing at the moment.
Unlikely. Microsoft operates their own CAs. Although some of their CAs have been cross-signed by DigiCert, Microsoft is responsible for the domain validation.
The end-entity certificates I see for microsoft.com, azure.microsoft.com, portal.azure.com are all issued by:
C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 0X [where X varies]
In any case, I just analyzed DigiCert's CRLs and it doesn't look like they've done many revocations yet. These are the only CT-logged certs revoked in the last 24 hours with reason code 4 (required when domain validation is done improperly):
Interestingly enough, accessing the Azure Portal from Firefox was OK, while Edge failed. I'm not sure what Edge's default DNS settings are, but after switching to 1.1.1.1 DoH, the portal also loaded.
That means the outage was either short-lived (doubtful, as it's not 9AM in Seattle yet, and Microsoft outages typically only start to get resolved around that time, weekdays only, mind you), or that... shockingly... it was DNS.
23 comments
[ 2.5 ms ] story [ 62.3 ms ] threadIt's been like it since around 11am (UK Time, its now 2:53pm)
We're a UK Government department, and have been unable to serve any of our pages covered by Azure Front Door since then.
This has probably caused quite a few on-the-ground struggles for our users and caseworkers.
> The web page at https://portal.azure.com/ might be temporarily down or it may have moved permanently to a new web address.
Could it be potentially related to this?
The intermediate CAs which issue the end-entity certificates are operated by Microsoft.
Figuring out who truly issued a certificate is tricky business: https://www.agwa.name/blog/post/the_certificate_issuer_field...
root issuer: CN = DigiCert Global Root CA OU = www.digicert.com O = DigiCert Inc C = US
intermediate issuer: CN = DigiCert Global Root CA OU = www.digicert.com O = DigiCert Inc C = US
server certificate issuer: CN = DigiCert SHA2 Secure Server CA O = DigiCert Inc C = US
The end-entity certificates I see for microsoft.com, azure.microsoft.com, portal.azure.com are all issued by:
C = US, O = Microsoft Corporation, CN = Microsoft Azure RSA TLS Issuing CA 0X [where X varies]
In any case, I just analyzed DigiCert's CRLs and it doesn't look like they've done many revocations yet. These are the only CT-logged certs revoked in the last 24 hours with reason code 4 (required when domain validation is done improperly):
https://gist.github.com/AGWA/2d22a1a94ef80ccdb38e3248323f434...
I don't see any Microsoft/Azure domains in that list.
That means the outage was either short-lived (doubtful, as it's not 9AM in Seattle yet, and Microsoft outages typically only start to get resolved around that time, weekdays only, mind you), or that... shockingly... it was DNS.
https://azure.status.microsoft
Meanwhile my pi continues serving what it needs to do unabated.