{"id":2032,"date":"2025-08-07T09:20:05","date_gmt":"2025-08-07T07:20:05","guid":{"rendered":"https:\/\/techlance.ddns.net\/?p=2032"},"modified":"2025-08-07T09:21:24","modified_gmt":"2025-08-07T07:21:24","slug":"tarkeita-muutoksia-app-service-hallittuihin-varmenteisiin-vaikuttaako-muutos-sinun-sertifikaattiisi","status":"publish","type":"post","link":"https:\/\/techlance.ddns.net\/en\/tarkeita-muutoksia-app-service-hallittuihin-varmenteisiin-vaikuttaako-muutos-sinun-sertifikaattiisi\/","title":{"rendered":"T\u00e4rkeit\u00e4 muutoksia App Service -hallittuihin varmenteisiin \u2013 vaikuttaako muutos sinun sertifikaattiisi?"},"content":{"rendered":"<p>\ud83d\udd12 <strong>Microsoft ilmoitti t\u00e4rkeist\u00e4 muutoksista App Service Managed Certificates (ASMC) -toimintoon<\/strong>, jotka astuvat voimaan <strong>28. hein\u00e4kuuta 2025<\/strong>. Muutokset johtuvat laajemmasta alalla tapahtuvasta siirtym\u00e4st\u00e4, jossa DigiCert \u2013 Azure App Servicen varmenneviranomainen (CA) \u2013 ottaa k\u00e4ytt\u00f6\u00f6n uuden vahvistusalustan t\u00e4ytt\u00e4\u00e4kseen <em>multi-perspective issuance corroboration<\/em> -vaatimukset (MPIC).<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Mit\u00e4 muutos tarkoittaa?<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2705 <strong>Useimmille asiakkaille ei tapahdu muutoksia<\/strong> \u2013 varmenteiden my\u00f6nt\u00e4minen ja uusiminen jatkuu normaalisti.<\/li>\n\n\n\n<li>\u26a0\ufe0f <strong>Tietyt sivustokonfiguraatiot est\u00e4v\u00e4t varmenteiden my\u00f6nt\u00e4misen tai uusimisen 28.7.2025 alkaen.<\/strong><\/li>\n\n\n\n<li>\ud83d\udd10 <strong>Aiemmin my\u00f6nnetyt varmenteet pysyv\u00e4t voimassa viimeiseen voimassaolop\u00e4iv\u00e4\u00e4ns\u00e4 asti<\/strong> (enint\u00e4\u00e4n 6 kuukautta edellisest\u00e4 uusimisesta).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Milloin t\u00e4m\u00e4 vaikuttaa sinuun?<\/h2>\n\n\n\n<p>Seuraavat tilanteet est\u00e4v\u00e4t varmenteen luomisen tai uusimisen ASMC:n kautta:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd39 Sivustosi ei ole julkisesti saavutettavissa<\/h3>\n\n\n\n<p>Jos sovellus ei ole yleisesti internetin kautta saavutettavissa (esim. k\u00e4yt\u00e4t asiakasvarmenteita, rajoitat p\u00e4\u00e4syn IP-s\u00e4\u00e4nn\u00f6ill\u00e4, k\u00e4yt\u00e4t vain private endpoint -yhteyksi\u00e4 tai palomuureja), <strong>ASMC-varmenteita ei voida my\u00f6nt\u00e4\u00e4 tai uusia<\/strong>.<\/p>\n\n\n\n<p>\ud83d\udd27 <strong>Toimi n\u00e4in:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Varmista julkinen saavutettavuus varmenteen my\u00f6nt\u00e4misen ajaksi.<\/li>\n\n\n\n<li>Jos haluat rajoittaa p\u00e4\u00e4sy\u00e4 pysyv\u00e4sti, k\u00e4yt\u00e4 omaa SSL-varmennetta ja lataa se manuaalisesti App Serviceen.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd39 K\u00e4yt\u00e4t Azure Traffic Managerin \u201cnested\u201d tai \u201cexternal\u201d endpointteja<\/h3>\n\n\n\n<p>Vain <strong>&#8221;Azure Endpoints&#8221;<\/strong> -tyypin Traffic Manager -kohteet tukevat ASMC-varmenteita.<\/p>\n\n\n\n<p>\ud83d\udd27 <strong>Toimi n\u00e4in:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Vaihda &#8221;Azure Endpoint&#8221; -tyyppiin.<\/li>\n\n\n\n<li>Tai hanki oma varmenne ja ota se k\u00e4ytt\u00f6\u00f6n manuaalisesti.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd39 Sivustosi k\u00e4ytt\u00e4\u00e4 *.trafficmanager.net -verkkotunnusta<\/h3>\n\n\n\n<p>Varmenteita ei en\u00e4\u00e4 my\u00f6nnet\u00e4 *.trafficmanager.net -p\u00e4\u00e4tteisiin.<\/p>\n\n\n\n<p>\ud83d\udd27 <strong>Toimi n\u00e4in:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Lis\u00e4\u00e4 mukautettu verkkotunnus sovelluksellesi.<\/li>\n\n\n\n<li>Ohjaa se liikenteenhallintaan ja suojaa se uudella varmenteella.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Miten tarkistat, vaikuttaako t\u00e4m\u00e4 sinuun?<\/h2>\n\n\n\n<p>Microsoft tarjoaa <strong>Azure Resource Graph (ARG)<\/strong> -kyselyj\u00e4, joilla voit tunnistaa riskiss\u00e4 olevat resurssit. Esimerkiksi:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Sivustot, joilla julkinen liikenne on estetty<\/strong><\/li>\n\n\n\n<li><strong>Sivustot, jotka k\u00e4ytt\u00e4v\u00e4t rajoittavia Traffic Manager -asetuksia<\/strong><\/li>\n\n\n\n<li>*<em>ASMC-varmenteet, jotka on liitetty .trafficmanager.net -osoitteisiin<\/em><\/li>\n<\/ul>\n\n\n\n<p>Kyselyt ja tarkemmat ohjeet l\u00f6yd\u00e4t blogikirjoituksesta ja uudesta dokumentaatiosta.<\/p>\n\n\n\n<p>\ud83d\udcc4 <strong>Uusi dokumentaatio (p\u00e4ivitetty 5.8.2025):<\/strong><br>\ud83d\udc49 <a>App Service Managed Certificate (ASMC) changes \u2013 July 28, 2025 \u2013 Microsoft Learn<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Mit\u00e4 seuraavaksi?<\/h2>\n\n\n\n<p>\u2705 <strong>Jos mik\u00e4\u00e4n yll\u00e4 mainituista tilanteista ei koske sinua, et tarvitse toimenpiteit\u00e4.<\/strong><\/p>\n\n\n\n<p>\ud83d\udccc <strong>Jos jokin skenaario t\u00e4sm\u00e4\u00e4 omaan ymp\u00e4rist\u00f6\u00f6si:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tarkista konfiguraatiot.<\/li>\n\n\n\n<li>P\u00e4ivit\u00e4 varmenteet tai siirry manuaalisiin ratkaisuihin ennen 28.7.2025.<\/li>\n\n\n\n<li>Seuraa jatkossa oppaana yll\u00e4 mainittua Microsoft Learn -sivua.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>\ud83d\udd17 Lue alkuper\u00e4inen blogikirjoitus:<br><strong><a class=\"\" href=\"https:\/\/techcommunity.microsoft.com\/t5\/apps-on-azure-blog\/important-changes-to-app-service-managed-certificates-is-your\/ba-p\/4435193\">Important Changes to App Service Managed Certificates \u2013 Is Your Certificate Affected?<\/a><\/strong><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-techlance wp-block-embed-techlance\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"vfHJrZhdYb\"><a href=\"https:\/\/techlance.ddns.net\/en\/\">Etusivu<\/a><\/blockquote><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; visibility: hidden;\" title=\"&#8221;Etusivu&#8221; &#8212; Techlance\" src=\"https:\/\/techlance.ddns.net\/embed\/#?secret=PbJWwPPARQ#?secret=vfHJrZhdYb\" data-secret=\"vfHJrZhdYb\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>\ud83d\udd12 Microsoft ilmoitti t\u00e4rkeist\u00e4 muutoksista App Service Managed Certificates (ASMC) -toimintoon, jotka astuvat voimaan 28. hein\u00e4kuuta 2025. Muutokset johtuvat laajemmasta [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[19],"tags":[14,38],"class_list":["post-2032","post","type-post","status-publish","format-standard","hentry","category-azure","tag-azure","tag-sertifikaatit"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts\/2032","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/comments?post=2032"}],"version-history":[{"count":0,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts\/2032\/revisions"}],"wp:attachment":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/media?parent=2032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/categories?post=2032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/tags?post=2032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}