Azure Active Directory 使用的证书颁发机构Certificate authorities used by Azure Active Directory

重要

此页中的信息仅与用于显式指定可接受证书颁发机构 (CA) 列表的实体相关。The information in this page is relevant only to entities that explicitly specify a list of acceptable Certificate Authorities (CAs). 除非没有其他选择,否则应该避免这种被称为证书固定的做法。This practice, known as certificate pinning, should be avoided unless there are no other options.

尝试通过 TLS/SSL 协议访问 Azure Active Directory (Azure AD) 标识服务的任何实体都将获得下列 CA 提供的证书。Any entity trying to access Azure Active Directory (Azure AD) identity services via the TLS/SSL protocols will be presented with certificates from the CAs listed below. 如果该实体信任那些 CA,它可以使用这些证书来验证标识和标识服务的合法性并建立安全连接。If the entity trusts those CAs, it may use the certificates to verify the identity and legitimacy of the identity services and establish secure connections.

证书颁发机构可以划分为根 CA 和中间 CA。Certificate Authorities can be classified into root CAs and intermediate CAs. 通常,根 CA 具有一个或多个关联的中间 CA。Typically, root CAs have one or more associated intermediate CAs. 本文列出了 Azure AD 标识服务使用的根 CA 以及其中每一个根 CA 所关联的中间 CA。This article lists the root CAs used by Azure AD identity services and the intermediate CAs associated with each of those roots. 对于每个 CA,我们都会提供统一资源标识符 (URI),以用于下载关联的颁发机构信息访问 (AIA) 文件和证书吊销列表分发点 (CDP) 文件。For each CA, we include Uniform Resource Identifiers (URIs) to download the associated Authority Information Access (AIA) and the Certificate Revocation List Distribution Point (CDP) files. 在适当的时候,我们还会提供联机证书状态协议 (OCSP) 终结点的 URI。When appropriate, we also provide a URI to the Online Certificate Status Protocol (OCSP) endpoint.

Azure 中国世纪互联云中使用的 CACAs used in Azure China 21Vianet cloud

DigiCert 全局根 CADigiCert Global Root CA

根 CARoot CA 序列号Serial Number 颁发日期 到期日期Issue Date Expiration Date SHA1 指纹SHA1 Thumbprint URIURIs
DigiCert 全局根 CADigiCert Global Root CA 083be056904246b 1a1756ac95991c74a083be056904246b 1a1756ac95991c74a 2006 年 11 月 9 日Nov. 9, 2006
2031 年 11 月 9 日Nov. 9, 2031
a8985d3a65e5e5c4b2d7 d66d40c6dd2fb19c5436a8985d3a65e5e5c4b2d7 d66d40c6dd2fb19c5436 CDPCDP
OCSPOCSP

关联的中间 CAAssociated Intermediate CA

颁发 CA 和中间 CAIssuing and Intermediate CA 序列号Serial Number 颁发日期 到期日期Issue Date Expiration Date SHA1 指纹SHA1 Thumbprint URIURIs
DigiCert 基本 RSA CN CA G2DigiCert Basic RSA CN CA G2 02f7e1f982bad 009aff47dc95741b2f602f7e1f982bad 009aff47dc95741b2f6 2020 年 3 月 4 日March 4, 2020
2030 年 3 月 4 日March 4, 2030
4d1fa5d1fb1ac3917c08e 43f65015e6aea5711794d1fa5d1fb1ac3917c08e 43f65015e6aea571179 AIAAIA
CDPCDP
OCSPOCSP

后续步骤Next Steps

了解 Microsoft 365 加密链Learn about Microsoft 365 Encryption chains