Service | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
active-directory-b2c | B2clogin | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/b2clogin.md | -## What endpoints does this apply to +## What endpoints does this changes apply to The transition to b2clogin.com only applies to authentication endpoints that use Azure AD B2C policies (user flows or custom policies) to authenticate users. These endpoints have a `<policy-name>` parameter, which specifies the policy Azure AD B2C should use. [Learn more about Azure AD B2C policies](technical-overview.md#identity-experiences-user-flows-or-custom-policies). With Azure AD B2C [custom domain](./custom-domain.md) the corresponding updated Some customers use the shared capabilities of Microsoft Entra enterprise tenants. For example, acquiring an access token to call the [MS Graph API](microsoft-graph-operations.md#code-discussion) of the Azure AD B2C tenant. -All endpoints, which don't contain a policy parameter aren't affected by the change. They're accessed only with the Microsoft Entra ID's login.microsoftonline.com endpoints, and can't be used with the *b2clogin.com*, or custom domains. The following example shows a valid token endpoint of the Microsoft identity platform: +This change doesn't affect all endpoints, which don't contain a policy parameter in the URL. They're accessed only with the Microsoft Entra ID's login.microsoftonline.com endpoints, and can't be used with the *b2clogin.com*, or custom domains. The following example shows a valid token endpoint of the Microsoft identity platform: ```http https://login.microsoftonline.com/<tenant-name>.onmicrosoft.com/oauth2/v2.0/token There are several modifications you might need to make to migrate your applicati * Change the redirect URL in your identity provider's applications to reference *b2clogin.com*, or custom domain. For more information, follow the [change identity provider redirect URLs](#change-identity-provider-redirect-urls) guidance. * Update your Azure AD B2C applications to use *b2clogin.com*, or custom domain in their user flow and token endpoint references. The change may include updating your use of an authentication library like Microsoft Authentication Library (MSAL).-* Update any **Allowed Origins** that you've defined in the CORS settings for [user interface customization](customize-ui-with-html.md). +* Update any **Allowed Origins** that you define in the CORS settings for [user interface customization](customize-ui-with-html.md). ## Change identity provider redirect URLs For migrating Azure API Management APIs protected by Azure AD B2C, see the [Migr ### MSAL.NET ValidateAuthority property -If you're using [MSAL.NET][msal-dotnet] v2 or earlier, set the **ValidateAuthority** property to `false` on client instantiation to allow redirects to *b2clogin.com*. Setting this value to `false` isn't required for MSAL.NET v3 and above. +If you're using [MSAL.NET][msal-dotnet] v2 or earlier, set the **ValidateAuthority** property to `false` on client instantiation to allow redirects to *b2clogin.com*. Setting this value to `false` isn't required for MSAL.NET v3 and later. ```csharp ConfidentialClientApplication client = new ConfidentialClientApplication(...); // Can also be PublicClientApplication |
active-directory-b2c | Client Credentials Grant Flow | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/client-credentials-grant-flow.md | In the client credentials flow, permissions are granted directly to the applicat ## App registration overview -To enable your app to sign in with client credentials and call a web API, you register two applications in the Azure AD B2C directory. +To enable your app to sign in with client credentials, then call a web API, you register two applications in the Azure AD B2C directory. - The **application** registration enables your app to sign in with Azure AD B2C. The app registration process generates an *application ID*, also known as the *client ID*, which uniquely identifies your app. You also create a *client secret*, which your app uses to securely acquire the tokens. The app architecture and registrations are illustrated in the following diagram: ## Step 1: Register the web API app -In this step you register the web API (**App 2**) with its scopes. Later you'll grant your application (**App 1**) permission to those scopes. If you already have such app registration, skip to the next step [Step 1.1 Define web API roles (scopes)](#step-11-define-web-api-roles-scopes). +In this step, you register the web API (**App 2**) with its scopes. Later, you grant your application (**App 1**) permission to those scopes. If you already have such an app registration, skip this step, then move to the next one, [Step 1.1 Define web API roles (scopes)](#step-11-define-web-api-roles-scopes). [!INCLUDE [active-directory-b2c-app-integration-register-api](../../includes/active-directory-b2c-app-integration-register-api.md)] ### Step 1.1 Define web API roles (scopes) -In this step you configure the web API **Application ID URI**, then define **App roles**. The app *roles*, used by the OAuth 2.0 *scopes* and defined on an application registration representing your API. Your application uses the Application ID URI with the `.default` scope. To define app roles, follow these steps: +In this step, you configure the web API **Application ID URI**, then define **App roles**. The app *roles*, used by the OAuth 2.0 *scopes* and defined on an application registration representing your API. Your application uses the Application ID URI with the `.default` scope. To define app roles, follow these steps: 1. Select the web API that you created, for example *my-api1*. 1. Under **Manage**, select **Expose an API**. In this step you configure the web API **Application ID URI**, then define **App 1. Under **Manage**, select **Manifest** to open the application manifest editor. In the editor, locate the `appRoles` setting, and define app roles that target `applications`. Each app role definition must have a global unique identifier (GUID) for its `id` value. Generate -a new GUID by running `new-guid`command in the Microsoft PowerShell, or an [online GUID generator](https://www.bing.com/search?q=online+guid+generator). The `value` property of each app role definition will appear in the scope, the `scp` claim. The `value` property +a new GUID by running `new-guid`command in the Microsoft PowerShell, or an [online GUID generator](https://www.bing.com/search?q=online+guid+generator). The `value` property of each app role definition appears in the scope, the `scp` claim. The `value` property can't contain spaces. The following example demonstrates two app roles, read and write: ```json To enable your app to sign in with Azure AD B2C using client credentials flow, y If you're using an existing app, make sure the app's `accessTokenAcceptedVersion` is set to `2`: 1. In the Azure portal, search for and select **Azure AD B2C**. -1. Select **App registrations**, and then select the your existing app from the list. +1. Select **App registrations**, and then select your existing app from the list. 1. In the left menu, under **Manage**, select **Manifest** to open the manifest editor. 1. Locate the `accessTokenAcceptedVersion` element, and set its value to `2`. 1. At the top of the page, select **Save** to save the changes. Create a client secret for the registered application. Your app uses the client 1. Select **New client secret**. 1. In the **Description** box, enter a description for the client secret (for example, *clientsecret1*). 1. Under **Expires**, select a duration for which the secret is valid, and then select **Add**.-1. Record the secret's **Value**. You'll use this value for configuration in a later step. +1. Record the secret's **Value**. You use this value for configuration in a later step. ![Screenshot shows how to copy the application secret.](./media/client-credentials-grant-flow/copy-application-secret.png) There are no specific actions to enable the client credentials for user flows or The actual POST request looks like the following example: +**Request**: ```https POST /<tenant-name>.onmicrosoft.com/B2C_1A_SUSI/oauth2/v2.0/token HTTP/1.1 Host: <tenant-name>.b2clogin.com Content-Type: application/x-www-form-urlencoded -grant_type=client_credentials&client_id=33333333-0000-0000-0000-000000000000&client_secret=FyX7Q~DuPJ...&scope=https%3A%2F%2Fcontoso.onmicrosoft.com%2Fapi%2F.default +grant_type=client_credentials +&client_id=33333333-0000-0000-0000-000000000000 +&client_secret=FyX7Q~DuPJ... +&scope=https%3A%2F%2Fcontoso.onmicrosoft.com%2Fapi%2F.default ``` +**Response**: + ```json { "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlBFcG5OZDlnUkNWWUc2dUs...", |
active-directory-b2c | Configure Tokens | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/configure-tokens.md | |
active-directory-b2c | Custom Email Sendgrid | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-email-sendgrid.md | Custom email verification requires the use of a third-party email provider like If you don't already have one, start by setting up a SendGrid account. For setup instructions, see the [Create a SendGrid Account](https://docs.sendgrid.com/for-developers/partners/microsoft-azure-2021#create-a-sendgrid-account) section of [How to send email using SendGrid with Azure](https://docs.sendgrid.com/for-developers/partners/microsoft-azure-2021#create-a-twilio-sendgrid-accountcreate-a-twilio-sendgrid-account). -Be sure to complete the section in which you [create a SendGrid API key](https://docs.sendgrid.com/for-developers/partners/microsoft-azure-2021#to-find-your-sendgrid-api-key). Record the API key for use in a later step. +Make sure you complete the section in which you [create a SendGrid API key](https://docs.sendgrid.com/for-developers/partners/microsoft-azure-2021#to-find-your-sendgrid-api-key). Record the API key for use in a later step. > [!IMPORTANT] > SendGrid offers customers the ability to send emails from shared IP and [dedicated IP addresses](https://docs.sendgrid.com/ui/account-and-settings/dedicated-ip-addresses). When using dedicated IP addresses, you need to build your own reputation properly with an IP address warm-up. For more information, see [Warming Up An Ip Address](https://docs.sendgrid.com/ui/sending-email/warming-up-an-ip-address). Next, store the SendGrid API key in an Azure AD B2C policy key for your policies 1. Sign in to the [Azure portal](https://portal.azure.com). 1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu.-1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. +1. In the top-left corner of the Azure portal, choose **All services**, and then search for and select **Azure AD B2C**. 1. On the Overview page, select **Identity Experience Framework**. 1. Select **Policy Keys** and then select **Add**. 1. For **Options**, choose **Manual**. With a SendGrid account created and SendGrid API key stored in an Azure AD B2C p 1. On the SendGrid site, open the [transactional templates](https://sendgrid.com/dynamic_templates) page and select **Create a Dynamic Template**. 1. Enter a unique template name like `Verification email` and then select **Create**.-1. To begin editing your new template, select the template i.e. `Verification email`, then select **Add Version**. +1. To begin editing your new template, select the template that is, `Verification email`, then select **Add Version**. 1. Select **Blank Template** and then **Code Editor**.-1. In the HTML editor, paste following HTML template or use your own. The `{{otp}}` and `{{email}}` parameters will be replaced dynamically with the one-time password value and the user email address. +1. In the HTML editor, paste following HTML template or use your own. The `{{otp}}` and `{{email}}` parameters are replaced dynamically with the one-time password value and the user email address. ```html <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> With a SendGrid account created and SendGrid API key stored in an Azure AD B2C p </html> ``` -1. Expand **Settings** on the left, and for **Version Name**, enter a template version. +1. Expand **Settings** menu, and for **Version Name**, enter a template version. 1. For **Subject**, enter `{{subject}}`.-1. A the top of the page, select **Save**. +1. Select **Save**. 1. Return to the **Transactional Templates** page by selecting the back arrow. 1. Record the **ID** of template you created for use in a later step. For example, `d-989077fbba9746e89f3f6411f596fb96`. You specify this ID when you [add the claims transformation](#add-the-claims-transformation). These claims types are necessary to generate and verify the email address using ## Add the claims transformation -Next, you need a claims transformation to output a JSON string claim that will be the body of the request sent to SendGrid. +Next, you need a claims transformation to output a JSON string claim that forms the body of the request sent to SendGrid. The JSON object's structure is defined by the IDs in dot notation of the InputParameters and the TransformationClaimTypes of the InputClaims. Numbers in the dot notation imply arrays. The values come from the InputClaims' values and the InputParameters' "Value" properties. For more information about JSON claims transformations, see [JSON claims transformations](json-transformations.md). Below the claims transformations within `<BuildingBlocks>`, add the following [C ## Create a DisplayControl -A verification display control is used to verify the email address with a verification code that's sent to the user. +A verification display control is used to verify the email address with a verification code that the user receives. This example display control is configured to: To localize the email, you must send localized strings to SendGrid, or your emai 1. In your policy, define the following string claims: subject, message, codeIntro, and signature. 1. Define a [GetLocalizedStringsTransformation](string-transformations.md) claims transformation to substitute localized string values into the claims from step 1. 1. Change the `GenerateEmailRequestBody` claims transformation to use input claims with the following XML snippet.-1. Update your SendGrid template to use dynamic parameters in place of all the strings that will be localized by Azure AD B2C. +1. Update your SendGrid template to use dynamic parameters in place of all the strings that Azure AD B2C localizes. ```xml <ClaimsTransformation Id="GetLocalizedStringsForEmail" TransformationMethod="GetLocalizedStringsTransformation"> The Localization element allows you to support multiple locales or languages in ## Next steps -- You can find an example of [Custom email verification - DisplayControls custom policy](https://github.com/azure-ad-b2c/samples/tree/master/policies/custom-email-verifcation-displaycontrol/policy/SendGrid) on GitHub.-- For information about using a custom REST API or any HTTP-based SMTP email provider, see [Define a RESTful technical profile in an Azure AD B2C custom policy](restful-technical-profile.md).+- Find an example of [Custom email verification - DisplayControls custom policy](https://github.com/azure-ad-b2c/samples/tree/master/policies/custom-email-verifcation-displaycontrol/policy/SendGrid) on GitHub. +- Learn how to use a custom REST API or any HTTP-based SMTP email provider, see [Define a RESTful technical profile in an Azure AD B2C custom policy](restful-technical-profile.md). ::: zone-end |
active-directory-b2c | Custom Policies Series Call Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-call-rest-api.md | -Azure Active Directory B2C (Azure AD B2C) custom policy allows you to interact with application logic that's implemented outside of Azure AD B2C. To do so, you make an HTTP call to an endpoint. Azure AD B2C custom policies provide RESTful technical profile for this purpose. By using this capability, you can implement features that aren't available within Azure AD B2C custom policy. +Azure Active Directory B2C (Azure AD B2C) custom policy allows you to interact with application logic that you implement outside of Azure AD B2C. To do so, you make an HTTP call to an endpoint. Azure AD B2C custom policies provide RESTful technical profile for this purpose. By using this capability, you can implement features that aren't available within Azure AD B2C custom policy. In this article, you learn how to: In this article, you learn how to: ## Scenario overview -In [Create branching in user journey by using Azure AD B2C custom policies](custom-policies-series-branch-user-journey.md), users who select *Personal Account* need to provide a valid invitation access code to proceed. We use a static access code, but real world apps don't work this way. If the service that issues the access codes is external to your custom policy, you must make a call to that service, and pass the access code input by the user for validation. If the access code is valid, the service returns an HTTP `200 OK` response, and Azure AD B2C issues JWT token. Otherwise, the service returns an HTTP `409 Conflict` response, and the user must re-enter an access code. +In [Create branching in user journey by using Azure AD B2C custom policies](custom-policies-series-branch-user-journey.md), users who select *Personal Account* need to provide a valid invitation access code to proceed. We use a static access code, but real world apps don't work this way. If the service that issues the access codes is external to your custom policy, you must make a call to that service, and pass the access code input by the user for validation. If the access code is valid, the service returns an HTTP `200 OK` response, and Azure AD B2C issues JWT token. Otherwise, the service returns an HTTP `409 Conflict` response, and the user must reenter an access code. :::image type="content" source="media/custom-policies-series-call-rest-api/screenshot-of-call-rest-api-call.png" alt-text="A flowchart of calling a R E S T A P I."::: In [Create branching in user journey by using Azure AD B2C custom policies](cust ## Step 1 - Create and deploy a Node.js app -You need to deploy an app, which will serve as your external app. Your custom policy then makes an HTTP call to this app. +You need to deploy an app, which serves as your external app. Your custom policy then makes an HTTP call to this app. ### Step 1.1 - Create the Node.js app You need to deploy an app, which will serve as your external app. Your custom po 1. To test the app works as expected, use the following steps: 1. In your terminal, run the `node index.js` command to start your app server. - 1. To make a POST request similar to the one shown below, you can use an HTTP client such as [Microsoft PowerShell](/powershell/scripting/overview) or [Postman](https://www.postman.com/): + 1. To make a POST request similar to the one shown in this example, you can use an HTTP client such as [Microsoft PowerShell](/powershell/scripting/overview) or [Postman](https://www.postman.com/): ```http POST http://localhost/validate-accesscode HTTP/1.1 At this point, you're ready to deploy your Node.js app. ### Step 1.2 - Deploy the Node.js app in Azure App Service -For your custom policy to reach your Node.js app, it needs to be reachable, so, you need deploy it. In this article, you'll deploy the app by using [Azure App Service](../app-service/overview-vnet-integration.md), but you use an alternative hosting approach. +For your custom policy to reach your Node.js app, it needs to be reachable, so, you need deploy it. In this article, you deploy the app by using [Azure App Service](../app-service/overview-vnet-integration.md), but you use an alternative hosting approach. Follow the steps in [Deploy your app to Azure](../app-service/quickstart-nodejs.md#deploy-to-azure) to deploy your Node.js app to Azure. For the **Name** of the app, use a descriptive name such as `custompolicyapi`. Hence: From the protocol, you can observe that we configure the Technical Profile to us - `AuthenticationType` specifies the type of authentication that the RESTful claims provider performs. Our RESTful claims provider calls an unprotected endpoint, so we set our `AuthenticationType` to *None*. If you set authentication type to `Bearer`, you need to add a *CryptographicKeys* element, which specifies the storage for your access token. Learn more about [the types of authentication that the RESTful claims provider supports](restful-technical-profile.md#metadata). -- The *PartnerClaimType* attribute in the `InputClaim` specifies how you'll receive your data in the API. +- The *PartnerClaimType* attribute in the `InputClaim` specifies how you receive your data in the API. ### Step 2.2 - Update validation technical profile Make sure your Node.js app is running, and then follow the steps in [Upload cust Follow the steps in [Test the custom policy](custom-policies-series-validate-user-input.md#step-6test-the-custom-policy) to test your custom policy: 1. For **Account Type**, select **Personal Account**-1. Enter the rest of the details as required, and then select **Continue**. You'll see a new screen. -1. For **Access Code**, enter *88888*, and then select **Continue**. After the policy finishes execution, you're redirected to `https://jwt.ms`, and you see a decoded JWT token. If you repeat the procedure, and enter a different **Access Code**, other than *88888*, you'll see an error, **The access code you entered is incorrect. Please try again.** +1. Enter the rest of the details as required, and then select **Continue**. You see a new screen. +1. For **Access Code**, enter *88888*, and then select **Continue**. After the policy finishes execution, you're redirected to `https://jwt.ms`, and you see a decoded JWT token. If you repeat the procedure, and enter a different **Access Code**, other than *88888*, you see an error, **The access code you entered is incorrect. Please try again.** ## Step 5 - Enable debug mode In development, you may want to see detailed errors sent by the API, such as *de ``` 1. Save the changes and [upload your policy file](#step-3upload-custom-policy-file). -1. [Test your custom policy](#step-4test-the-custom-policy). Make sure you use a wrong input for your **Access Code**. You'll see an error similar to the one shown in the screenshot below. +1. [Test your custom policy](#step-4test-the-custom-policy). Make sure you use a wrong input for your **Access Code**. You see an error similar to the one shown in this screenshot: :::image type="content" source="media/custom-policies-series-call-rest-api/screenshot-error-enable-debug-mode.png" alt-text="A screenshot error when you enable debug mode."::: |
active-directory-b2c | Custom Policies Series Install Xml Extensions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policies-series-install-xml-extensions.md | -You can improve your productivity when editing or writing custom policy files by validating your files before you upload them. You can let Azure Active Directory B2C (Azure AD B2C) to validate the XML policy files when you upload them, but most errors cause the upload to fail. An example of invalid policy file is improperly formatted XML. +You can improve your productivity when editing or writing custom policy files by validating your files before you upload them. You can let Azure Active Directory B2C (Azure AD B2C) to validate the XML policy files when you upload them, but most errors cause the upload to fail. So, we recommend you validate your custom policy files before you upload them. An example of invalid policy file is improperly formatted XML. -It's essential to use a good XML editor such as [Visual Studio Code (VS Code)](https://code.visualstudio.com/). We recommend using VS Code as it allows you to install XML extension, such as [XML Language Support by Red Hat](https://marketplace.visualstudio.com/items?itemName=redhat.vscode-xml). A good XML editor together with extra XML extension allows you to color-codes content, pre-fills common terms, keeps XML elements indexed, and can validate against an XML schema. +It's essential to use a good XML editor such as [Visual Studio Code (VS Code)](https://code.visualstudio.com/). We recommend using VS Code as it allows you to install XML extension, such as [XML Language Support by Red Hat](https://marketplace.visualstudio.com/items?itemName=redhat.vscode-xml). A good XML editor together with extra XML extension allows you to color-codes content, prefills common terms, keeps XML elements indexed, and can validate against an XML schema. To validate custom policy files, we provide a custom policy XML schema. You can download the schema by using the link `https://raw.githubusercontent.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/master/TrustFrameworkPolicy_0.3.0.0.xsd` or refer to it from your editor by using the same link. You can also use Azure AD B2C extension for VS Code to quickly navigate through Azure AD B2C policy files, and many other functions. Lean more about [Azure AD B2C extension for VS Code](https://marketplace.visualstudio.com/items?itemName=AzureADB2CTools.aadb2c). In this article, you learn how to: ## Prerequisites -- You must have [Visual Studio Code (VS Code)](https://code.visualstudio.com/) installed in your computer. +- You must install [Visual Studio Code (VS Code)](https://code.visualstudio.com/) in your computer. -- A custom policy file such as the one we used in [Validate user inputs by using Azure AD B2C custom policy](custom-policies-series-validate-user-input.md). This article is a part of [Create and run your own custom policies how-to guide series](custom-policies-series-overview.md). +- A custom policy file such as the one we use in [Validate user inputs by using Azure AD B2C custom policy](custom-policies-series-validate-user-input.md). [!INCLUDE [active-directory-b2c-app-integration-call-api](../../includes/active-directory-b2c-common-note-custom-policy-how-to-series.md)] TrustFrameworkPolicy schema is a custom policy XML schema that allows you to val ## Use Azure AD B2C extension -Azure AD B2C extension allows you to understand the organization of your policy files easily. For example, the custom policy explorer allows you to see the custom policy elements you've used and to move to them quickly. +Azure AD B2C extension allows you to understand the organization of your policy files easily. For example, the custom policy explorer allows you to see the custom policy elements you use and to move to them quickly. 1. Install [Azure AD B2C extension](https://marketplace.visualstudio.com/items?itemName=AzureADB2CTools.aadb2c) in your VS Code editor |
active-directory-b2c | Custom Policy Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/custom-policy-overview.md | -Custom policies are configuration files that define the behavior of your Azure Active Directory B2C (Azure AD B2C) tenant. While [user flows](user-flow-overview.md) are predefined in the Azure AD B2C portal for the most common identity tasks, custom policies can be fully edited by an identity developer to complete many different tasks. +Custom policies are configuration files that define the behavior of your Azure Active Directory B2C (Azure AD B2C) tenant. While [user flows](user-flow-overview.md) are predefined in the Azure AD B2C portal for the most common identity tasks, an identity developer can edit custom policies to complete many different tasks. -A custom policy is fully configurable and policy-driven. A custom policy orchestrates trust between entities in standard protocols. For example, OpenID Connect, OAuth, SAML, and a few non-standard ones, for example REST API-based system-to-system claims exchanges. The framework creates user-friendly, white-labeled experiences. +A custom policy is fully configurable and policy-driven. A custom policy orchestrates trust between entities in standard protocols. For example, OpenID Connect, OAuth, SAML, and a few nonstandard ones, for example REST API-based system-to-system claims exchanges. The framework creates user-friendly, white-labeled experiences. A custom policy is represented as one or more XML-formatted files, which refer to each other in a hierarchical chain. The XML elements define the building blocks, the interaction with the user, and other parties, and the business logic. ## Custom policy starter pack -Azure AD B2C custom policy [starter pack](tutorial-create-user-flows.md?pivots=b2c-custom-policy#get-the-starter-pack) comes with several pre-built policies to get you started quickly. Each of these starter packs contains the smallest number of technical profiles and user journeys needed to achieve the scenarios described: +Azure AD B2C custom policy [starter pack](tutorial-create-user-flows.md?pivots=b2c-custom-policy#get-the-starter-pack) comes with several prebuilt policies to get you started quickly. Each of these starter packs contains the smallest number of technical profiles and user journeys needed to achieve the scenarios described: - **LocalAccounts** - Enables the use of local accounts only. - **SocialAccounts** - Enables the use of social (or federated) accounts only. - **SocialAndLocalAccounts** - Enables the use of both local and social accounts. Most of our samples refer to this policy.-- **SocialAndLocalAccountsWithMFA** - Enables social, local, and multi-factor authentication options.+- **SocialAndLocalAccountsWithMFA** - Enables social, local, and multifactor authentication options. In the [Azure AD B2C samples GitHub repository](https://github.com/azure-ad-b2c/samples), you find samples for several enhanced Azure AD B2C custom CIAM user journeys and scenarios. For example, local account policy enhancements, social account policy enhancements, MFA enhancements, user interface enhancements, generic enhancements, app migration, user migration, conditional access, web test, and CI/CD. A relying party application, which in the SAML protocol is known as a service pr ![Diagram showing the policy execution flow](./media/custom-policy-overview/custom-policy-execution.png) -All relying party applications that use the same policy will receive the same token claims, and the user goes through the same user journey. +All relying party applications that use the same policy receives the same token claims, and the user goes through the same user journey. ### User journeys -[User journeys](userjourneys.md) allows you to define the business logic with path through which user will follow to gain access to your application. The user is taken through the user journey to retrieve the claims that are to be presented to your application. A user journey is built from a sequence of [orchestration steps](userjourneys.md#orchestrationsteps). A user must reach the last step to acquire a token. +[User journeys](userjourneys.md) allows you to define the business logic with path through which user follows to gain access to your application. The user is taken through the user journey to retrieve the claims that are to be presented to your application. A user journey is built from a sequence of [orchestration steps](userjourneys.md#orchestrationsteps). A user must reach the last step to acquire a token. The following instructions describe how you can add orchestration steps to the [social and local account starter pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/SocialAndLocalAccounts) policy. Here's an example of a REST API call that has been added. The following diagram shows the relationship between the policy files and the re ### Best practices -Within an Azure AD B2C custom policy, you can integrate your own business logic to build the user experiences you require and extend functionality of the service. We've a set of best practices and recommendations to get started. +Within an Azure AD B2C custom policy, you can integrate your own business logic to build the user experiences you require and extend functionality of the service. We have a set of best practices and recommendations to get started. -- Create your logic within the **extension policy**, or **relying party policy**. You can add new elements, which will override the base policy by referencing the same ID. This approach will allow you to scale out your project while making it easier to upgrade base policy later on if Microsoft releases new starter packs.+- Create your logic within the **extension policy**, or **relying party policy**. You can add new elements, which overrides the base policy by referencing the same ID. This approach allows you to scale out your project while making it easier to upgrade base policy later on if Microsoft releases new starter packs. - Within the **base policy**, we highly recommend avoiding making any changes. When necessary, make comments where the changes are made. - When you're overriding an element, such as technical profile metadata, avoid copying the entire technical profile from the base policy. Instead, copy only the required section of the element. See [Disable email verification](./disable-email-verification.md) for an example of how to make the change. - To reduce duplication of technical profiles, where core functionality is shared, use [technical profile inclusion](technicalprofiles.md#include-technical-profile). After you set up and test your Azure AD B2C policy, you can start customizing yo - During your policy development and testing, you can [disable email verification](./disable-email-verification.md). Learn how to overwrite a technical profile metadata. - [Set up sign-in with a Google account](./identity-provider-google.md) using custom policies. Learn how to create a new claims provider with OAuth2 technical profile. Then customize the user journey to include the Google sign-in option. - To diagnose problems with your custom policies, you can [Collect Azure Active Directory B2C logs with Application Insights](troubleshoot-with-application-insights.md). Learn how to add new technical profiles, and configure your relying party policy.+- If you want to understand how custom policy is built from scratch, learn how to [Create and run your own custom policies in Azure Active Directory B2C how-to guide series](custom-policies-series-overview.md). |
active-directory-b2c | Embedded Login | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/embedded-login.md | The inline frame element `<iframe>` is used to embed a document in an HTML5 web When using iframe, consider the following: - Embedded sign-up or sign-in supports local accounts only. Most social identity providers (for example, Google and Facebook) block their sign-in pages from being rendered in inline frames.-- Because Azure AD B2C session cookies within an iframe are considered third-party cookies, certain browsers (for example Safari or Chrome in incognito mode) either block or clear these cookies, resulting in an undesirable user experience. To prevent this issue, make sure your application domain name and your Azure AD B2C domain have the *same origin*. To use the same origin, [enable custom domains](custom-domain.md) for Azure AD B2C tenant, then configure your web app with the same origin. For example, an application hosted on 'https://app.contoso.com' has the same origin as Azure AD B2C running on 'https://login.contoso.com'.+- Certain browsers, such as Safari or Chrome in incognito mode, view Azure AD B2C session cookies within an iframe as third-party cookies. These browsers may block or clear these cookies, which can lead to a less than optimal user experience. To prevent this issue, make sure your application domain name and your Azure AD B2C domain have the *same origin*. To use the same origin, [enable custom domains](custom-domain.md) for Azure AD B2C tenant, then configure your web app with the same origin. For example, an application hosted on 'https://app.contoso.com' has the same origin as Azure AD B2C running on 'https://login.contoso.com'. ## Prerequisites Add a **JourneyFraming** element inside the [RelyingParty](relyingparty.md) elem The **Sources** attribute contains the URI of your web application. Add a space between URIs. Each URI must meet the following requirements: -- The URI must be trusted and owned by your application.+- Your application must trust and own the URI. - The URI must use the https scheme. -- The full URI of the web app must be specified. Wildcards are not supported.+- The full URI of the web app must be specified. Wildcards aren't supported. - The **JourneyFraming** element only allows site URLs with a **two to seven-character** Top-level domain (TLD) to align with commonly recognized TLDs. -In addition, we recommend that you also block your own domain name from being embedded in an iframe by setting the `Content-Security-Policy` and `X-Frame-Options` headers respectively on your application pages. This will mitigate security concerns around older browsers related to nested embedding of iframes. +In addition, we recommend that you also block your own domain name from being embedded in an iframe by setting the `Content-Security-Policy` and `X-Frame-Options` headers respectively on your application pages. This technique mitigates security concerns around older browsers related to nested embedding of iframes. ## Adjust policy user interface -With Azure AD B2C [user interface customization](customize-ui.md), you have almost full control over the HTML and CSS content presented to users. Follow the steps for customizing an HTML page using content definitions. To fit the Azure AD B2C user interface into the iframe size, provide clean HTML page without a background and extra spaces. +With Azure AD B2C [user interface customization](customize-ui.md), you have almost full control over the HTML and CSS content that you present your users. Follow the steps for customizing an HTML page using content definitions. To fit the Azure AD B2C user interface into the iframe size, provide clean HTML page without a background and extra spaces. The following CSS code hides the Azure AD B2C HTML elements and adjusts the size of the panel to fill the iframe. To support embedded login, the iframe `src` attribute points to the sign-in cont <iframe id="loginframe" frameborder="0" src="/account/SignUpSignIn"></iframe> ``` -After the ID token is received and validated by the application, the authorization flow is complete and the application recognizes and trusts the user. Because the authorization flow happens inside the iframe, you need to reload the main page. After the page reloads, the sign-in button changes to "sign out" and the username is presented in the UI. +After the application receives and validates the ID token, it completes the authorization flow and recognizes and trusts the user. Because the authorization flow happens inside the iframe, you need to reload the main page. After the page reloads, the sign-in button changes to "sign out" and the username is presented in the UI. -The following is an example showing how the sign-in redirect URI can refresh the main page: +The following example shows how the sign-in redirect URI can refresh the main page: ```javascript window.top.location.reload(); The redirect URI can be the same redirect URI used by the iframe. You can skip t ## Configure a single-page application -For a single-page application, you'll also need a second "sign-in" HTML page that loads into the iframe. This sign-in page hosts the authentication library code that generates the authorization code and returns the token. +For a single-page application, you also need a second "sign-in" HTML page that loads into the iframe. This sign-in page hosts the authentication library code that generates the authorization code and returns the token. When the single-page application needs the access token, use JavaScript code to obtain the access token from the iframe and the object that contains it. |
active-directory-b2c | Enable Authentication React Spa App | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-react-spa-app.md | npm i bootstrap react-bootstrap The sample code is made up of the following components. Add these components from the sample React app to your own app: -- [public/https://docsupdatetracker.net/index.html](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/public/https://docsupdatetracker.net/index.html)- The [bundling process](https://legacy.reactjs.org/docs/code-splitting.html) uses this file as a template and injects the React components into the `<div id="root">` element. If you open it directly in the browser, you'll see an empty page. +- [public/https://docsupdatetracker.net/index.html](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/public/https://docsupdatetracker.net/index.html)- The [bundling process](https://legacy.reactjs.org/docs/code-splitting.html) uses this file as a template and injects the React components into the `<div id="root">` element. If you open it directly in the browser, you see an empty page. - [src/authConfig.js](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/authConfig.js) - A configuration file that contains information about your Azure AD B2C identity provider and the web API service. The React app uses this information to establish a trust relationship with Azure AD B2C, sign in and sign out the user, acquire tokens, and validate the tokens. The sample code is made up of the following components. Add these components fro - [src/App.jsx](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/App.jsx) - Defines the **App** and **Pages** components: - - The **App** component is the top level component of your app. It wraps everything between `MsalProvider` component. All components underneath MsalProvider will have access to the PublicClientApplication instance via context and all hooks and components provided by MSAL React. The App component mounts the [PageLayout](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/components/PageLayout.jsx) and its [Pages](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/App.jsx#L18) child element. + - The **App** component is the top level component of your app. It wraps everything between `MsalProvider` component. All components underneath MsalProvider have access to the PublicClientApplication instance via context and all hooks and components provided by MSAL React. The App component mounts the [PageLayout](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/components/PageLayout.jsx) and its [Pages](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/App.jsx#L18) child element. - The **Pages** component registers and unregister the MSAL event callbacks. The events are used to handle MSAL errors. It also defines the routing logic of the app. The sample code is made up of the following components. Add these components fro - With PublicClientApplication instance, it acquires an access token to call the REST API. - Invokes the [callApiWithToken](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/4-Deployment/2-deploy-static/App/src/fetch.js) function to fetch the data from the REST API and renders the result using the **DataDisplay** component. -- [src/components/NavigationBar.jsx](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/components/NavigationBar.jsx) - The app top navigation bar with the sign-in, sign-out, edit profile and call REST API reset buttons.+- [src/components/NavigationBar.jsx](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/components/NavigationBar.jsx) - The app top navigation bar that has the sign-in, sign-out, edit profile and call REST API reset buttons. - It uses the [AuthenticatedTemplate](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-react/docs/getting-started.md#authenticatedtemplate-and-unauthenticatedtemplate) and UnauthenticatedTemplate, which only render their children if a user is authenticated or unauthenticated, respectively. - Handle the login and sign out with redirection and popup window events. - [src/components/PageLayout.jsx](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/components/PageLayout.jsx) - The common layout that provides the user with a consistent experience as they navigate from page to page. The layout includes common user interface elements such as the app header, **NavigationBar** component, footer and its child components. - - It uses the [AuthenticatedTemplate](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-react/docs/getting-started.md#authenticatedtemplate-and-unauthenticatedtemplate) which renders its children only if a user is authenticated. + - It uses the [AuthenticatedTemplate](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-react/docs/getting-started.md#authenticatedtemplate-and-unauthenticatedtemplate), which renders its children only if a user is authenticated. - [src/components/DataDisplay.jsx](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/components/DataDisplay.jsx) - Renders the data return from the REST API call. The sample code is made up of the following components. Add these components fro ## Step 4: Configure your React app -After you [add the authentication components](#step-3-add-the-authentication-components), configure your React app with your Azure AD B2C settings. Azure AD B2C identity provider settings are configured in the *auth_config_b2c.json* file and `B2CConfiguration` class. +After you [add the authentication components](#step-3-add-the-authentication-components), configure your React app with your Azure AD B2C settings. Azure AD B2C identity provider settings are configured in the *authConfig.js* file. -For guidance, see [Configure your React app](enable-authentication-react-spa-app.md#step-4-configure-your-react-app). +For guidance, see [Configure your React app](configure-authentication-sample-react-spa-app.md#31-configure-the-react-sample). ## Step 5: Run the React application -1. From Visual Studio code, open a new terminal and run the following commands: +1. From Visual Studio Code, open a new terminal and run the following commands: ```console npm install && npm update |
active-directory-b2c | Enable Authentication Web Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/enable-authentication-web-api.md | -To authorize access to a web API, you can serve only requests that include a valid access token that's issued by Azure Active Directory B2C (Azure AD B2C). This article shows you how to enable Azure AD B2C authorization to your web API. After you complete the steps in this article, only users who obtain a valid access token will be authorized to call your web API endpoints. +To authorize access to a web API, you can serve only requests that include a valid access token that Azure Active Directory B2C (Azure AD B2C) issues. This article shows you how to enable Azure AD B2C authorization to your web API. After you complete the steps in this article, only users who obtain a valid access token will be authorized to call your web API endpoints. ## Prerequisites Before you begin, read one of the following articles, which discuss how to confi ## Overview -Token-based authentication ensures that requests to a web API are accompanied by a valid access token. +Token-based authentication ensures that requests to a web API includes a valid access token. -The app does the following: +The app completes the following steps: 1. It authenticates users with Azure AD B2C. 1. It acquires an access token with the required permissions (scopes) for the web API endpoint. The app does the following: Authorization: Bearer <access token> ``` -The web API does the following: +The web API completes the following steps: 1. It reads the bearer token from the authorization header in the HTTP request. The application registrations and the application architecture are described in ## Prepare your development environment -In the next sections, you'll create a new web API project. Select your programming language, ASP.NET Core or Node.js. Make sure you have a computer that's running either of the following: +In the next sections, you create a new web API project. Select your programming language, ASP.NET Core or Node.js. Make sure you have a computer that's running either of the following software: # [ASP.NET Core](#tab/csharpclient) Add the following JSON snippet to the *appsettings.json* file. # [Node.js](#tab/nodejsgeneric) -Add the following JavaScript code to the *app.js* file. It is possible to [setup HTTP and HTTPS endpoints for the Node application](https://github.com/expressjs/express/wiki/Migrating-from-2.x-to-3.x#application-function). +Add the following JavaScript code to the *app.js* file. It's possible to [setup HTTP and HTTPS endpoints for the Node application](https://github.com/expressjs/express/wiki/Migrating-from-2.x-to-3.x#application-function). ```javascript // Starts listening on port 6000 |
active-directory-b2c | Microsoft Graph Operations | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/microsoft-graph-operations.md | The `RunAsync` method in the _Program.cs_ file: :::code language="csharp" source="~/ms-identity-dotnetcore-b2c-account-management/src/Program.cs" id="ms_docref_set_auth_provider"::: -The initialized *GraphServiceClient* is then used in _UserService.cs_ to perform the user management operations. For example, getting a list of the user accounts in the tenant: +The initialized _GraphServiceClient_ is then used in _UserService.cs_ to perform the user management operations. For example, getting a list of the user accounts in the tenant: :::code language="csharp" source="~/ms-identity-dotnetcore-b2c-account-management/src/Services/UserService.cs" id="ms_docref_get_list_of_user_accounts"::: The initialized *GraphServiceClient* is then used in _UserService.cs_ to perform ## Next steps -For code samples in JavaScript and Node.js, please see: [Manage B2C user accounts with MSAL.js and Microsoft Graph SDK](https://github.com/Azure-Samples/ms-identity-b2c-javascript-nodejs-management) +- For code samples in JavaScript and Node.js, please see: [Manage B2C user accounts with MSAL.js and Microsoft Graph SDK](https://github.com/Azure-Samples/ms-identity-b2c-javascript-nodejs-management) +- Explore [Graph Explorer](https://aka.ms/ge) that lets you try Microsoft Graph APIs and learn about them. <!-- LINK --> |
active-directory-b2c | Openid Connect | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/openid-connect.md | OpenID Connect is an authentication protocol, built on top of OAuth 2.0, that ca [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html) extends the OAuth 2.0 *authorization* protocol for use as an *authentication* protocol. This authentication protocol allows you to perform single sign-on. It introduces the concept of an *ID token*, which allows the client to verify the identity of the user and obtain basic profile information about the user. -Because it extends OAuth 2.0, it also enables applications to securely acquire *access tokens*. You can use access tokens to access resources that are secured by an [authorization server](protocols-overview.md). OpenID Connect is recommended if you're building a web application that's hosted on a server and accessed through a browser. For more information about tokens, see the [Overview of tokens in Azure Active Directory B2C](tokens-overview.md) +OpenID Connect also enables applications to securely acquire *access tokens*. You can use access tokens to access resources that the [authorization server](protocols-overview.md) secures. We recommend OpenID Connect if you're building a web application that you host on a server and accessed through a browser. For more information about tokens, see the [Overview of tokens in Azure Active Directory B2C](tokens-overview.md) Azure AD B2C extends the standard OpenID Connect protocol to do more than simple authentication and authorization. It introduces the [user flow parameter](user-flow-overview.md), which enables you to use OpenID Connect to add user experiences to your application, such as sign up, sign in, and profile management. When your web application needs to authenticate the user and run a user flow, it In this request, the client indicates the permissions that it needs to acquire from the user in the `scope` parameter, and specifies the user flow to run. To get a feel of how the request works, paste the request into your browser and run it. Replace: - `{tenant}` with the name of your tenant.-- `90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6` with the app ID of an [application you've previously registered in your tenant](tutorial-register-applications.md). -- `{application-id-uri}/{scope-name}` with the Application ID URI and Scope of an application that you've previously registered in your tenant+- `90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6` with the app ID of an [application you registered in your tenant](tutorial-register-applications.md). +- `{application-id-uri}/{scope-name}` with the Application ID URI and scope of an application that you registered in your tenant. - `{policy}` with the policy name that you have in your tenant, for example `b2c_1_sign_in`. ```http-GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/authorize? +GET /{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/authorize? +Host: {tenant}.b2clogin.com + client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 &response_type=code+id_token &redirect_uri=https%3A%2F%2Fjwt.ms%2F client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 | Parameter | Required | Description | | | -- | -- | | {tenant} | Yes | Name of your [Azure AD B2C tenant]( tenant-management-read-tenant-name.md#get-your-tenant-name). If you're using a [custom domain](custom-domain.md), replace `tenant.b2clogin.com` with your domain, such as `fabrikam.com`. |-| {policy} | Yes | The user flow or policy to be run. Specify the name of a user flow you've created in your Azure AD B2C tenant. For example: `b2c_1_sign_in`, `b2c_1_sign_up`, or `b2c_1_edit_profile`. | +| {policy} | Yes | The user flow or policy that the app runs. Specify the name of a user flow that you create in your Azure AD B2C tenant. For example: `b2c_1_sign_in`, `b2c_1_sign_up`, or `b2c_1_edit_profile`. | | client_id | Yes | The application ID that the [Azure portal](https://portal.azure.com/) assigned to your application. | | nonce | Yes | A value included in the request (generated by the application) that is included in the resulting ID token as a claim. The application can then verify this value to mitigate token replay attacks. The value is typically a randomized unique string that can be used to identify the origin of the request. | | response_type | Yes | Must include an ID token for OpenID Connect. If your web application also needs tokens for calling a web API, you can use `code+id_token`.|-| scope | Yes | A space-separated list of scopes. The `openid` scope indicates a permission to sign in the user and get data about the user in the form of ID tokens. The `offline_access` scope is optional for web applications. It indicates that your application will need a *refresh token* for extended access to resources. The `https://{tenant-name}/{app-id-uri}/{scope}` indicates a permission to protected resources, such as a web API. For more information, see [Request an access token](access-tokens.md#scopes). | -| prompt | No | The type of user interaction that's required. The only valid value at this time is `login`, which forces the user to enter their credentials on that request. | -| redirect_uri | Yes | The `redirect_uri` parameter of your application, where authentication responses can be sent and received by your application. It must exactly match one of the `redirect_uri` parameters that you registered in the Azure portal, except that it must be URL-encoded. | -| response_mode | No | The method that is used to send the resulting authorization code back to your application. It can be either `query`, `form_post`, or `fragment`. The `form_post` response mode is recommended for best security. | -| state | No | A value included in the request that's also returned in the token response. It can be a string of any content that you want. A randomly generated unique value is typically used for preventing cross-site request forgery attacks. The state is also used to encode information about the user's state in the application before the authentication request occurred, such as the page they were on. If you don't want to register multiple redirect URLs in your Azure portal, you can use the `state` parameter to differentiate responses in your application from Azure AD B2C service due to different requests.| -| login_hint | No| Can be used to pre-fill the sign-in name field of the sign-in page. For more information, see [Prepopulate the sign-in name](direct-signin.md#prepopulate-the-sign-in-name). | +| scope | Yes | A space-separated list of scopes. The `openid` scope indicates a permission to sign in the user and get data about the user in the form of ID tokens. The `offline_access` scope is optional for web applications. It indicates that your application need a *refresh token* for extended access to resources. The `https://{tenant-name}/{app-id-uri}/{scope}` indicates a permission to protected resources, such as a web API. For more information, see [Request an access token](access-tokens.md#scopes). | +| prompt | No | The type of user interaction that you require. The only valid value at this time is `login`, which forces the user to enter their credentials on that request. | +| redirect_uri | Yes | The `redirect_uri` parameter of your application, where the server sends authentication responses to your application. It must exactly match one of the `redirect_uri` parameters that you registered in the Azure portal, except that it must be URL-encoded. | +| response_mode | No | The method that is used to send the resulting authorization code back to your application. It can be either `query`, `form_post`, or `fragment`. We recommended you use the `form_post` response mode for best security. | +| state | No | A value that you can include in the request that the authorization server returns in the token response. It can be a string of any content that you want. A randomly generated unique value is typically used for preventing cross-site request forgery attacks. The state is also used to encode information about the user's state in the application before the authentication request occurred, such as the page they were on. If you don't want to register multiple redirect URLs in your Azure portal, you can use the `state` parameter to differentiate responses in your application from Azure AD B2C service due to different requests.| +| login_hint | No| Can be used to prefill the sign-in name field of the sign-in page. For more information, see [Prepopulate the sign-in name](direct-signin.md#prepopulate-the-sign-in-name). | | domain_hint | No| Provides a hint to Azure AD B2C about the social identity provider that should be used for sign-in. If a valid value is included, the user goes directly to the identity provider sign-in page. For more information, see [Redirect sign-in to a social provider](direct-signin.md#redirect-sign-in-to-a-social-provider). | | Custom parameters | No| Custom parameters that can be used with [custom policies](custom-policy-overview.md). For example, [dynamic custom page content URI](customize-ui-with-html.md?pivots=b2c-custom-policy#configure-dynamic-custom-page-content-uri), or [key-value claim resolvers](claim-resolver-overview.md#oauth2-key-value-parameters). | At this point, the user is asked to complete the workflow. The user might have to enter their username and password, sign in with a social identity, or sign up for the directory. There could be any other number of steps depending on how the user flow is defined. -After the user completes the user flow, a response is returned to your application at the indicated `redirect_uri` parameter, by using the method that's specified in the `response_mode` parameter. The response is the same for each of the preceding cases, independent of the user flow. +After the user completes the user flow, a response is returned to your application at the indicated `redirect_uri` parameter, by using the method that you specify in the `response_mode` parameter. The response is the same for each of the preceding cases, independent of the user flow. A successful response using `response_mode=fragment` would look like: error=access_denied ## Validate the ID token -Just receiving an ID token is not enough to authenticate the user. Validate the ID token's signature and verify the claims in the token per your application's requirements. Azure AD B2C uses [JSON Web Tokens (JWTs)](https://self-issued.info/docs/draft-ietf-oauth-json-web-token.html) and public key cryptography to sign tokens and verify that they are valid. +Just receiving an ID token isn't enough to authenticate the user. Validate the ID token's signature and verify the claims in the token per your application's requirements. Azure AD B2C uses [JSON Web Tokens (JWTs)](https://self-issued.info/docs/draft-ietf-oauth-json-web-token.html) and public key cryptography to sign tokens and verify that they're valid. > [!NOTE] > Most of the open-source authentication libraries validate the JWT tokens for your application. We recommend exploring those options, rather than implementing your own validation logic. For more information, see [Overview of the Microsoft Authentication Library (MSAL)](../active-directory/develop/msal-overview.md), and [Microsoft Identity Web authentication library](../active-directory/develop/microsoft-identity-web.md). One of the properties of this configuration document is `jwks_uri`, whose value https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_sign_in/discovery/v2.0/keys ``` -To determine which user flow was used in signing an ID token (and from where to get the metadata), you have two options. First, the user flow name is included in the `acr` claim in the ID token, see [claim representing user flow](configure-tokens.md#token-compatibility-settings). Your other option is to encode the user flow in the value of the `state` parameter when you issue the request, and then decode it to determine which user flow was used. Either method is valid. +To determine which user flow was used to sign an ID token, you have two options. First, the user flow name is included in the `acr` claim in the ID token, see [claim representing user flow](configure-tokens.md#token-compatibility-settings). Your other option is to encode the user flow in the value of the `state` parameter when you issue the request, and then decode it to determine which user flow was used. Either method is valid. -After you've acquired the metadata document from the OpenID Connect metadata endpoint, you can use the RSA 256 public keys to validate the signature of the ID token. There might be multiple keys listed at this endpoint, each identified by a `kid` claim. The header of the ID token also contains a `kid` claim, which indicates which of these keys was used to sign the ID token. +After you acquire the metadata document from the OpenID Connect metadata endpoint, you can use the RSA 256 public keys to validate the signature of the ID token. There might be multiple keys listed at this endpoint, each identified by a `kid` claim. The header of the ID token also contains a `kid` claim, which indicates which of these keys was used to sign the ID token. -To verify the tokens from Azure AD B2C, you need to generate the public key using the exponent(e) and modulus(n). You need to determine how to do this in your respective programming language accordingly. The official documentation on Public Key generation with the RSA protocol can be found here: https://tools.ietf.org/html/rfc3447#section-3.1 +To verify the tokens from Azure AD B2C, you need to generate the public key using the exponent(e) and modulus(n). To do so, you need to learn how to generate the public key in a programming language of your choice. The official documentation on Public Key generation with the RSA protocol can be found here: https://tools.ietf.org/html/rfc3447#section-3.1 -After you've validated the signature of the ID token, there are several claims that you need to verify. For instance: +After you validate the signature of the ID token, there are various claims that you need to verify. For instance: - Validate the `nonce` claim to prevent token replay attacks. Its value should be what you specified in the sign-in request. - Validate the `aud` claim to ensure that the ID token was issued for your application. Its value should be the application ID of your application. - Validate the `iat` and `exp` claims to make sure that the ID token hasn't expired. -There are also several more validations that you should perform. The validations are described in detail in the [OpenID Connect Core Spec](https://openid.net/specs/openid-connect-core-1_0.html). You might also want to validate additional claims, depending on your scenario. Some common validations include: +There are also several more validations that you should perform. The validations are described in detail in the [OpenID Connect Core Spec](https://openid.net/specs/openid-connect-core-1_0.html). You might also want to validate more claims, depending on your scenario. Some common validations include: -- Ensuring that the user/organization has signed up for the application.-- Ensuring that the user has proper authorization/privileges.-- Ensuring that a certain strength of authentication has occurred, such as Microsoft Entra multifactor authentication.+- Ensure that the user/organization signed up for the application. +- Ensure that the user has proper authorization/privileges. +- Ensure that a certain strength of authentication has occurred, such as Microsoft Entra multifactor authentication. After the ID token is validated, you can begin a session with the user. You can use the claims in the ID token to obtain information about the user in your application. Uses for this information include display, records, and authorization. If you need your web application to only run user flows, you can skip the next f You can redeem the authorization code that you acquired (by using `response_type=code+id_token`) for a token to the desired resource by sending a `POST` request to the `/token` endpoint. In Azure AD B2C, you can [request access tokens for other APIs](access-tokens.md#request-a-token) as usual by specifying their scope(s) in the request. -You can also request an access token for your app's own back-end Web API by convention of using the app's client ID as the requested scope (which will result in an access token with that client ID as the "audience"): +You can also request an access token for your app's own back-end Web API. In this case, you use the app's client ID as the requested scope, which results in an access token with that client ID as the "audience": ```http POST https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token HTTP/1.1 Host: {tenant}.b2clogin.com Content-Type: application/x-www-form-urlencoded -grant_type=authorization_code&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&scope=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access&code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...&redirect_uri=urn:ietf:wg:oauth:2.0:oob +grant_type=authorization_code +&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 +&scope=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access +&code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq... +&redirect_uri=urn:ietf:wg:oauth:2.0:oob ``` | Parameter | Required | Description | grant_type=authorization_code&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&sco | {tenant} | Yes | Name of your Azure AD B2C tenant | | {policy} | Yes | The user flow that was used to acquire the authorization code. You can't use a different user flow in this request. Add this parameter to the query string, not to the POST body. | | client_id | Yes | The application ID that the [Azure portal](https://portal.azure.com/) assigned to your application. |-| client_secret | Yes, in Web Apps | The application secret that was generated in the [Azure portal](https://portal.azure.com/). Client secrets are used in this flow for Web App scenarios, where the client can securely store a client secret. For Native App (public client) scenarios, client secrets cannot be securely stored, therefore not used on this flow. If using a client secret, please change it on a periodic basis. | +| client_secret | Yes, in Web Apps | The application secret that was generated in the [Azure portal](https://portal.azure.com/). Client secrets are used in this flow for Web App scenarios, where the client can securely store a client secret. For Native App (public client) scenarios, client secrets can't be securely stored, therefore not used on this flow. If using a client secret, change it on a periodic basis. | | code | Yes | The authorization code that you acquired in the beginning of the user flow. | | grant_type | Yes | The type of grant, which must be `authorization_code` for the authorization code flow. | | redirect_uri | No | The `redirect_uri` parameter of the application where you received the authorization code. | A successful token response looks like: | Parameter | Description | | | -- |-| not_before | The time at which the token is considered valid, in epoch time. | +| not_before | The epoch time at which the token becomes valid. | | token_type | The token type value. `Bearer` is the only type that is supported. | | access_token | The signed JWT token that you requested. |-| scope | The scopes for which the token is valid. | +| scope | The valid scopes for the token. | | expires_in | The length of time that the access token is valid (in seconds). |-| expires_on | The time at which the access token expires, in epoch time. | -| refresh_token | An OAuth 2.0 refresh token. The application can use this token to acquire additional tokens after the current token expires. Refresh tokens can be used to retain access to resources for extended periods of time. The scope `offline_access` must have been used in both the authorization and token requests in order to receive a refresh token. | +| expires_on | The epoch time when the access token becomes invalid. | +| refresh_token | An OAuth 2.0 refresh token. The application can use this token to acquire more tokens after the current token expires. Refresh tokens can be used to retain access to resources for extended periods of time. The scope `offline_access` must have been used in both the authorization and token requests in order to receive a refresh token. | Error responses look like: Error responses look like: ## Use the token -Now that you've successfully acquired an access token, you can use the token in requests to your back-end web APIs by including it in the `Authorization` header: +After you successfully acquire an access token, you can use the token in requests to your back-end web APIs by including it in the `Authorization` header: ```http GET /tasks Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZn ## Refresh the token -Access tokens and ID tokens are short-lived. After they expire, you must refresh them to continue to access resources. When you refresh the access token, Azure AD B2C returns a new token. The refreshed access token will have updated `nbf` (not before), `iat` (issued at), and `exp` (expiration) claim values. All other claim values will be the same as the originally issued access token. +Access tokens and ID tokens are short-lived. After they expire, you must refresh them to continue to access resources. When you refresh the access token, Azure AD B2C returns a new token. The refreshed access token will have updated `nbf` (not before), `iat` (issued at), and `exp` (expiration) claim values. All other claim values are similar to those in the previous access token. Refresh a token by submitting another `POST` request to the `/token` endpoint. This time, provide the `refresh_token` parameter instead of the `code` parameter: POST https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0 Host: {tenant}.b2clogin.com Content-Type: application/x-www-form-urlencoded -grant_type=refresh_token&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&scope=openid offline_access&refresh_token=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...&redirect_uri=urn:ietf:wg:oauth:2.0:oob +grant_type=refresh_token +&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 +&scope=openid offline_access +&refresh_token=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq... +&redirect_uri=urn:ietf:wg:oauth:2.0:oob ``` | Parameter | Required | Description | grant_type=refresh_token&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6&scope=op | {tenant} | Yes | Name of your Azure AD B2C tenant | | {policy} | Yes | The user flow that was used to acquire the original refresh token. You can't use a different user flow in this request. Add this parameter to the query string, not to the POST body. | | client_id | Yes | The application ID that the [Azure portal](https://portal.azure.com/) assigned to your application. |-| client_secret | Yes, in Web Apps | The application secret that was generated in the [Azure portal](https://portal.azure.com/). Client secrets are used in this flow for Web App scenarios, where the client can securely store a client secret. For Native App (public client) scenarios, client secrets cannot be securely stored, therefore not used on this call. If using a client secret, please change it on a periodic basis. | +| client_secret | Yes, in Web Apps | The application secret that was generated in the [Azure portal](https://portal.azure.com/). Client secrets are used in this flow for Web App scenarios, where the client can securely store a client secret. For Native App (public client) scenarios, client secrets can't be securely stored, therefore not used on this call. If using a client secret, please change it on a periodic basis. | | grant_type | Yes | The type of grant, which must be `refresh_token` for this part of the authorization code flow. | | refresh_token | Yes | The original refresh token that was acquired in the second part of the flow. The `offline_access` scope must be used in both the authorization and token requests in order to receive a refresh token. | | redirect_uri | No | The `redirect_uri` parameter of the application where you received the authorization code. | A successful token response looks like: | Parameter | Description | | | -- |-| not_before | The time at which the token is considered valid, in epoch time. | +| not_before | The epoch time at which the token becomes valid. | | token_type | The token type value. `Bearer` is the only type that is supported. | | access_token | The signed JWT token that was requested. |-| scope | The scope for which the token is valid. | +| scope | The valid scopes for the token. | | expires_in | The length of time that the access token is valid (in seconds). | | refresh_token | An OAuth 2.0 refresh token. The application can use this token to acquire additional tokens after the current token expires. Refresh tokens can be used to retain access to resources for extended periods of time. | | refresh_token_expires_in | The length of time that the refresh token is valid (in seconds). | GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/ | Parameter | Required | Description | | | -- | -- | | {tenant} | Yes | Name of your Azure AD B2C tenant. If you're using a [custom domain](custom-domain.md), replace `tenant.b2clogin.com` with your domain, such as `fabrikam.com`. |-| {policy} | Yes | The user flow that has been used in the authorization request. For example, if the user signed-in with the `b2c_1_sign_in` user flow, specify `b2c_1_sign_in` in the sign-out request. | +| {policy} | Yes | The user flow that you specify in the authorization request. For example, if the user signed-in with the `b2c_1_sign_in` user flow, specify `b2c_1_sign_in` in the sign-out request. | | id_token_hint| No | A previously issued ID token to pass to the logout endpoint as a hint about the end user's current authenticated session with the client. The `id_token_hint` ensures that the `post_logout_redirect_uri` is a registered reply URL in your Azure AD B2C application settings. For more information, see [Secure your logout redirect](#secure-your-logout-redirect). | | client_id | No* | The application ID that the [Azure portal](https://portal.azure.com/) assigned to your application.<br><br>\**This is required when using `Application` isolation SSO configuration and _Require ID Token_ in logout request is set to `No`.* |-| post_logout_redirect_uri | No | The URL that the user should be redirected to after successful sign out. If it isn't included, Azure AD B2C shows the user a generic message. Unless you provide an `id_token_hint`, you should not register this URL as a reply URL in your Azure AD B2C application settings. | -| state | No | If a `state` parameter is included in the authorization request, the same value will be returned in the response to the `post_logout_redirect_uri`. The application should verify that the `state` values in the request and response are identical. | +| post_logout_redirect_uri | No | The URL that the user should be redirected to after successful sign out. If it isn't included, Azure AD B2C shows the user a generic message. Unless you provide an `id_token_hint`, you shouldn't register this URL as a reply URL in your Azure AD B2C application settings. | +| state | No | If you include a `state` parameter in the authorization request, the authorization server returns the same value in the response to the `post_logout_redirect_uri`. The application should verify that the `state` value in the request and response are identical. | Upon a sign-out request, Azure AD B2C invalidates the Azure AD B2C cookie-based session, and attempts to sign out from federated identity providers. For more information, see [Single sign-out](session-behavior.md?pivots=b2c-custom-policy#single-sign-out). ### Secure your logout redirect -After logout, the user is redirected to the URI specified in the `post_logout_redirect_uri` parameter, regardless of the reply URLs that have been specified for the application. However, if a valid `id_token_hint` is passed, and the **Require ID Token in logout requests** is turned on, Azure AD B2C verifies that the value of `post_logout_redirect_uri` matches one of the application's configured redirect URIs before performing the redirect. If no matching reply URL was configured for the application, an error message is displayed and the user is not redirected. +After logout, the user is redirected to the URI you specify in the `post_logout_redirect_uri` parameter, regardless of the reply URLs that you specify for the application. However, if a valid `id_token_hint` is passed, and the **Require ID Token in logout requests** is turned on, Azure AD B2C verifies that the value of `post_logout_redirect_uri` matches one of the application's configured redirect URIs before performing the redirect. If no matching reply URL was configured for the application, an error message is displayed and the user isn't redirected. To set the required ID Token in logout requests, see [Configure session behavior in Azure Active Directory B2C](session-behavior.md#secure-your-logout-redirect). ## Next steps -- Learn more about [Azure AD B2C session](session-behavior.md).+- Learn more about [Azure AD B2C session](session-behavior.md). |
active-directory-b2c | Secure Rest Api | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/secure-rest-api.md | Title: Secure APIs used as API connectors in Azure AD B2C + Title: Secure APIs used for API connectors in Azure AD B2C -description: Secure your custom RESTful APIs used as API connectors in Azure AD B2C. +description: Secure your custom RESTful APIs used for API connectors in Azure AD B2C. -# Secure your API used an API connector in Azure AD B2C +# Secure APIs used for API connectors in Azure AD B2C -When integrating a REST API within an Azure AD B2C user flow, you must protect your REST API endpoint with authentication. The REST API authentication ensures that only services that have proper credentials, such as Azure AD B2C, can make calls to your endpoint. This article will explore how to secure REST API. +When integrating a REST API within an Azure AD B2C user flow, you must protect your REST API endpoint with authentication. The REST API authentication ensures that only services that have proper credentials, such as Azure AD B2C, can make calls to your endpoint. This article explores how to secure REST API. ## Prerequisites -Complete the steps in the [Walkthrough: Add an API connector to a sign-up user flow](add-api-connector.md) guide. +Complete the steps in the [Add an API connector to a sign-up user flow](add-api-connector.md) guide. ::: zone pivot="b2c-user-flow" -You can protect your API endpoint by using either HTTP basic authentication or HTTPS client certificate authentication. In either case, you provide the credentials that Azure AD B2C will use when calling your API endpoint. Your API endpoint then checks the credentials and performs authorization decisions. +You can protect your API endpoint by using either HTTP basic authentication or HTTPS client certificate authentication. In either case, you provide the credentials that Azure AD B2C uses when it calls your API endpoint. Your API endpoint then checks the credentials and performs authorization decisions. ::: zone-end ## HTTP basic authentication -HTTP basic authentication is defined in [RFC 2617](https://tools.ietf.org/html/rfc2617). Basic authentication works as follows: Azure AD B2C sends an HTTP request with the client credentials (`username` and `password`) in the `Authorization` header. The credentials are formatted as the base64-encoded string `username:password`. Your API then is responsible for checking these values to perform other authorization decisions. +HTTP basic authentication is defined in [RFC 2617](https://tools.ietf.org/html/rfc2617). Basic authentication works as follows: ++- Azure AD B2C sends an HTTP request with the client credentials (`username` and `password`) in the `Authorization` header. ++- The credentials are formatted as the base64-encoded string `username:password`. ++- Your API then is responsible for checking these values to perform other authorization decisions. ::: zone pivot="b2c-user-flow" Your API must implement the authorization based on sent client certificates in o ../api-management/api-management-howto-mutual-certificates-for-clients.md) against desired values. ### Renewing certificates-It's recommended you set reminder alerts for when your certificate will expire. You will need to generate a new certificate and repeat the steps above when used certificates are about to expire. To "roll" the use of a new certificate, your API service can continue to accept old and new certificates for a temporary amount of time while the new certificate is deployed. +It's recommended you set reminder alerts for when your certificate will expire. You need to generate a new certificate and repeat the steps above when used certificates are about to expire. To "roll" the use of a new certificate, your API service can continue to accept old and new certificates for a temporary amount of time while the new certificate is deployed. -To upload a new certificate to an existing API connector, select the API connector under **API connectors** and click on **Upload new certificate**. The most recently uploaded certificate which is not expired and whose start date has passed will automatically be used by Azure AD B2C. +To upload a new certificate to an existing API connector, select the API connector under **API connectors** and click on **Upload new certificate**. The most recently uploaded certificate, which is not expired and whose start date has passed will automatically be used by Azure AD B2C. :::image type="content" source="media/secure-api-connector/api-connector-renew-cert.png" alt-text="Providing a new certificate to an API connector when one already exists."::: A claim provides temporary storage of data during an Azure AD B2C policy executi ### Acquiring an access token -You can obtain an access token in one of several ways: by obtaining it [from a federated identity provider](idp-pass-through-user-flow.md), by calling a REST API that returns an access token, by using an [ROPC flow](../active-directory/develop/v2-oauth-ropc.md), or by using the [client credentials flow](../active-directory/develop/v2-oauth2-client-creds-grant-flow.md). The client credentials flow is commonly used for server-to-server interactions that must run in the background, without immediate interaction with a user. +You can obtain an access token in one of several ways, for the [from a federated identity provider](idp-pass-through-user-flow.md), by calling a REST API that returns an access token, by using an [ROPC flow](../active-directory/develop/v2-oauth-ropc.md), or by using the [client credentials flow](../active-directory/develop/v2-oauth2-client-creds-grant-flow.md). The client credentials flow is commonly used for server-to-server interactions that must run in the background, without immediate interaction with a user. <a name='acquiring-an-azure-ad-access-token-'></a> Before the technical profile can interact with Microsoft Entra ID to obtain an a 1. Select **Register**. 1. Record the **Application (client) ID**. -For a client credentials flow, you need to create an application secret. The client secret is also known as an application password. The secret will be used by your application to acquire an access token. +For a client credentials flow, you need to create an application secret. The client secret is also known as an application password. Your application uses the secret to acquire an access token. 1. In the **Microsoft Entra ID - App registrations** page, select the application you created, for example *Client_Credentials_Auth_app*. 1. In the left menu, under **Manage**, select **Certificates & secrets**. For the ServiceUrl, replace your-tenant-name with the name of your Microsoft Ent ### Change the REST technical profile to use bearer token authentication -To support bearer token authentication in your custom policy, modify the REST API technical profile with the following: +To support bearer token authentication in your custom policy, modify the REST API technical profile by using the following steps: 1. In your working directory, open the *TrustFrameworkExtensions.xml* extension policy file. 1. Search for the `<TechnicalProfile>` node that includes `Id="REST-API-SignUp"`. To support bearer token authentication in your custom policy, modify the REST AP ```xml <Item Key="AuthenticationType">Bearer</Item> ```-1. Change or add the *UseClaimAsBearerToken* to *bearerToken*, as follows. The *bearerToken* is the name of the claim that the bearer token will be retrieved from (the output claim from `REST-AcquireAccessToken`). +1. Change or add the *UseClaimAsBearerToken* to *bearerToken*, as follows. The *bearerToken* is the name of the claim that the bearer token is retrieved from (the output claim from `REST-AcquireAccessToken`). ```xml <Item Key="UseClaimAsBearerToken">bearerToken</Item> ``` -1. Ensure you add the claim used above as an input claim: +1. Add the claim from the previous step as an input claim: ```xml <InputClaim ClaimTypeReferenceId="bearerToken"/> ``` -After you add the above snippets, your technical profile should look like the following XML code: +After you update your policy, your technical profile should look similar to the following XML code: ```xml <ClaimsProvider> |
active-directory-b2c | Session Behavior | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/session-behavior.md | Integration with Azure AD B2C involves three types of SSO sessions: When a user successfully authenticates with a local or social account, Azure AD B2C stores a cookie-based session on the user's browser. The cookie is stored under the Azure AD B2C tenant domain name, such as `https://contoso.b2clogin.com`. -If a user initially signs in with a federated account, and then during the session time window (time-to-live, or TTL) signs in to the same app or a different app, Azure AD B2C tries to acquire a new access token from the federated identity provider. If the federated identity provider session is expired or invalid, the federated identity provider prompts the user for their credentials. If the session is still active (or if the user has signed in with a local account instead of a federated account), Azure AD B2C authorizes the user and eliminates further prompts. +When a user signs in with a federated account, a session time window, also known as time-to-live (TTL), starts. If the user signs in to the same or a different app within this TTL, Azure AD B2C attempts to acquire a new access token from the federated identity provider. If the federated identity provider session is expired or invalid, the federated identity provider prompts the user for their credentials. If the userΓÇÖs session is ongoing, or if the user is signed in using a local account instead of a federated one, Azure AD B2C authorizes the user and prevents any further prompts. You can configure the session behavior, including the session TTL and how Azure AD B2C shares the session across policies and applications. Consider the following scenario: 1. A user signs into Facebook to check their feed. 2. Later, the user opens your application and starts the sign-in process. The application redirects the user to Azure AD B2C to complete the sign-in process.-3. On the Azure AD B2C sign-up or sign-in page, the user chooses to sign-in with their Facebook account. The user is redirected to Facebook. If there is an active session at Facebook, the user is not prompted to provide their credentials and is immediately redirected to Azure AD B2C with a Facebook token. +3. On the Azure AD B2C sign-up or sign-in page, the user chooses to sign-in with their Facebook account. The user is redirected to Facebook. If there's an active session at Facebook, the user isn't prompted to provide their credentials and is immediately redirected to Azure AD B2C with a Facebook token. ### Application session -A web, mobile, or single page application can be protected by an OAuth2 access token, ID token, or SAML token. When a user tries to access a protected resource on the app, the app checks whether there is an active session on the application side. If there is no app session or the session has expired, the app will take the user to the Azure AD B2C sign-in page. +An OAuth2 access token, ID token, or SAML token can protect a web, mobile, or single page application. When a user tries to access a protected resource on the app, the app checks whether there's an active session on the application side. If an app session does not exist or the session expires, the app directs the user to the Azure AD B2C sign-in page. The application session can be a cookie-based session stored under the application domain name, such as `https://contoso.com`. Mobile applications might store the session in a different way but using a similar approach. You can configure the Azure AD B2C session behavior, including: - **Web app session timeout** - Indicates how a session is extended by the session lifetime setting or the Keep me signed in (KMSI) setting. - **Rolling** - Indicates that the session is extended every time the user performs a cookie-based authentication (default).- - **Absolute** - Indicates that the user is forced to re-authenticate after the time period specified. + - **Absolute** - Indicates that the user is forced to reauthenticate after the time period specified. - **Single sign-on configuration** - The Azure AD B2C session can be configured with the following scopes: - **Tenant** - This setting is the default. Using this setting allows multiple applications and user flows in your B2C tenant to share the same user session. For example, once a user signs into an application, the user can also seamlessly sign into another one upon accessing it. - **Application** - This setting allows you to maintain a user session exclusively for an application, independent of other applications. For example, you can use this setting if you want the user to sign in to Contoso Pharmacy regardless of whether the user is already signed into Contoso Groceries.- - **Policy** - This setting allows you to maintain a user session exclusively for a user flow, independent of the applications using it. For example, if the user has already signed in and completed a multi-factor authentication (MFA) step, the user can be given access to higher-security parts of multiple applications, as long as the session tied to the user flow doesn't expire. + - **Policy** - This setting allows you to maintain a user session exclusively for a user flow, independent of the applications using it. For instance, Azure AD B2C grants the user access to higher-security parts of multiple applications if the user has already signed in and completed a multifactor authentication (MFA) step. This access continues as long as the session associated with the user flow remains active. - **Suppressed** - This setting forces the user to run through the entire user flow upon every execution of the policy. ::: zone pivot="b2c-user-flow" You can enable the KMSI feature for users of your web and native applications wh KMSI is configurable at the individual user flow level. Before enabling KMSI for your user flows, consider the following: -- KMSI is supported only for the **Recommended** versions of sign-up and sign-in (SUSI), sign-in, and profile editing user flows. If you currently have **Standard (Legacy)** or **Legacy preview - v2** versions of these user flows and want to enable KMSI, you'll need to create new, **Recommended** versions of these user flows.-- KMSI is not supported with password reset or sign-up user flows.+- KMSI is supported only for the **Recommended** versions of sign-up and sign-in (SUSI), sign-in, and profile editing user flows. If you currently have **Standard (Legacy)** or **Legacy preview - v2** versions of these user flows and want to enable KMSI, you need to create new, **Recommended** versions of these user flows. +- KMSI isn't supported with password reset or sign-up user flows. - If you want to enable KMSI for all applications in your tenant, we recommend that you enable KMSI for all user flows in your tenant. Because a user can be presented with multiple policies during a session, it's possible they could encounter one that doesn't have KMSI enabled, which would remove the KMSI cookie from the session.-- KMSI should not be enabled on public computers.+- KMSI shouldn't be enabled on public computers. ### Configure KMSI for a user flow To enable KMSI for your user flow: ::: zone pivot="b2c-custom-policy" -Users should not enable this option on public computers. +Users shouldn't enable this option on public computers. ### Configure the page identifier To enable KMSI, set the content definition `DataUri` element to [page identifier](contentdefinitions.md#datauri) `unifiedssp` and [page version](page-layout.md) *1.1.0* or above. -1. Open the extension file of your policy. For example, <em>`SocialAndLocalAccounts/`**`TrustFrameworkExtensions.xml`**</em>. This extension file is one of the policy files included in the custom policy starter pack, which you should have obtained in the prerequisite, [Get started with custom policies](tutorial-create-user-flows.md?pivots=b2c-custom-policy). +1. Open the extension file of your policy. For example, <em>`SocialAndLocalAccounts/`**`TrustFrameworkExtensions.xml`**</em>. This extension file is one of the policy files included in the custom policy starter pack, which you obtain in the prerequisite, [Get started with custom policies](tutorial-create-user-flows.md?pivots=b2c-custom-policy). 1. Search for the **BuildingBlocks** element. If the element doesn't exist, add it. 1. Add the **ContentDefinitions** element to the **BuildingBlocks** element of the policy. To add the KMSI checkbox to the sign-up and sign-in page, set the `setting.enabl 1. Find the ClaimsProviders element. If the element doesn't exist, add it. 1. Add the following claims provider to the ClaimsProviders element: -```xml -<ClaimsProvider> - <DisplayName>Local Account</DisplayName> - <TechnicalProfiles> - <TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email"> - <Metadata> - <Item Key="setting.enableRememberMe">True</Item> - </Metadata> - </TechnicalProfile> - </TechnicalProfiles> -</ClaimsProvider> -``` + ```xml + <ClaimsProvider> + <DisplayName>Local Account</DisplayName> + <TechnicalProfiles> + <TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email"> + <Metadata> + <Item Key="setting.enableRememberMe">True</Item> + </Metadata> + </TechnicalProfile> + </TechnicalProfiles> + </ClaimsProvider> + ``` 1. Save the extensions file. ### Configure a relying party file -Update the relying party (RP) file that initiates the user journey that you created. The keepAliveInDays parameter allows you to configure how the long the keep me signed in (KMSI) session cookie should persist. For example, if you set the value to 30, then KMSI session cookie will persist for 30 days. The range for the value is from 1 to 90 days. Setting the value to 0 turns off KMSI functionality. +Update the relying party (RP) file that initiates the user journey that you created. The `keepAliveInDays` parameter allows you to configure how the long the keep me signed in (KMSI) session cookie should persist. For example, if you set the value to 30, then KMSI session cookie persists for 30 days. The range for the value is from 1 to 90 days. Setting the value to 0 turns off KMSI functionality. 1. Open your custom policy file. For example, *SignUpOrSignin.xml*. 1. If it doesn't already exist, add a `<UserJourneyBehaviors>` child node to the `<RelyingParty>` node. It must be located immediately after `<DefaultUserJourney ReferenceId="User journey Id" />`, for example: `<DefaultUserJourney ReferenceId="SignUpOrSignIn" />`. You set both KeepAliveInDays and SessionExpiryInSeconds so that during a sign-in ::: zone-end -## Sign-out +## Sign out -When you want to sign the user out of the application, it isn't enough to clear the application's cookies or otherwise end the session with the user. You must redirect the user to Azure AD B2C to sign out. Otherwise, the user might be able to re-authenticate to your applications without entering their credentials again. +When you want to sign the user out of the application, it isn't enough to clear the application's cookies or otherwise end the session with the user. You must redirect the user to Azure AD B2C to sign out. Otherwise, the user might be able to reauthenticate to your applications without entering their credentials again. Upon a sign-out request, Azure AD B2C: Upon a sign-out request, Azure AD B2C: 1. Invalidates the Azure AD B2C cookie-based session. 1. Attempts to sign out from federated identity providers:- - OpenId Connect - If the identity provider well-known configuration endpoint specifies an `end_session_endpoint` location. The sign-out request doesn't pass the `id_token_hint` parameter. If the federated identity provider requires this parameter, the sign-out request will fail. + - OpenId Connect - If the identity provider well-known configuration endpoint specifies an `end_session_endpoint` location. The sign-out request doesn't pass the `id_token_hint` parameter. If the federated identity provider requires this parameter, the sign-out request fails. - OAuth2 - If the [identity provider metadata](oauth2-technical-profile.md#end-session-endpoint) contains the `end_session_endpoint` location. - SAML - If the [identity provider metadata](identity-provider-generic-saml.md) contains the `SingleLogoutService` location. 1. Optionally, signs-out from other applications. For more information, see the [Single sign-out](#single-sign-out) section. The sign-out clears the user's single sign-on state with Azure AD B2C, but it mi ## Single sign-out -When you redirect the user to the [Azure AD B2C sign-out endpoint](openid-connect.md#send-a-sign-out-request) (for both OAuth2 and OpenID Connect) or send a `LogoutRequest` (for SAML), Azure AD B2C clears the user's session from the browser. However, the user might still be signed in to other applications that use Azure AD B2C for authentication. To sign the user out of all applications which have an active session, Azure AD B2C supports *single sign-out*, also known as *Single Log-Out (SLO)*. +When you redirect the user to the [Azure AD B2C sign-out endpoint](openid-connect.md#send-a-sign-out-request) (for both OAuth2 and OpenID Connect) or send a `LogoutRequest` (for SAML), Azure AD B2C clears the user's session from the browser. However, the user might still be signed in to other applications that use Azure AD B2C for authentication. To sign the user out of all applications, which have an active session, Azure AD B2C supports *single sign-out*, also known as *Single Log-Out (SLO)*. During the sign-out, Azure AD B2C simultaneously sends an HTTP request to the registered logout URL of all the applications that the user is currently signed in to. In order for an application to participate in single sign-out: ### Handling single sign-out requests -When Azure AD B2C receives the logout request, it uses a front-channel HTML iframe to send an HTTP request to the registered logout URL of each participating application that the user is currently signed in to. Note, the application that triggers the sign-out request will not get this log-out message. Your applications must respond to the sign-out request by clearing the application session that identifies the user. +When Azure AD B2C receives the logout request, it uses a front-channel HTML iframe to send an HTTP request to the registered logout URL of each participating application that the user is currently signed in to. Note, the application that triggers the sign-out request gets this log-out message. Your applications must respond to the sign-out request by clearing the application session that identifies the user. - For OpenID Connect and OAuth2 applications, Azure AD B2C sends an HTTP GET request to the registered logout URL. - For SAML applications, Azure AD B2C sends a SAML logout request to the registered logout URL. -When all applications have been notified of the log-out, Azure AD B2C will do one of the following: +When Azure AD B2C notifies all applications about the sign-out, it proceeds to do one of the following: -- For OpenID Connect or OAuth2 applications, the user is redirected to the requested `post_logout_redirect_uri` including the (optional) `state` parameter specified in the initial request. For example `https://contoso.com/logout?state=foo`.-- For SAML applications, a SAML logout response is sent via HTTP POST to the application that initially sent the logout request.+- For OpenID Connect or OAuth2 applications, it redirects the user to the requested `post_logout_redirect_uri` including the (optional) `state` parameter specified in the initial request. For example `https://contoso.com/logout?state=foo`. +- For SAML applications, it sends a SAML logout response via HTTP POST to the application that initially sent the logout request. ::: zone-end ### Secure your logout redirect -After logout, the user is redirected to the URI specified in the `post_logout_redirect_uri` parameter, regardless of the reply URLs that have been specified for the application. However, if a valid `id_token_hint` is passed and the **Require ID Token in logout requests** is turned on, Azure AD B2C verifies that the value of `post_logout_redirect_uri` matches one of the application's configured redirect URIs before performing the redirect. If no matching reply URL was configured for the application, an error message is displayed and the user is not redirected. +After logout, the user is redirected to the URI specified in the `post_logout_redirect_uri` parameter, regardless of the reply URLs that you specify for the application. However, if a valid `id_token_hint` is passed and the **Require ID Token in logout requests** is turned on, Azure AD B2C verifies that the value of `post_logout_redirect_uri` matches one of the application's configured redirect URIs before performing the redirect. If no matching reply URL was configured for the application, an error message is displayed and the user isn't redirected. ::: zone pivot="b2c-user-flow" To require an ID Token in logout requests: 1. Open the user flow that you previously created. 1. Select **Properties**. 1. Enable the **Require ID Token in logout requests**.-1. Go back to **Azure AD B2C**. -1. Select **App registrations**, and then select your application. -1. Select **Authentication**. -1. In the **Logout URL** text box, type your post logout redirect URI, and then select **Save**. ::: zone-end To require an ID Token in logout requests, add a **UserJourneyBehaviors** elemen To configure your application Logout URL: -1. Sign in to the [Azure portal](https://portal.azure.com). -1. If you have access to multiple tenants, select the **Settings** icon in the top menu to switch to your Azure AD B2C tenant from the **Directories + subscriptions** menu. -1. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**. 1. Select **App registrations**, and then select your application. 1. Select **Authentication**. 1. In the **Logout URL** text box, type your post logout redirect URI, and then select **Save**. |
active-directory-b2c | Tenant Management Emergency Access Account | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tenant-management-emergency-access-account.md | When you configure these accounts, the following requirements need to be met: - The emergency access accounts shouldn't be associated with any individual user in the organization. Make sure that your accounts aren't connected with any employee-supplied mobile phones, hardware tokens that travel with individual employees, or other employee-specific credentials. This precaution covers instances where an individual employee is unreachable when the credential is needed. It's important to ensure that any registered devices are kept in a known, secure location that has multiple means of communicating with Azure AD B2C. -- Use strong authentication for your emergency access accounts and make sure it doesnΓÇÖt use the same authentication methods as your other administrative accounts. For example, if your normal administrator account uses the Microsoft Authenticator app for strong authentication, use a FIDO2 security key for your emergency accounts.+- Use strong authentication for your emergency access accounts and make sure it doesnΓÇÖt use the same authentication methods as your other administrative accounts. - The device or credential must not expire or be in scope of automated cleanup due to lack of use. Use the following steps to create an emergency access account: Once you create your emergency accounts, you need to do the following: -- Make sure you [exclude at least one account from phone-based multi-factor authentication](../active-directory/roles/security-emergency-access.md#exclude-at-least-one-account-from-phone-based-multi-factor-authentication)+- Make sure you [exclude at least one account from phone-based multifactor authentication](../active-directory/roles/security-emergency-access.md#exclude-at-least-one-account-from-phone-based-multi-factor-authentication) - If you use [Conditional Access](conditional-access-user-flow.md), at least one emergency access account needs to be excluded from all conditional access policies. |
active-directory-b2c | Troubleshoot With Application Insights | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/troubleshoot-with-application-insights.md | To create an instance of Application Insights in your subscription, follow these 1. Select **Create a resource** in the left-hand navigation menu. 1. Search for and select **Application Insights**, then select **Create**. 1. Complete the form, select **Review + create**, and then select **Create**.-1. Once the deployment has been completed, select **Go to resource**. +1. Once the deployment completes, select **Go to resource**. 1. Under **Configure** in Application Insights menu, select **Properties**. 1. Record the **INSTRUMENTATION KEY** for use in a later step. To create an instance of Application Insights in your subscription, follow these ``` * `DeveloperMode="true"` tells ApplicationInsights to expedite the telemetry through the processing pipeline. Good for development, but constrained at high volumes. In production, set the `DeveloperMode` to `false`.- * `ClientEnabled="true"` sends the ApplicationInsights client-side script for tracking page view and client-side errors. You can view these in the **browserTimings** table in the Application Insights portal. By setting `ClientEnabled= "true"`, you add Application Insights to your page script and you get timings of page loads and AJAX calls, counts, details of browser exceptions and AJAX failures, and user and session counts. This field is **optional**, and is set to `false` by default. + * `ClientEnabled="true"` sends the ApplicationInsights client-side script for tracking page view and client-side errors. You can view this in the **browserTimings** table in the Application Insights portal. By setting `ClientEnabled= "true"`, you add Application Insights to your page script and you get timings of page loads and AJAX calls, counts, details of browser exceptions and AJAX failures, and user and session counts. This field is **optional**, and is set to `false` by default. * `ServerEnabled="true"` sends the existing UserJourneyRecorder JSON as a custom event to Application Insights. For example: To create an instance of Application Insights in your subscription, follow these ## See the logs in Application Insights -There is a short delay, typically less than five minutes, before you can see new logs in Application Insights. +There's a short delay, typically less than five minutes, before you can see new logs in Application Insights. 1. Open the Application Insights resource that you created in the [Azure portal](https://portal.azure.com). 1. On the **Overview** page, select **Logs**. 1. Open a new tab in Application Insights. -Here is a list of queries you can use to see the logs: +Here's a list of queries you can use to see the logs: | Query | Description | ||--| We recommend you to install the [Azure AD B2C extension](https://marketplace.vis After you set up the Application Insights, and configure the custom policy, you need to get your Application Insights **API ID**, and create **API Key**. Both the API ID and API key are used by Azure AD B2C extension to read the Application Insights events (telemetries). Your API keys should be managed like passwords. Keep it secret. > [!NOTE]-> Application Insights instrumentation key that your create earlier is used by Azure AD B2C to send telemetries to Application Insights. You use the instrumentation key only in your Azure AD B2C policy, not in the vs code extension. +> Application Insights instrumentation key that your create earlier is used by Azure AD B2C to send telemetries to Application Insights. You use the instrumentation key only in your Azure AD B2C policy, not in the VS Code extension. To get Application Insights ID and key: To get Application Insights ID and key: 1. Copy the **Application ID** 1. Select **Create API Key** 1. Check the **Read telemetry** box.-1. Copy the **Key** before closing the Create API key blade and save it somewhere secure. If you lose the key, you'll need to create another. +1. Copy the **Key** before closing the Create API key blade and save it somewhere secure. If you lose the key, you need to create another. ![Screenshot that demonstrates how to create API access key.](./media/troubleshoot-with-application-insights/application-insights-api-access.png) ### Set up Azure AD B2C VS Code extension -Now the you have Azure Application insights API ID and Key, you can configure the vs code extension to read the logs. Azure AD B2C VS Code extension provides two scopes for settings: +Now that you have Azure Application insights API ID and Key, you can configure the VS Code extension to read the logs. Azure AD B2C VS Code extension provides two scopes for settings: - **User Global Settings** - Settings that apply globally to any instance of VS Code you open. - **Workspace Settings** - Settings stored inside your workspace and only apply when the workspace is opened (using VS Code **open folder**). Now the you have Azure Application insights API ID and Key, you can configure th 1. Provide the Azure Application Insights **ID** and **key**. 1. Click **Save** -After you save the settings the Application insights logs appear on the **Azure AD B2C Trace (App Insights)** window. +After you save the settings, the Application insights logs appear on the **Azure AD B2C Trace (App Insights)** window. ![Screenshot of Azure AD B2C extension for vscode, presenting the Azure Application insights trace.](./media/troubleshoot-with-application-insights/vscode-extension-application-insights-trace.png) ## Configure Application Insights in Production -To improve your production environment performance and better user experience, it's important to configure your policy to ignore messages that are unimportant. Use the following configuration in production environments and no logs will be sent to your application insights. +To improve your production environment performance and better user experience, it's important to configure your policy to ignore messages that are unimportant. Use the following configuration in production environments and no logs are sent to your application insights. 1. Set the `DeploymentMode` attribute of the [TrustFrameworkPolicy](trustframeworkpolicy.md) to `Production`. |
active-directory-b2c | Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/troubleshoot.md | There are 2 solutions to this problem: ## User canceled the operation Azure AD B2C service can also return an error to your application when a user cancels an operation. The following are examples of scenarios where a user performs a cancel operation: -- A user policy uses the recommended [self service password reset (SSPR) experience](add-password-reset-policy.md#self-service-password-reset-recommended) with a consumer local account. The user selects the **Forgot your password?** link , and then selects **Cancel** button before the user flow experience completes. In this case, Azure AD B2C service returns error code `AADB2C90091` to your application. +- A user policy uses the recommended [self service password reset (SSPR) experience](add-password-reset-policy.md#self-service-password-reset-recommended) with a consumer local account. The user selects the **Forgot your password?** link, and then selects **Cancel** button before the user flow experience completes. In this case, Azure AD B2C service returns error code `AADB2C90091` to your application. - A user chooses to authenticate with an external identity provider such as [LinkedIn](identity-provider-linkedin.md). The user select **Cancel** button before authenticating to the identity provider itself. In this case, Azure AD B2C service returns error code `AADB2C90273` to your application. Learn more about [error codes Azure Active Directory B2C service return](error-codes.md). To handle this error, fetch the **error description** for the user and respond back with a new authentication request using the same user flow. You can include the correlation ID in your Azure AD B2C tokens. To include the c ## Troubleshooting with Application Insights -To diagnose problems with your custom policies, use [Application Insights](troubleshoot-with-application-insights.md). Application Insights traces the activity of your custom policy user journey. It provides a way to diagnose exceptions and observe the exchange of claims between Azure AD B2C and the various claims providers that are defined by technical profiles, such as identity providers, API-based services, the Azure AD B2C user directory, and other services. +To diagnose problems with your custom policies, use [Application Insights](troubleshoot-with-application-insights.md). Application Insights traces the activity of your custom policy user journey. It provides a way to diagnose exceptions and observe the exchange of claims between Azure AD B2C and the various claims providers. The claims providers are defined by technical profiles, such as identity providers, API-based services, the Azure AD B2C user directory, and other services. We recommend installing the [Azure AD B2C extension](https://marketplace.visualstudio.com/items?itemName=AzureADB2CTools.aadb2c) for [VS Code](https://code.visualstudio.com/). With the Azure AD B2C extension, the logs are organized for you by policy name, correlation ID (Application Insights presents the first digit of the correlation ID), and the log timestamp. This feature helps you find the relevant log based on the local timestamp and see the user journey as executed by Azure AD B2C. > [!NOTE]-> - There is a short delay, typically less than five minutes, before you can see new logs in Application Insights. -> - The community has developed the Visual Studio Code extension for Azure AD B2C to help identity developers. The extension is not supported by Microsoft and is made available strictly as-is. +> - There's a short delay, typically less than five minutes, before you can see new logs in Application Insights. +> - The community has developed the Visual Studio Code extension for Azure AD B2C to help identity developers. The extension isn't supported by Microsoft and is made available strictly as-is. A single sign-in flow can issue more than one Azure Application Insights trace. In the following screenshot, the *B2C_1A_signup_signin* policy has three logs. Each log represents part of the sign-in flow. The following screenshot shows the Azure AD B2C extension for VS Code with Azure ### Filter the trace log -With the focus on the Azure AD B2C trace explorer, start to type the first digit of the correlation ID, or a time you want to find. You'll see a filter box in the top-right of the Azure AD B2C trace explorer showing what you have typed so far, and matching trace logs will be highlighted. +With the focus on the Azure AD B2C trace explorer, start to type the first digit of the correlation ID, or a time you want to find. You see a filter box in the top-right of the Azure AD B2C trace explorer showing what you have typed so far, and matching trace logs are highlighted. ![Screenshot of Azure AD B2C extension Azure AD B2C trace explorer filter highlighting.](./media/troubleshoot-custom-policies/vscode-extension-application-insights-highlight.png) -Hovering over the filter box and selecting **Enable Filter on Type** will show only matching trace logs. Use the **'X' Clear button** to clear the filter. +Hovering over the filter box and selecting **Enable Filter on Type** shows only matching trace logs. Use the **'X' Clear button** to clear the filter. ![Screenshot of Azure AD B2C extension Azure AD B2C trace explorer filter.](./media/troubleshoot-custom-policies/vscode-extension-application-insights-filter.png) For JWT token validation and debugging purposes, your can decode JWTs using a si ![Screenshot of JWT token preview.](./media/troubleshoot-custom-policies/jwt-token-preview.png) -Use **Run now** and `https://jwt.ms` to test your policies independently of your web or mobile application. This website acts like a relying party application. It displays the contents of the JSON web token (JWT) that is generated by your Azure AD B2C policy. +Use **Run now** and `https://jwt.ms` to test your policies independently of your web or mobile application. This website acts like a relying party application. It displays the contents of the JSON web token (JWT) that your Azure AD B2C policy generates. ## Troubleshoot SAML protocol You can also trace the exchange of messages between your client browser and Azur After you finish developing your policy, you upload the policy to Azure AD B2C. There might be some issues with your policy, but you can validity your policy before you upload it. -The most common error in setting up custom policies is improperly formatted XML. A good XML editor is nearly essential. It displays XML natively, color-codes content, pre-fills common terms, keeps XML elements indexed, and can validate against an XML schema. +The most common error in setting up custom policies is improperly formatted XML. A good XML editor is nearly essential. It displays XML natively, color-codes content, prefills common terms, keeps XML elements indexed, and can validate against an XML schema. We recommend using [Visual Studio Code](https://code.visualstudio.com/). Then install an XML extension, such as [XML Language Support by Red Hat](https://marketplace.visualstudio.com/items?itemName=redhat.vscode-xml). The XML extension let's you validate the XML schema before you upload your XML file, using custom policy [XSD](https://raw.githubusercontent.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/master/TrustFrameworkPolicy_0.3.0.0.xsd) schema definition. In the following case, the `DisplayName` element is correct. But, in the wrong o ## Upload policies and policy validation -Validation of the XML policy file is performed automatically on upload. Most errors cause the upload to fail. Validation includes the policy file that you are uploading. It also includes the chain of files the upload file refers to (the relying party policy file, the extensions file, and the base file). +Validation of the XML policy file is performed automatically on upload. Most errors cause the upload to fail. Validation includes the policy file that you want to upload. It also includes the chain of files the upload file refers to (the relying party policy file, the extensions file, and the base file). > [!TIP] > Azure AD B2C runs additional validation for relying party policy. When having an issue with your policy, even if you edit only the extension policy, it's a good practice to upload the relying party policy as well. A user [journey](userjourneys.md) or [sub journey](subjourneys.md) consist of an > [!TIP] > You can use the [Azure AD B2C extension](https://marketplace.visualstudio.com/items?itemName=AzureADB2CTools.aadb2c) for [VS Code](https://code.visualstudio.com/) `(Shift+Ctrl+r)` command to renumber all of the user journeys and sub journeys orchestration steps in your policy. -### ...was expected to have step with order "{number}" but it was not found... +### ...was expected to have step with order "{number}", but it was not found... Check the previous error. To fix this type of error, change the eighth orchestration steps' claims exchang ### ...makes a reference to ClaimType with id "{claim name}" but neither the policy nor any of its base policies contain such an element -This type of error happens when your policy makes a reference to a claim that is not declared in the [claims schema](claimsschema.md). Claims must be defined in at least one of the files in the policy. +This type of error happens when your policy makes a reference to a claim that isn't declared in the [claims schema](claimsschema.md). Claims must be defined in at least one of the files in the policy. For example, a technical profile with the *schoolId* output claim. But the output claim *schoolId* is never declared in the policy, or in an ancestor policy. For example, a technical profile with the *schoolId* output claim. But the outpu </OutputClaims> ``` -To fix this type of error, check whether the `ClaimTypeReferenceId` value is misspelled, or does not exist in the schema. If the claim is defined in the extensions policy, but it's also being used in the base policy. Make sure the claim is defined in the policy it's used in, or in an upper level policy. +To fix this type of error, check whether the `ClaimTypeReferenceId` value is misspelled, or doesn't exist in the schema. If the claim is defined in the extensions policy, but it's also being used in the base policy. Make sure the claim is defined in the policy it's used in, or in an upper level policy. Adding the claim to the claims schema solves this type of error. The cause for this error is similar to the one for the claim error. Check the pr ### User is currently logged as a user of 'yourtenant.onmicrosoft.com' tenant... -You login with an account from a tenant that is different than the policy you try to upload. For example, your sign-in with admin@contoso.onmicrosoft.com, while your policy `TenantId` is set to `fabrikam.onmicrosoft.com`. +You sign in with an account from a tenant that is different than the policy you try to upload. For example, your sign in with admin@contoso.onmicrosoft.com, while your policy `TenantId` is set to `fabrikam.onmicrosoft.com`. ```xml <TrustFrameworkPolicy ... You login with an account from a tenant that is different than the policy you tr ### Claim type "{name}" is the output claim of the relying party's technical profile, but it is not an output claim in any of the steps of user journey... -In a relying party policy, you added an output claim, but the output claim is not an output claim in any of the steps of user journey. Azure AD B2C can't read the claim value from the claims bag. +In a relying party policy, you added an output claim, but the output claim isn't an output claim in any of the steps of user journey. Azure AD B2C can't read the claim value from the claims bag. -In the following example, the *schoolId* claim is an output claim of the relying party's technical profile, but it is not an output claim in any of the steps of *SignUpOrSignIn* user journey. +In the following example, the *schoolId* claim is an output claim of the relying party's technical profile, but it isn't an output claim in any of the steps of *SignUpOrSignIn* user journey. ```xml <RelyingParty> |
active-directory-b2c | Tutorial Register Applications | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-register-applications.md | In this article, you learned how to: > * Register a web application > * Create a client secret -Next, learn how to create user flows to enable your users to sign up, sign in, and manage their profiles. --> [!div class="nextstepaction"] -> [Create user flows in Azure Active Directory B2C >](tutorial-create-user-flows.md) +Learn how to [Create user flows in Azure Active Directory B2C](tutorial-create-user-flows.md) |
active-directory-b2c | Tutorial Register Spa | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/tutorial-register-spa.md | Title: Register a single-page application (SPA) in Azure Active Directory B2C + Title: Register a single-page application in Azure Active Directory B2C description: Follow this guide to learn how to register a single-page application (SPA) in Azure Active Directory B2C using the Azure portal. -# Register a single-page application (SPA) in Azure Active Directory B2C +# Register a single-page application in Azure Active Directory B2C Before your [applications](application-types.md) can interact with Azure Active Directory B2C (Azure AD B2C), they must be registered in a tenant that you manage. This guide shows you how to register a single-page application ("SPA") using the Azure portal. This authentication flow doesn't include application scenarios that use cross-pl - If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin. -- If you haven't already created your own [Azure AD B2C Tenant](tutorial-create-tenant.md), create one now. You can use an existing Azure AD B2C tenant.+- If you don't have an [Azure AD B2C Tenant](tutorial-create-tenant.md), create one now. You can use an existing Azure AD B2C tenant. ## Register the SPA application This authentication flow doesn't include application scenarios that use cross-pl 1. Under **Supported account types**, select **Accounts in any identity provider or organizational directory (for authenticating users with user flows)** 1. Under **Redirect URI**, select **Single-page application (SPA)**, and then enter `https://jwt.ms` in the URL text box. - The redirect URI is the endpoint to where the user is sent by the authorization server (Azure AD B2C, in this case) after completing its interaction with the user. Also, the redirect URI endpoint receives the access token or authorization code upon successful authorization. In a production application, it's typically a publicly accessible endpoint where your app is running, like `https://contoso.com/auth-response`. For testing purposes like this guide, you can set it to `https://jwt.ms`, a Microsoft-owned web application that displays the decoded contents of a token (the contents of the token never leave your browser). During app development, you might add the endpoint where your application listens locally, like `http://localhost:5000`. You can add and modify redirect URIs in your registered applications at any time. + The redirect URI is the endpoint to where authorization server (Azure AD B2C, in this case) sends the user after it completes its interaction with the user. Also, the redirect URI endpoint receives the access token or authorization code upon successful authorization. In a production application, it's typically a publicly accessible endpoint where your app is running, like `https://contoso.com/auth-response`. For testing purposes like this guide, you can set it to `https://jwt.ms`, a Microsoft-owned web application that displays the decoded contents of a token (the contents of the token never leave your browser). During app development, you might add the endpoint where your application listens locally, like `http://localhost:5000`. You can add and modify redirect URIs in your registered applications at any time. The following restrictions apply to redirect URIs: This authentication flow doesn't include application scenarios that use cross-pl ## Enable the implicit flow -If your SPA app uses MSAL.js 1.3 or earlier and the implicit grant flow or you configure the [https://jwt.ms/](https://jwt.ms/) app for testing a user flow or custom policy, you need to enable the implicit grant flow in the app registration: +If youΓÇÖre using MSAL.js 1.3 or an earlier version with the implicit grant flow in your SPA app, or if you configure the [https://jwt.ms/](https://jwt.ms/) app for testing a user flow or custom policy, you need to enable the implicit grant flow in the app registration: 1. In the left menu, under **Manage**, select **Authentication**. If you've an existing application that uses the implicit flow, we recommend that When all your production SPA represented by an app registration starts using the authorization code flow, disable the implicit grant flow settings as follows: 1. In the left menu, under **Manage**, select **Authentication**.-1. Under **Implicit grant**, de-select both the **Access tokens** and **ID tokens** check boxes. +1. Under **Implicit grant**, deselect both the **Access tokens** and **ID tokens** check boxes. 1. Select **Save**. Applications using the implicit flow can continue to function if you leave the implicit flow enabled (checked). -* * * ## Next steps -Next, learn how to create user flows to enable your users to sign up, sign in, and manage their profiles. --> [!div class="nextstepaction"] -> [Create user flows in Azure Active Directory B2C >](tutorial-create-user-flows.md) +Learn how to [Create user flows in Azure Active Directory B2C](tutorial-create-user-flows.md). |
active-directory-b2c | User Profile Attributes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/active-directory-b2c/user-profile-attributes.md | Title: User profile attributes in Azure Active Directory B2C -description: Learn about the user resource type attributes that are supported by the Azure AD B2C directory user profile. Find out about built-in attributes, extensions, and how attributes map to Microsoft Graph. +description: Learn about the user resource type attributes that Azure AD B2C directory user profile supports. Find out about built-in attributes, extensions, and how attributes map to Microsoft Graph. -Most of the attributes that can be used with Azure AD B2C user profiles are also supported by Microsoft Graph. This article describes supported Azure AD B2C user profile attributes. It also notes those attributes that are not supported by Microsoft Graph, as well as Microsoft Graph attributes that should not be used with Azure AD B2C. +Microsoft Graph API supports most of the attributes that you can use with Azure This article describes user profile attributes that Azure AD B2C supports. It also notes those attributes that Microsoft Graph doesn't support, and Microsoft Graph API attributes that Azure AD B2C shouldn't use. > [!IMPORTANT] > You shouldn't use built-in or extension attributes to store sensitive personal data, such as account credentials, government identification numbers, cardholder data, financial account data, healthcare information, or sensitive background information. You can also integrate with external systems. For example, you can use Azure AD ## Microsoft Entra user resource type -The table below lists the [user resource type](/graph/api/resources/user) attributes that are supported by the Azure AD B2C directory user profile. It gives the following information about each attribute: +Azure AD B2C directory user profile supports the [user resource type](/graph/api/resources/user) attributes listed in the table below. It gives the following information about each attribute: - Attribute name used by Azure AD B2C (followed by the Microsoft Graph name in parentheses, if different) - Attribute data type The table below lists the [user resource type](/graph/api/resources/user) attrib - Whether the attribute can be used in a user flow - Whether the attribute can be used in a custom policy [Microsoft Entra ID technical profile](active-directory-technical-profile.md) and in which section (<InputClaims>, <OutputClaims>, or <PersistedClaims>) -|Name |Type |Description|Azure portal|User flows|Custom policy| +|Name |Date type |Description|Available in Azure portal|Used in user flows|Used in custom policy| |||-||-|-| |accountEnabled |Boolean|Whether the user account is enabled or disabled: **true** if the account is enabled, otherwise **false**.|Yes|No|Persisted, Output| |ageGroup |String|The user's age group. Possible values: null, Undefined, Minor, Adult, NotAdult.|Yes|No|Persisted, Output| |alternativeSecurityId ([Identities](#identities-attribute))|String|A single user identity from the external identity provider.|No|No|Input, Persisted, Output| |alternativeSecurityIds ([Identities](#identities-attribute))|alternative securityId collection|A collection of user identities from external identity providers.|No|No|Persisted, Output|-|city |String|The city in which the user is located. Max length 128.|Yes|Yes|Persisted, Output| +|city |String|The userΓÇÖs city of residence.. Max length 128.|Yes|Yes|Persisted, Output| |consentProvidedForMinor|String|Whether the consent has been provided for a minor. Allowed values: null, granted, denied, or notRequired.|Yes|No|Persisted, Output|-|country |String|The country/region in which the user is located. Example: "US" or "UK". Max length 128.|Yes|Yes|Persisted, Output| +|country |String|The userΓÇÖs country/region of residence.. For example: *US* or *UK*. Max length 128.|Yes|Yes|Persisted, Output| |createdDateTime|DateTime|The date the user object was created. Read only.|No|No|Persisted, Output| |creationType |String|If the user account was created as a local account for an Azure Active Directory B2C tenant, the value is LocalAccount or nameCoexistence. Read only.|No|No|Persisted, Output| |dateOfBirth |Date|Date of birth.|No|No|Persisted, Output| The table below lists the [user resource type](/graph/api/resources/user) attrib |mobile (mobilePhone) |String|The primary cellular telephone number for the user. Max length 64.|Yes|No|Persisted, Output| |netId |String|Net ID.|No|No|Persisted, Output| |objectId |String|A globally unique identifier (GUID) that is the unique identifier for the user. Example: 12345678-9abc-def0-1234-56789abcde. Read only, Immutable.|Read only|Yes|Input, Persisted, Output|-|otherMails |String collection|A list of other email addresses for the user. Example: ["bob@contoso.com", "Robert@fabrikam.com"]. NOTE: Accent characters are not allowed.|Yes (Alternate email)|No|Persisted, Output| +|otherMails |String collection|A list of other email addresses for the user. Example: ["bob@contoso.com", "Robert@fabrikam.com"]. NOTE: Accent characters aren't allowed.|Yes (Alternate email)|No|Persisted, Output| |password |String|The password for the local account during user creation.|No|No|Persisted| |passwordPolicies |String|Policy of the password. It's a string consisting of different policy name separated by comma. For example, "DisablePasswordExpiration, DisableStrongPassword".|No|No|Persisted, Output| |physicalDeliveryOfficeName (officeLocation)|String|The office location in the user's place of business. Max length 128.|Yes|No|Persisted, Output| |postalCode |String|The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. Max length 40.|Yes|No|Persisted, Output|-|preferredLanguage |String|The preferred language for the user. The preferred language format is based on RFC 4646. The name is a combination of an ISO 639 two-letter lowercase culture code associated with the language, and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: "en-US", or "es-ES".|No|No|Persisted, Output| -|refreshTokensValidFromDateTime (signInSessionsValidFromDateTime)|DateTime|Any refresh tokens issued before this time are invalid, and applications will get an error when using an invalid refresh token to acquire a new access token. If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint. Read-only.|No|No|Output| +|preferredLanguage |String|The preferred language for the user. The preferred language format is based on RFC 4646. The name is a combination of an ISO 639 two-letter lowercase culture code associated with the language, and an ISO 3166 two-letter uppercase subculture code associated with the country or region. For example: *en-US*, or *es-ES*.|No|No|Persisted, Output| +|refreshTokensValidFromDateTime (signInSessionsValidFromDateTime)|DateTime|Any refresh tokens issued before this time are invalid, and applications get an error when using an invalid refresh token to acquire a new access token. In this case, the application needs to acquire a new refresh token by making a request to the authorize endpoint. Read-only.|No|No|Output| |signInNames ([Identities](#identities-attribute)) |String|The unique sign-in name of the local account user of any type in the directory. Use this attribute to get a user with sign-in value without specifying the local account type.|No|No|Input|-|signInNames.userName ([Identities](#identities-attribute)) |String|The unique username of the local account user in the directory. Use this attribute to create or get a user with a specific sign-in username. Specifying this in PersistedClaims alone during Patch operation will remove other types of signInNames. If you would like to add a new type of signInNames, you also need to persist existing signInNames. NOTE: Accent characters are not allowed in the username.|No|No|Input, Persisted, Output| -|signInNames.phoneNumber ([Identities](#identities-attribute)) |String|The unique phone number of the local account user in the directory. Use this attribute to create or get a user with a specific sign-in phone number. Specifying this attribute in PersistedClaims alone during Patch operation will remove other types of signInNames. If you would like to add a new type of signInNames, you also need to persist existing signInNames.|No|No|Input, Persisted, Output| -|signInNames.emailAddress ([Identities](#identities-attribute))|String|The unique email address of the local account user in the directory. Use this to create or get a user with a specific sign-in email address. Specifying this attribute in PersistedClaims alone during Patch operation will remove other types of signInNames. If you would like to add a new type of signInNames, you also need to persist existing signInNames.|No|No|Input, Persisted, Output| +|signInNames.userName ([Identities](#identities-attribute)) |String|The unique username of the local account user in the directory. Use this attribute to create or get a user with a specific sign-in username. Specifying this attribute in PersistedClaims alone during Patch operation removes other types of signInNames. If you would like to add a new type of signInNames, you also need to persist existing signInNames. NOTE: Accent characters aren't allowed in the username.|No|No|Input, Persisted, Output| +|signInNames.phoneNumber ([Identities](#identities-attribute)) |String|The unique phone number of the local account user in the directory. Use this attribute to create or get a user with a specific sign-in phone number. Specifying this attribute in PersistedClaims alone during Patch operation removes other types of signInNames. If you would like to add a new type of signInNames, you also need to persist existing signInNames.|No|No|Input, Persisted, Output| +|signInNames.emailAddress ([Identities](#identities-attribute))|String|The unique email address of the local account user in the directory. Use this attribute to create or get a user with a specific sign-in email address. Specifying this attribute in PersistedClaims alone during Patch operation removes other types of signInNames. If you would like to add a new type of signInNames, you also need to persist existing signInNames.|No|No|Input, Persisted, Output| |state |String|The state or province in the user's address. Max length 128.|Yes|Yes|Persisted, Output| |streetAddress |String|The street address of the user's place of business. Max length 1024.|Yes|Yes|Persisted, Output|-|strongAuthentication AlternativePhoneNumber<sup>1</sup>|String|The secondary telephone number of the user, used for multi-factor authentication.|Yes|No|Persisted, Output| -|strongAuthenticationEmailAddress<sup>1</sup>|String|The SMTP address for the user. Example: "bob@contoso.com" This attribute is used for sign-in with username policy, to store the user email address. The email address then used in a password reset flow. Accent characters are not allowed in this attribute.|Yes|No|Persisted, Output| -|strongAuthenticationPhoneNumber<sup>2</sup>|String|The primary telephone number of the user, used for multi-factor authentication.|Yes|No|Persisted, Output| +|strongAuthentication AlternativePhoneNumber<sup>1</sup>|String|The secondary telephone number of the user, used for multifactor authentication.|Yes|No|Persisted, Output| +|strongAuthenticationEmailAddress<sup>1</sup>|String|The SMTP address for the user. Example: "bob@contoso.com" This attribute is used for sign-in with username policy, to store the user email address. The email address then used in a password reset flow. Accent characters aren't allowed in this attribute.|Yes|No|Persisted, Output| +|strongAuthenticationPhoneNumber<sup>2</sup>|String|The primary telephone number of the user, used for multifactor authentication.|Yes|No|Persisted, Output| |surname |String|The user's surname (family name or last name). Max length 64.|Yes|Yes|Persisted, Output| |telephoneNumber (first entry of businessPhones)|String|The primary telephone number of the user's place of business.|Yes|No|Persisted, Output| |userPrincipalName |String|The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. The domain must be present in the tenant's collection of verified domains. This property is required when an account is created. Immutable.|No|No|Input, Persisted, Output|-|usageLocation |String|Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries/regions. Not nullable. A two letter country/region code (ISO standard 3166). Examples: "US", "JP", and "GB".|Yes|No|Persisted, Output| +|usageLocation |String|Required for users that are assigned licenses due to legal requirement to check for availability of services in countries/regions. Not nullable. A two letter country/region code (ISO standard 3166). For examples, *US*, *JP*, and *GB*.|Yes|No|Persisted, Output| |userType |String|A string value that can be used to classify user types in your directory. Value must be Member. Read-only.|Read only|No|Persisted, Output| |userState (externalUserState)<sup>3</sup>|String|For Microsoft Entra B2B account only, and it indicates whether the invitation is PendingAcceptance or Accepted.|No|No|Persisted, Output| |userStateChangedOn (externalUserStateChangeDateTime)<sup>2</sup>|DateTime|Shows the timestamp for the latest change to the UserState property.|No|No|Persisted, Output| A customer account, which could be a consumer, partner, or citizen, can be assoc A user with a customer account can sign in with multiple identities. For example, username, email, employee ID, government ID, and others. A single account can have multiple identities, both local and social, with the same password. -In the Microsoft Graph API, both local and federated identities are stored in the user `identities` attribute, which is of type [objectIdentity](/graph/api/resources/objectidentity). The `identities` collection represents a set of identities used to sign in to a user account. This collection enables the user to sign in to the user account with any of its associated identities. The identities attribute can contain up to ten [objectIdentity](/graph/api/resources/objectidentity) objects. Each object contains the following properties: +In the Microsoft Graph API, both local and federated identities are stored in the user `identities` attribute, which is of type [objectIdentity](/graph/api/resources/objectidentity). The `identities` collection represents a set of identities used to sign in to a user account. This collection enables the user to sign in to the user account with any of its associated identities. The identities attribute can contain up to 10 [objectIdentity](/graph/api/resources/objectidentity) objects. Each object contains the following properties: | Name | Type |Description| |:|:--|:-| |signInType|string| Specifies the user sign-in types in your directory. For local account: `emailAddress`, `emailAddress1`, `emailAddress2`, `emailAddress3`, `userName`, or any other type you like. Social account must be set to `federated`.|-|issuer|string|Specifies the issuer of the identity. For local accounts (where **signInType** is not `federated`), this property is the local B2C tenant default domain name, for example `contoso.onmicrosoft.com`. For social identity (where **signInType** is `federated`) the value is the name of the issuer, for example `facebook.com`| +|issuer|string|Specifies the issuer of the identity. For local accounts (where **signInType** isn't `federated`), this property is the local B2C tenant default domain name, for example `contoso.onmicrosoft.com`. For social identity (where **signInType** is `federated`) the value is the name of the issuer, for example `facebook.com`| |issuerAssignedId|string|Specifies the unique identifier assigned to the user by the issuer. The combination of **issuer** and **issuerAssignedId** must be unique within your tenant. For local account, when **signInType** is set to `emailAddress` or `userName`, it represents the sign-in name for the user.<br>When **signInType** is set to: <ul><li>`emailAddress` (or starts with `emailAddress` like `emailAddress1`) **issuerAssignedId** must be a valid email address</li><li>`userName` (or any other value), **issuerAssignedId** must be a valid [local part of an email address](https://tools.ietf.org/html/rfc3696#section-3)</li><li>`federated`, **issuerAssignedId** represents the federated account unique identifier</li></ul>| The following JSON snippet shows **Identities** attribute, with a local account identity with a sign-in name, an email address as sign-in, and with a social identity. The following JSON snippet shows **Identities** attribute, with a local account ] ``` -For federated identities, depending on the identity provider, the **issuerAssignedId** is a unique value for a given user per application or development account. Configure the Azure AD B2C policy with the same application ID that was previously assigned by the social provider or another application within the same development account. +For federated identities, depending on the identity provider, the **issuerAssignedId** is a unique value for a given user per application or development account. Configure the Azure AD B2C policy with the same application ID that the social provider or another application within the same development account assigns. ## Password profile property For a local identity, the **passwordProfile** attribute is required, and contains the user's password. The `forceChangePasswordNextSignIn` attribute indicates whether a user must reset the password at the next sign-in. To handle a forced password reset, use the instructions in [set up forced password reset flow](force-password-reset.md). -For a federated (social) identity, the **passwordProfile** attribute is not required. +For a federated (social) identity, the **passwordProfile** attribute isn't required. ```json "passwordProfile" : { In user migration scenarios, if the accounts you want to migrate have weaker pas ## MFA phone number attribute -When using a phone for multi-factor authentication (MFA), the mobile phone is used to verify the user identity. To [add](/graph/api/authentication-post-phonemethods) a new phone number programmatically, [update](/graph/api/phoneauthenticationmethod-update), [get](/graph/api/phoneauthenticationmethod-get), or [delete](/graph/api/phoneauthenticationmethod-delete) the phone number, use MS Graph API [phone authentication method](/graph/api/resources/phoneauthenticationmethod). +When using a phone for multifactor authentication (MFA), the mobile phone is used to verify the user identity. To [add](/graph/api/authentication-post-phonemethods) a new phone number programmatically, [update](/graph/api/phoneauthenticationmethod-update), [get](/graph/api/phoneauthenticationmethod-get), or [delete](/graph/api/phoneauthenticationmethod-delete) the phone number, use MS Graph API [phone authentication method](/graph/api/resources/phoneauthenticationmethod). In Azure AD B2C [custom policies](custom-policy-overview.md), the phone number is available through `strongAuthenticationPhoneNumber` claim type. In Azure AD B2C [custom policies](custom-policy-overview.md), the phone number i Every customer-facing application has unique requirements for the information to be collected. Your Azure AD B2C tenant comes with a built-in set of information stored in properties, such as Given Name, Surname, and Postal Code. With Azure AD B2C, you can extend the set of properties stored in each customer account. For more information, see [Add user attributes and customize user input in Azure Active Directory B2C](configure-user-input.md) -Extension attributes [extend the schema](/graph/extensibility-overview#schema-extensions) of the user objects in the directory. The extension attributes can only be registered on an application object, even though they might contain data for a user. The extension attribute is attached to the application called `b2c-extensions-app`. Do not modify this application, as it's used by Azure AD B2C for storing user data. You can find this application under Microsoft Entra App registrations. [Learn more about Azure AD B2C](extensions-app.md) `b2c-extensions-app`. +Extension attributes [extend the schema](/graph/extensibility-overview#schema-extensions) of the user objects in the directory. The extension attributes can only be registered on an application object, even though they might contain data for a user. The extension attribute is attached to the application called `b2c-extensions-app`. Don't modify this application, as it's used by Azure AD B2C for storing user data. You can find this application under Microsoft Entra App registrations. [Learn more about Azure AD B2C](extensions-app.md) `b2c-extensions-app`. > [!NOTE] > - You can write up to 100 extension attributes to any user account. Extension attributes in the Graph API are named by using the convention `extensi - The `ApplicationClientID` is the **Application (client) ID** of the `b2c-extensions-app` application. [Learn how to find the extensions app](extensions-app.md#verifying-that-the-extensions-app-is-present). - The `AttributeName` is the name of the extension attribute. -Note that the **Application (client) ID** as it's represented in the extension attribute name includes no hyphens. For example: +The **Application (client) ID** when used to create the name of the extension attribute doesn't include hyphens. For example: ```json "extension_831374b3bd5041bfaa54263ec9e050fc_loyaltyNumber": "212342" The following data types are supported when defining an attribute in a schema ex |Type |Remarks | |--|| |Boolean | Possible values: **true** or **false**. |-|DateTime | Must be specified in ISO 8601 format. Will be stored in UTC. | +|DateTime | Must be specified in ISO 8601 format. The value is stored in UTC. | |Integer | 32-bit value. | |String | 256 characters maximum. | |
ai-services | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/content-safety/overview.md | There are different types of analysis available from this service. The following Content Safety Studio not only contains out-of-the-box AI models but also includes Microsoft's built-in terms blocklists to flag profanities and stay up to date with new trends. You can also upload your own blocklists to enhance the coverage of harmful content that's specific to your use case. -Studio also lets you set up a moderation workflow, where you can continuously monitor and improve content moderation performance. It can help you meet content requirements from all kinds of industries like gaming, media, education, E-commerce, and more. Businesses can easily connect their services to the Studio and have their content moderated in real time, whether user-generated or AI-generated. +Studio also lets you set up a moderation workflow, where you can continuously monitor and improve content moderation performance. It can help you meet content requirements from all kinds of industries like gaming, media, education, E-commerce, and more. Businesses can easily connect their services to the Studio and have their content moderated in real-time, whether user-generated or AI-generated. All of these capabilities are handled by the Studio and its backend; customers donΓÇÖt need to worry about model development. You can onboard your data for quick validation and monitor your KPIs accordingly, like technical metrics (latency, accuracy, recall), or business metrics (block rate, block volume, category proportions, language proportions, and more). With simple operations and configurations, customers can test different solutions quickly and find the best fit, instead of spending time experimenting with custom models or doing moderation manually. To use the Azure AI Content Safety APIs, you must create your Content Safety res - West US 2 - Sweden Central -Feel free to [contact us](mailto:acm-team@microsoft.com) if you need other regions for your business. +Feel free to [contact us](mailto:contentsafetysupport@microsoft.com) if you need other regions for your business. ### Query rates -| Pricing Tier | Requests per second (RPS) | +| Pricing Tier | Requests per 10 seconds (RPS) | | :-- | : |-| F0 | 5 | -| S0 | 10 | +| F0 | 1000 | +| S0 | 1000 | -If you need a faster rate, please [contact us](mailto:acm-team@microsoft.com) to request. +If you need a faster rate, please [contact us](mailto:contentsafetysupport@microsoft.com) to request. ## Contact us -If you get stuck, [email us](mailto:acm-team@microsoft.com) or use the feedback widget on the upper right of any docs page. +If you get stuck, [email us](mailto:contentsafetysupport@microsoft.com) or use the feedback widget on the upper right of any docs page. ## Next steps |
ai-services | Provisioned Throughput | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/openai/concepts/provisioned-throughput.md | + + Title: Azure OpenAI Service provisioned throughput +description: Learn about provisioned throughput and Azure OpenAI. ++ Last updated : 11/20/2023+++++recommendations: false +keywords: +++# What is provisioned throughput? ++The provisioned throughput capability allows you to specify the amount of throughput you require for your application. The service then provisions the necessary compute and ensures it is ready for you. Throughput is defined in terms of provisioned throughput units (PTU) which is a normalized way of representing an amount of throughput for your deployment. Each model-versions pair requires different amounts of PTU to deploy and provide different amounts of throughput per PTU. ++## What does the provisioned deployment type provide? ++- **Predictable performance:** stable max latency and throughput for uniform workloads. +- **Reserved processing capacity:** A deployment configures the amount of throughput. Once deployed, the throughput is available whether used or not. +- **Cost savings:** High throughput workloads will result in cost savings vs token-based consumption. ++An Azure OpenAI Deployment is a unit of management for a specific OpenAI Model. A deployment provides customer access to a model for inference and integrates additional features like Content Moderation ([See content moderation documentation](content-filter.md)). ++> [!NOTE] +> Provisioned throughput units (PTU) are different from standard quota in Azure OpenAI and are not available by default. To learn more about this offering contact your Microsoft Account Team. ++## What do you get? ++|Topic | Provisioned| +||| +| What is it? | Provides guaranteed throughput at smaller increments than the existing provisioned offer. Deployments will have a consistent max latency for a given model-version | +| Who is it for? | Customers who want guaranteed throughput with minimal latency variance. | +| Quota | Provisioned-managed throughput Units | +| Latency | Max latency constrained | +| Utilization | Provisioned-managed Utilization measure provided in Azure Monitor | +| Estimating size | Provided calculator in the studio & load test script | ++## Key concepts ++### Provisioned throughput units ++Provisioned throughput Units (PTU) are units of model processing capacity that customers you can reserve and deploy for processing prompts and generating completions. The minimum PTU deployment, increments, and processing capacity associated with each unit varies by model type & version. ++### Deployment types ++We introduced a new deployment type called **ProvisionedManaged** which provides smaller increments of PTU per deployment. Both types have their own quota, and you will only see the options you have been enabled for. ++### Quota ++Provisioned throughput quota represents a specific amount of total throughput you can deploy. Quota in the Azure OpenAI Service is managed at the subscription level meaning that it can be consumed by different resources within that subscription. ++Quota is specific to a (deployment type, mode, region) triplet and isn't interchangeable. Meaning you can't use quota for GPT-4 to deploy GPT-35-turbo. Customers can raise a support request to move the quota across deployment types, models, or regions but we can't guarantee that it will be possible. ++While we make every attempt to ensure that quota is always deployable, quota does not represent a guarantee that the underlying capacity is available for the customer to use. The service assigns capacity to the customer at deployment time and if capacity is unavailable the deployment will fail with an out of capacity error. |
ai-services | How To Custom Voice Create Voice | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/how-to-custom-voice-create-voice.md | After you validate your data files, use them to build your Custom Neural Voice m - [Neural - cross lingual](?tabs=crosslingual#train-your-custom-neural-voice-model): Create a secondary language for your voice model to speak a different language from your training data. For example, with the `zh-CN` training data, you can create a voice that speaks `en-US`. - The language of the training data and the target language must both be one of the [languages that are supported](language-support.md?tabs=tts) for cross lingual voice training. You don't need to prepare training data in the target language, but your test script must be in the target language. + The language of the training data and the target language must both be one of the [languages that are supported](language-support.md?tabs=tts#custom-neural-voice) for cross lingual voice training. You don't need to prepare training data in the target language, but your test script must be in the target language. - [Neural - multi style](?tabs=multistyle#train-your-custom-neural-voice-model): Create a custom neural voice that speaks in multiple styles and emotions, without adding new training data. Multiple style voices are useful for video game characters, conversational chatbots, audiobooks, content readers, and more. |
ai-services | Language Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/ai-services/speech-service/language-support.md | Custom Neural Voice lets you create synthetic voices that are rich in speaking s Select the right locale that matches your training data to train a custom neural voice model. For example, if the recording data is spoken in English with a British accent, select `en-GB`. -With the cross-lingual feature, you can transfer your custom neural voice model to speak a second language. For example, with the `zh-CN` data, you can create a voice that speaks `en-AU` or any of the languages with Cross-lingual support. +With the cross-lingual feature, you can transfer your custom neural voice model to speak a second language. For example, with the `zh-CN` data, you can create a voice that speaks `en-AU` or any of the languages with Cross-lingual support. For the cross-lingual feature, we categorize locales into two tiers: one includes source languages that support the cross-lingual feature, and the other tier comprises locales designated as target languages for cross-lingual transfer. Within the following table, distinguish locales that function as both cross-lingual sources and targets and locales eligible solely as the target locale for cross-lingual transfer. [!INCLUDE [Language support include](includes/language-support/tts-cnv.md)] |
aks | Azure Ad Integration Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/azure-ad-integration-cli.md | For best practices on identity and resource control, see [Best practices for aut [operator-best-practices-identity]: operator-best-practices-identity.md [azure-ad-rbac]: azure-ad-rbac.md [managed-aad]: managed-azure-ad.md-[managed-aad-migrate]: managed-azure-ad.md#upgrade-a-legacy-azure-ad-cluster-to-aks-managed-azure-ad-integration +[managed-aad-migrate]: managed-azure-ad.md#migrate-a-legacy-azure-ad-cluster-to-integration [az-aks-show]: /cli/azure/aks#az_aks_show |
aks | Enable Authentication Microsoft Entra Id | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/enable-authentication-microsoft-entra-id.md | + + Title: Enable Managed Identity Authentication +description: Learn how to enable Microsoft Entra ID on AKS with kubelogin. Connect your clusters to authenticate Azure users with credentials or managed roles. + Last updated : 11/13/2023+++++# Enable Azure Managed Identity authentication for Kubernetes clusters with kubelogin ++The AKS-managed Microsoft Entra integration simplifies the Microsoft Entra integration process. Previously, you were required to create a client and server app, and the Microsoft Entra tenant had to grant Directory Read permissions. Now, the AKS resource provider manages the client and server apps for you. ++Cluster administrators can configure Kubernetes role-based access control (Kubernetes RBAC) based on a user's identity or directory group membership. Microsoft Entra authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol. For more information on OpenID Connect, see the [OpenID Connect documentation][open-id-connect]. ++Learn more about the Microsoft Entra integration flow in the [Microsoft Entra documentation](concepts-identity.md#azure-ad-integration). ++## Limitations of integration ++Azure Managed ID on AKS has certain limits to account for before you make a decision. +* The integration can't be disabled once added. +* Downgrades from an integrated cluster to the legacy Microsoft Entra ID clusters aren't supported. +* Clusters without Kubernetes RBAC support are unable to add the integration. ++## Before you begin ++There are a few requirements to properly install the aks addon for managed identity. +* You have Azure CLI version 2.29.0 or later installed and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI](/cli/azure/install-azure-cli). +* You need `kubectl` with a minimum version of [1.18.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md#v1181) or [`kubelogin`][kubelogin]. With the Azure CLI and the Azure PowerShell module, these two commands are included and automatically managed. Meaning, they're upgraded by default and running `az aks install-cli` isn't required or recommended. If you're using an automated pipeline, you need to manage upgrades for the correct or latest version. The difference between the minor versions of Kubernetes and `kubectl` shouldn't be more than *one* version. Otherwise, authentication issues occur on the wrong version. +* If you're using [helm](https://github.com/helm/helm), you need a minimum version of helm 3.3. +* This configuration requires you have a Microsoft Entra group for your cluster. This group is registered as an admin group on the cluster to grant admin permissions. If you don't have an existing Microsoft Entra group, you can create one using the [`az ad group create`](/cli/azure/ad/group#az_ad_group_create) command. ++> [!NOTE] +> Microsoft Entra integrated clusters using a Kubernetes version newer than version 1.24 automatically use the `kubelogin` format. Starting with Kubernetes version 1.24, the default format of the clusterUser credential for Microsoft Entra ID clusters is `exec`, which requires [`kubelogin`][kubelogin] binary in the execution PATH. There is no behavior change for non-Microsoft Entra clusters, or Microsoft Entra ID clusters running a version older than 1.24. +> Existing downloaded `kubeconfig` continues to work. An optional query parameter **format** is included when getting clusterUser credential to overwrite the default behavior change. You can explicitly specify format to **azure** if you need to maintain the old `kubeconfig` format . ++<a name='enable-the-integration-on-your-aks-cluster'></a> ++## Enable the integration on your AKS cluster ++### Create a new cluster ++1. Create an Azure resource group using the [`az group create`][az-group-create] command. ++ ```azurecli-interactive + az group create --name myResourceGroup --location centralus + ``` ++2. Create an AKS cluster and enable administration access for your Microsoft Entra group using the [`az aks create`][az-aks-create] command. ++ ```azurecli-interactive + az aks create -g myResourceGroup -n myManagedCluster --enable-aad --aad-admin-group-object-ids <id> [--aad-tenant-id <id>] + ``` ++ A successful creation of an AKS-managed Microsoft Entra ID cluster has the following section in the response body: ++ ```output + "AADProfile": { + "adminGroupObjectIds": [ + "5d24****-****-****-****-****afa27aed" + ], + "clientAppId": null, + "managed": true, + "serverAppId": null, + "serverAppSecret": null, + "tenantId": "72f9****-****-****-****-****d011db47" + } + ``` ++### Use an existing cluster ++Enable AKS-managed Microsoft Entra integration on your existing Kubernetes RBAC enabled cluster using the [`az aks update`][az-aks-update] command. Make sure to set your admin group to keep access on your cluster. ++```azurecli-interactive +az aks update -g MyResourceGroup -n myManagedCluster --enable-aad --aad-admin-group-object-ids <id-1>,<id-2> [--aad-tenant-id <id>] +``` ++A successful activation of an AKS-managed Microsoft Entra ID cluster has the following section in the response body: ++```output +"AADProfile": { + "adminGroupObjectIds": [ + "5d24****-****-****-****-****afa27aed" + ], + "clientAppId": null, + "managed": true, + "serverAppId": null, + "serverAppSecret": null, + "tenantId": "72f9****-****-****-****-****d011db47" + } +``` ++<a name='migrate-a-legacy-azure-ad-cluster-to-integration'></a> ++### Migrate legacy cluster to integration ++If your cluster uses legacy Microsoft Entra integration, you can upgrade to AKS-managed Microsoft Entra integration through the [`az aks update`][az-aks-update] command. ++> [!WARNING] +> Free tier clusters may experience API server downtime during the upgrade. We recommend upgrading during your nonbusiness hours. +> After the upgrade, the kubeconfig content changes. You need to run `az aks get-credentials --resource-group <AKS resource group name> --name <AKS cluster name>` to merge the new credentials into the kubeconfig file. ++```azurecli-interactive +az aks update -g myResourceGroup -n myManagedCluster --enable-aad --aad-admin-group-object-ids <id> [--aad-tenant-id <id>] +``` ++A successful migration of an AKS-managed Microsoft Entra ID cluster has the following section in the response body: ++```output +"AADProfile": { + "adminGroupObjectIds": [ + "5d24****-****-****-****-****afa27aed" + ], + "clientAppId": null, + "managed": true, + "serverAppId": null, + "serverAppSecret": null, + "tenantId": "72f9****-****-****-****-****d011db47" + } +``` ++<a name='access-your-enabled-cluster'></a> ++## Access your enabled cluster ++1. Get the user credentials to access your cluster using the [`az aks get-credentials`][az-aks-get-credentials] command. ++ ```azurecli-interactive + az aks get-credentials --resource-group myResourceGroup --name myManagedCluster + ``` ++2. Follow your instructions to sign in. ++3. Set `kubelogin` to use the Azure CLI. ++ ```azurecli-interactive + kubelogin convert-kubeconfig -l azurecli + ``` ++4. View the nodes in the cluster with the `kubectl get nodes` command. ++ ```azurecli-interactive + kubectl get nodes + ``` ++## Non-interactive sign-in with kubelogin ++There are some non-interactive scenarios that don't support `kubectl`. In these cases, use [`kubelogin`][kubelogin] to connect to the cluster with a non-interactive service principal credential to perform continuous integration pipelines. ++> [!NOTE] +> Microsoft Entra integrated clusters using a Kubernetes version newer than version 1.24 automatically use the `kubelogin` format. Starting with Kubernetes version 1.24, the default format of the clusterUser credential for Microsoft Entra ID clusters is `exec`, which requires [`kubelogin`][kubelogin] binary in the execution PATH. There is no behavior change for non-Microsoft Entra clusters, or Microsoft Entra ID clusters running a version older than 1.24. +> Existing downloaded `kubeconfig` continues to work. An optional query parameter **format** is included when getting clusterUser credential to overwrite the default behavior change. You can explicitly specify format to **azure** if you need to maintain the old `kubeconfig` format . ++* When getting the clusterUser credential, you can use the `format` query parameter to overwrite the default behavior. You can set the value to `azure` to use the original kubeconfig format: ++ ```azurecli-interactive + az aks get-credentials --format azure + ``` ++* If your Microsoft Entra integrated cluster uses Kubernetes version 1.24 or lower, you need to manually convert the kubeconfig format. ++ ```azurecli-interactive + export KUBECONFIG=/path/to/kubeconfig + kubelogin convert-kubeconfig + ``` ++> [!NOTE] +> If you receive the message **error: The Azure auth plugin has been removed.**, you need to run the command `kubelogin convert-kubeconfig` to convert the kubeconfig format manually. +> +> For more information, you can refer to [Azure Kubelogin Known Issues][azure-kubelogin-known-issues]. ++<a name='troubleshoot-access-issues'></a> ++## Troubleshoot access issues ++> [!IMPORTANT] +> The steps described in this section bypass the normal Microsoft Entra group authentication. Use them only in an emergency. ++If you lack admin access to a valid Microsoft Entra group, you can follow this workaround. Sign in through the [Azure Kubernetes Service Cluster Admin](../role-based-access-control/built-in-roles.md#azure-kubernetes-service-cluster-admin-role) role and grant your group or tenant admin credentials to access your cluster. ++## Next steps ++* Learn about [Microsoft Entra integration with Kubernetes RBAC][azure-ad-rbac]. +* Learn more about [AKS and Kubernetes identity concepts][aks-concepts-identity]. +* Use [Azure Resource Manager (ARM) templates][aks-arm-template] to create AKS-managed Microsoft Entra ID enabled clusters. ++<!-- LINKS - external --> +[aks-arm-template]: /azure/templates/microsoft.containerservice/managedclusters +[kubelogin]: https://github.com/Azure/kubelogin +[azure-kubelogin-known-issues]: https://azure.github.io/kubelogin/known-issues.html ++<!-- LINKS - Internal --> +[aks-concepts-identity]: concepts-identity.md +[azure-ad-rbac]: azure-ad-rbac.md +[az-aks-create]: /cli/azure/aks#az_aks_create +[az-aks-get-credentials]: /cli/azure/aks#az_aks_get_credentials +[az-group-create]: /cli/azure/group#az_group_create +[open-id-connect]:../active-directory/develop/v2-protocols-oidc.md +[az-aks-update]: /cli/azure/aks#az_aks_update |
aks | Kubernetes Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/kubernetes-portal.md | This article showed you how to access Kubernetes resources from the Azure portal [aks-quickstart-portal]: ./learn/quick-kubernetes-deploy-portal.md [deployments]: concepts-clusters-workloads.md#deployments-and-yaml-manifests [aks-managed-aad]: managed-azure-ad.md-[cli-aad-upgrade]: managed-azure-ad.md#upgrade-a-legacy-azure-ad-cluster-to-aks-managed-azure-ad-integration +[cli-aad-upgrade]: managed-azure-ad.md#migrate-a-legacy-azure-ad-cluster-to-integration [enable-monitor]: ../azure-monitor/containers/container-insights-enable-existing-clusters.md |
aks | Long Term Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/long-term-support.md | Using LTS is a way to extend your window to plan a Kubernetes version upgrade. Y To move from an LTS enabled cluster to a version of Kubernetes that is within the standard support window, you need to disable LTS on the cluster: ```-az aks update --resource-group myResourceGroup --name myAKSCluster --tier [free|standard] --k8s-support KubernetesCommunitySupport +az aks update --resource-group myResourceGroup --name myAKSCluster --tier [free|standard] --k8s-support-plan KubernetesOfficial ``` And then upgrade the cluster to a later supported version: |
aks | Upgrade Aks Cluster | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/upgrade-aks-cluster.md | During the cluster upgrade process, AKS performs the following operations: * Add a new buffer node (or as many nodes as configured in [max surge](#customize-node-surge-upgrade)) to the cluster that runs the specified Kubernetes version. * [Cordon and drain][kubernetes-drain] one of the old nodes to minimize disruption to running applications. If you're using max surge, it [cordons and drains][kubernetes-drain] as many nodes at the same time as the number of buffer nodes specified.+* For long running pods, you can configure the node drain timeout, which allows for custom wait time on the eviction of pods and graceful termination per node. If not specified, the default is 30 minutes. * When the old node is fully drained, it's reimaged to receive the new version and becomes the buffer node for the following node to be upgraded. * This process repeats until all nodes in the cluster have been upgraded. * At the end of the process, the last buffer node is deleted, maintaining the existing agent node count and zone balance. AKS accepts both integer values and a percentage value for max surge. An integer az aks nodepool update -n mynodepool -g MyResourceGroup --cluster-name MyManagedCluster --max-surge 5 ``` +#### Set node drain timeout value ++When you have a long running workload on a certain pod, it may result in one of the following cases: +- Your pod takes a long time to come up, such as when restoring a database. +- Your pod uses graceful termination to take a long time to shut down. ++In these scenarios, you can configure a node drain timeout that AKS will respect in the upgrade workflow. If you prefer your upgrades to be fast and are confident in your pod startup/terminate times being fast, you may want to set a low drain timeout. Otherwise, higher drain timeouts will affect how long you wait before discovering an issue. If no node drain timeout value is specified, the default is 30 minutes. ++To set a node drain timeout for new or existing node pools using the [`az aks nodepool add`][az-aks-nodepool-add] or [`az aks nodepool update`][az-aks-nodepool-update] command: ++```azurecli-interactive +# Set drain timeout for a new node pool +az aks nodepool add -n mynodepool -g MyResourceGroup --cluster-name MyManagedCluster --drainTimeoutInMinutes 100 + +# Update drain timeout for an existing node pool +az aks nodepool update -n mynodepool -g MyResourceGroup --cluster-name MyManagedCluster --drainTimeoutInMinutes 45 +``` + ## View upgrade events * View upgrade events using the `kubectl get events` command. |
aks | Upgrade Cluster | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/aks/upgrade-cluster.md | Persistent volume claims (PVCs) backed by Azure locally redundant storage (LRS) ## Optimize upgrades to improve performance and minimize disruptions -The combination of [Planned Maintenance Window][planned-maintenance], [Max Surge](./upgrade-aks-cluster.md#customize-node-surge-upgrade), and [Pod Disruption Budget][pdb-spec] can significantly increase the likelihood of node upgrades completing successfully by the end of the maintenance window while also minimizing disruptions. +The combination of [Planned Maintenance Window][planned-maintenance], [Max Surge](./upgrade-aks-cluster.md#customize-node-surge-upgrade), and [Pod Disruption Budget][pdb-spec], and [node drain timeout][drain-timeout] can significantly increase the likelihood of node upgrades completing successfully by the end of the maintenance window while also minimizing disruptions. * [Planned Maintenance Window][planned-maintenance] enables service teams to schedule auto-upgrade during a pre-defined window, typically a low-traffic period, to minimize workload impact. We recommend a window duration of at least *four hours*. * [Max Surge](./upgrade-aks-cluster.md#customize-node-surge-upgrade) on the node pool allows requesting extra quota during the upgrade process and limits the number of nodes selected for upgrade simultaneously. A higher max surge results in a faster upgrade process. We don't recommend setting it at 100%, as it upgrades all nodes simultaneously, which can cause disruptions to running applications. We recommend a max surge quota of *33%* for production node pools. * [Pod Disruption Budget][pdb-spec] is set for service applications and limits the number of pods that can be down during voluntary disruptions, such as AKS-controlled node upgrades. It can be configured as `minAvailable` replicas, indicating the minimum number of application pods that need to be active, or `maxUnavailable` replicas, indicating the maximum number of application pods that can be terminated, ensuring high availability for the application. Refer to the guidance provided for configuring [Pod Disruption Budgets (PDBs)][pdb-concepts]. PDB values should be validated to determine the settings that work best for your specific service.+* [Node drain timeout][drain-timeout] on the node pool allows configuring the wait time for eviction of pods and graceful termination per node during upgrades, typically applicable for long running workloads. When the node drain timeout is specified to an amount of time (in minutes), AKS honors waiting on pod disruption budgets. If not specified, the default is 30 minutes. ## Next steps This article listed different upgrade options for AKS clusters. To learn more ab <!-- LINKS - internal --> [aks-tutorial-prepare-app]: ./tutorial-kubernetes-prepare-app.md [nodepool-upgrade]: manage-node-pools.md#upgrade-a-single-node-pool+[drain-timeout]: ./upgrade-aks-cluster.md#set-node-drain-timeout-value [planned-maintenance]: planned-maintenance.md [specific-nodepool]: node-image-upgrade.md#upgrade-a-specific-node-pool |
app-service | Firewall Integration | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/environment/firewall-integration.md | description: Learn how to integrate with Azure Firewall to secure outbound traff ms.assetid: 955a4d84-94ca-418d-aa79-b57a5eb8cb85 Previously updated : 03/29/2022 Last updated : 11/20/2023 -There are many inbound endpoints that are used to manage an ASE. The inbound management traffic cannot be sent through a firewall device. The source addresses for this traffic are known and are published in the [App Service Environment management addresses](./management-addresses.md) document. There is also a Service Tag named AppServiceManagement, which can be used with Network Security Groups (NSGs) to secure inbound traffic. +There are many inbound endpoints that are used to manage an ASE. The inbound management traffic can't be sent through a firewall device. The source addresses for this traffic are known and are published in the [App Service Environment management addresses](./management-addresses.md) document. There's also a Service Tag named AppServiceManagement, which can be used with Network Security Groups (NSGs) to secure inbound traffic. -The ASE outbound dependencies are almost entirely defined with FQDNs, which do not have static addresses behind them. The lack of static addresses means that Network Security Groups cannot be used to lock down the outbound traffic from an ASE. The addresses change often enough that one cannot set up rules based on the current resolution and use that to create NSGs. +The ASE outbound dependencies are almost entirely defined with FQDNs, which don't have static addresses behind them. The lack of static addresses means that Network Security Groups can't be used to lock down the outbound traffic from an ASE. The addresses change often enough that one can't set up rules based on the current resolution and use that to create NSGs. The solution to securing outbound addresses lies in use of a firewall device that can control outbound traffic based on domain names. Azure Firewall can restrict outbound HTTP and HTTPS traffic based on the FQDN of the destination. ## System architecture -Deploying an ASE with outbound traffic going through a firewall device requires changing routes on the ASE subnet. Routes operate at an IP level. If you are not careful in defining your routes, you can force TCP reply traffic to source from another address. When your reply address is different from the address traffic was sent to, the problem is called asymmetric routing and it will break TCP. +Deploying an ASE with outbound traffic going through a firewall device requires changing routes on the ASE subnet. Routes operate at an IP level. If you aren't careful in defining your routes, you can force TCP reply traffic to source from another address. When your reply address is different from the address traffic was sent to, the problem is called asymmetric routing and it breaks TCP. There must be routes defined so that inbound traffic to the ASE can reply back the same way the traffic came in. Routes must be defined for inbound management requests and for inbound application requests. The traffic to and from an ASE must abide by the following conventions -- The traffic to Azure SQL, Storage, and Event Hub are not supported with use of a firewall device. This traffic must be sent directly to those services. The way to make that happen is to configure service endpoints for those three services.+- The traffic to Azure SQL, Storage, and Event Hubs aren't supported with use of a firewall device. This traffic must be sent directly to those services. The way to make that happen is to configure service endpoints for those three services. - Route table rules must be defined that send inbound management traffic back from where it came. - Route table rules must be defined that send inbound application traffic back from where it came. - All other traffic leaving the ASE can be sent to your firewall device with a route table rule. The traffic to and from an ASE must abide by the following conventions ## Locking down inbound management traffic -If your ASE subnet does not already have an NSG assigned to it, create one. Within the NSG, set the first rule to allow traffic from the Service Tag named AppServiceManagement on ports 454, 455. The rule to allow access from the AppServiceManagement tag is the only thing that is required from public IPs to manage your ASE. The addresses that are behind that Service Tag are only used to administer the Azure App Service. The management traffic that flows through these connections is encrypted and secured with authentication certificates. Typical traffic on this channel includes things like customer initiated commands and health probes. +If your ASE subnet doesn't already have an NSG assigned to it, create one. Within the NSG, set the first rule to allow traffic from the Service Tag named AppServiceManagement on ports 454, 455. The rule to allow access from the AppServiceManagement tag is the only thing that is required from public IPs to manage your ASE. The addresses that are behind that Service Tag are only used to administer the Azure App Service. The management traffic that flows through these connections is encrypted and secured with authentication certificates. Typical traffic on this channel includes things like customer initiated commands and health probes. ASEs that are made through the portal with a new subnet are made with an NSG that contains the allow rule for the AppServiceManagement tag. -Your ASE must also allow inbound requests from the Load Balancer tag on port 16001. The requests from the Load Balancer on port 16001 are keep alive checks between the Load Balancer and the ASE front ends. If port 16001 is blocked, your ASE will go unhealthy. +Your ASE must also allow inbound requests from the Load Balancer tag on port 16001. The requests from the Load Balancer on port 16001 are keep alive checks between the Load Balancer and the ASE front ends. If port 16001 is blocked, your ASE goes unhealthy. ## Configuring Azure Firewall with your ASE The steps to lock down egress from your existing ASE with Azure Firewall are: -1. Enable service endpoints to SQL, Storage, and Event Hub on your ASE subnet. To enable service endpoints, go into the networking portal > subnets and select Microsoft.EventHub, Microsoft.SQL and Microsoft.Storage from the Service endpoints dropdown. When you have service endpoints enabled to Azure SQL, any Azure SQL dependencies that your apps have must be configured with service endpoints as well. +1. Enable service endpoints to SQL, Storage, and Event Hubs on your ASE subnet. To enable service endpoints, go into the networking portal > subnets and select Microsoft.EventHub, Microsoft.SQL and Microsoft.Storage from the Service endpoints dropdown. When you have service endpoints enabled to Azure SQL, any Azure SQL dependencies that your apps have must be configured with service endpoints as well. ![select service endpoints][2] The steps to lock down egress from your existing ASE with Azure Firewall are: ![Add NTP service tag network rule][6] -1. Create a route table with the management addresses from [App Service Environment management addresses]( ./management-addresses.md) or the AppServiceManagement service tag with a next hop of Internet. The route table entries are required to avoid asymmetric routing problems. Add routes for the IP address dependencies noted below in the IP address dependencies with a next hop of Internet. Add a Virtual Appliance route to your route table for 0.0.0.0/0 with the next hop being your Azure Firewall private IP address. -- ![Creating a route table][4] +1. Create a route table with a route for the AppServiceManagement service tag with a next hop of Internet. This route table entry is required to avoid asymmetric routing problems. Add a Virtual Appliance route to your route table for 0.0.0.0/0 with the next hop being your Azure Firewall private IP address. You should use the service tag instead of the IP addresses to avoid having to update the route table when the management addresses change. However, if you need to use the management addresses, you can download the service tag reference file for the cloud you're using from [App Service Environment management addresses](./management-addresses.md) and create your routes from those. 1. Assign the route table you created to your ASE subnet. ### Deploying your ASE behind a firewall -The steps to deploy your ASE behind a firewall are the same as configuring your existing ASE with an Azure Firewall except you will need to create your ASE subnet and then follow the previous steps. To create your ASE in a pre-existing subnet, you need to use a Resource Manager template as described in the document on [Creating your ASE with a Resource Manager template](./create-from-template.md). +The steps to deploy your ASE behind a firewall are the same as configuring your existing ASE with an Azure Firewall except you need to create your ASE subnet and then follow the previous steps. To create your ASE in a pre-existing subnet, you need to use a Resource Manager template as described in the document on [Creating your ASE with a Resource Manager template](./create-from-template.md). ### Application traffic -The above steps will allow your ASE to operate without problems. You still need to configure things to accommodate your application needs. There are two problems for applications in an ASE that is configured with Azure Firewall. +The above steps allow your ASE to operate without problems. You still need to configure things to accommodate your application needs. There are two problems for applications in an ASE that is configured with Azure Firewall. - Application dependencies must be added to the Azure Firewall or the route table. - Routes must be created for the application traffic to avoid asymmetric routing issues If your applications have dependencies, they need to be added to your Azure Firewall. Create Application rules to allow HTTP/HTTPS traffic and Network rules for everything else. -When you know the address range that your application request traffic will come from, you can add that to the route table that is assigned to your ASE subnet. If the address range is large or unspecified, then you can use a network appliance like the Application Gateway to give you one address to add to your route table. For details on configuring an Application Gateway with your ILB ASE, read [Integrating your ILB ASE with an Application Gateway](./integrate-with-application-gateway.md) +When you know the address range that your application request traffic comes from, you can add that to the route table that is assigned to your ASE subnet. If the address range is large or unspecified, then you can use a network appliance like the Application Gateway to give you one address to add to your route table. For details on configuring an Application Gateway with your ILB ASE, read [Integrating your ILB ASE with an Application Gateway](./integrate-with-application-gateway.md) This use of the Application Gateway is just one example of how to configure your system. If you did follow this path, then you would need to add a route to the ASE subnet route table so the reply traffic sent to the Application Gateway would go there directly. ### Logging -Azure Firewall can send logs to Azure Storage, Event Hub, or Azure Monitor logs. To integrate your app with any supported destination, go to the Azure Firewall portal > Diagnostic Logs and enable the logs for your desired destination. If you integrate with Azure Monitor logs, then you can see logging for any traffic sent to Azure Firewall. To see the traffic that is being denied, open your Log Analytics workspace portal > Logs and enter a query like +Azure Firewall can send logs to Azure Storage, Event Hubs, or Azure Monitor logs. To integrate your app with any supported destination, go to the Azure Firewall portal > Diagnostic Logs and enable the logs for your desired destination. If you integrate with Azure Monitor logs, then you can see logging for any traffic sent to Azure Firewall. To see the traffic that is being denied, open your Log Analytics workspace portal > Logs and enter a query like ```kusto AzureDiagnostics | where msg_s contains "Deny" | where TimeGenerated >= ago(1h) ``` -Integrating your Azure Firewall with Azure Monitor logs is useful when first getting an application working when you are not aware of all of the application dependencies. You can learn more about Azure Monitor logs from [Analyze log data in Azure Monitor](../../azure-monitor/logs/log-query-overview.md). +Integrating your Azure Firewall with Azure Monitor logs is useful when first getting an application working when you aren't aware of all of the application dependencies. You can learn more about Azure Monitor logs from [Analyze log data in Azure Monitor](../../azure-monitor/logs/log-query-overview.md). <a name="dependencies"></a> ## Configuring third-party firewall with your ASE Consider the following dependencies when deploying a third-party firewall with y - IP Address dependencies are for non-HTTP/S traffic (both TCP and UDP traffic) - FQDN HTTP/HTTPS endpoints can be placed in your firewall device. - Wildcard HTTP/HTTPS endpoints are dependencies that can vary with your ASE based on many qualifiers.-- Linux dependencies are only a concern if you are deploying Linux apps into your ASE. If you are not deploying Linux apps into your ASE, then these addresses do not need to be added to your firewall.+- Linux dependencies are only a concern if you're deploying Linux apps into your ASE. If you aren't deploying Linux apps into your ASE, then these addresses don't need to be added to your firewall. ### Service Endpoint capable dependencies Consider the following dependencies when deploying a third-party firewall with y |-| | Azure SQL | | Azure Storage |-| Azure Event Hub | +| Azure Event Hubs | ### IP Address dependencies | Endpoint | Details | |-| -- | | \*:123 | NTP clock check. Traffic is checked at multiple endpoints on port 123 |-| \*:12000 | This port is used for some system monitoring. If blocked, then some issues will be harder to triage but your ASE will continue to operate | +| \*:12000 | This port is used for some system monitoring. If blocked, then some issues are harder to triage but your ASE continues to operate | | 40.77.24.27:80 | Needed to monitor and alert on ASE problems | | 40.77.24.27:443 | Needed to monitor and alert on ASE problems | | 13.90.249.229:80 | Needed to monitor and alert on ASE problems | Consider the following dependencies when deploying a third-party firewall with y | 13.82.184.151:80 | Needed to monitor and alert on ASE problems | | 13.82.184.151:443 | Needed to monitor and alert on ASE problems | -With an Azure Firewall, you automatically get everything below configured with the FQDN tags. +With an Azure Firewall, you automatically get the following configured with the FQDN tags. ### FQDN HTTP/HTTPS dependencies With an Azure Firewall, you automatically get everything below configured with t For ASEs in US Gov regions, follow the instructions in the [Configuring Azure Firewall with your ASE](#configuring-azure-firewall-with-your-ase) section of this document to configure an Azure Firewall with your ASE. -When you want to use a third-party firewall in US Gov you need to consider the following dependencies: +When you want to use a third-party firewall in US Gov, you need to consider the following dependencies: - Service Endpoint capable services should be configured with service endpoints. - FQDN HTTP/HTTPS endpoints can be placed in your firewall device. - Wildcard HTTP/HTTPS endpoints are dependencies that can vary with your ASE based on many qualifiers. -Linux is not available in US Gov regions and is thus not listed as an optional configuration. +Linux isn't available in US Gov regions and is thus not listed as an optional configuration. ### Service Endpoint capable dependencies Linux is not available in US Gov regions and is thus not listed as an optional c |-| | Azure SQL | | Azure Storage |-| Azure Event Hub | +| Azure Event Hubs | ### IP Address dependencies | Endpoint | Details | |-| -- | | \*:123 | NTP clock check. Traffic is checked at multiple endpoints on port 123 |-| \*:12000 | This port is used for some system monitoring. If blocked, then some issues will be harder to triage but your ASE will continue to operate | +| \*:12000 | This port is used for some system monitoring. If blocked, then some issues are harder to triage but your ASE continues to operate | | 40.77.24.27:80 | Needed to monitor and alert on ASE problems | | 40.77.24.27:443 | Needed to monitor and alert on ASE problems | | 13.90.249.229:80 | Needed to monitor and alert on ASE problems | Linux is not available in US Gov regions and is thus not listed as an optional c [1]: ./media/firewall-integration/firewall-apprule.png [2]: ./media/firewall-integration/firewall-serviceendpoints.png [3]: ./media/firewall-integration/firewall-ntprule.png-[4]: ./media/firewall-integration/firewall-routetable.png [5]: ./media/firewall-integration/firewall-topology.png [6]: ./media/firewall-integration/firewall-ntprule-monitor.png |
app-service | Management Addresses | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/app-service/environment/management-addresses.md | The App Service Environment (ASE) is a single tenant deployment of the Azure App All ASEs have a public VIP which management traffic comes into. The incoming management traffic from these addresses comes in from to ports 454 and 455 on the public VIP of your ASE. This document lists the App Service source addresses for management traffic to the ASE. These addresses are also in the IP Service Tag named AppServiceManagement. -The addresses noted below can be configured in a route table to avoid asymmetric routing problems with the management traffic. The address are also maintained in a service tag, that can be used as well. Routes act on traffic at the IP level and do not have an awareness of traffic direction or that the traffic is a part of a TCP reply message. If the reply address for a TCP request is different than the address it was sent to, you have an asymmetric routing problem. To avoid asymmetric routing problems with your ASE management traffic, you need to ensure that replies are sent back from the same address they were sent to. For details on how to configure your ASE to operate in an environment where outbound traffic is sent on premises, read [Configure your ASE with forced tunneling][forcedtunnel] +The addresses in the AppServiceManagement service tag can be configured in a route table to avoid asymmetric routing problems with the management traffic. Where possible, you should use the service tag instead of the individual addresses. Routes act on traffic at the IP level and don't have an awareness of traffic direction or that the traffic is a part of a TCP reply message. If the reply address for a TCP request is different than the address it was sent to, you have an asymmetric routing problem. To avoid asymmetric routing problems with your ASE management traffic, you need to ensure that replies are sent back from the same address they were sent to. For details on how to configure your ASE to operate in an environment where outbound traffic is sent on premises, read [Configure your ASE with forced tunneling][forcedtunnel]. ## List of management addresses ## -| Region | Addresses | +If you need to see the IPs for the management addresses, download the service tag reference for your region to get the most up-to-date list of addresses. The App Service Environment management addresses are listed in the AppServiceManagement service tag. ++| Region | Service tag reference | |--|--|-| All public regions | 13.66.140.0, 13.67.8.128, 13.69.64.128, 13.69.227.128, 13.70.73.128, 13.71.170.64, 13.71.194.129, 13.75.34.192, 13.75.127.117, 13.77.50.128, 13.78.109.0, 13.89.171.0, 13.94.141.115, 13.94.143.126, 13.94.149.179, 20.36.106.128, 20.36.114.64, 20.37.74.128, 23.96.195.3, 23.102.188.65, 40.69.106.128, 40.70.146.128, 40.71.13.64, 40.74.100.64, 40.78.194.128, 40.79.130.64, 40.79.178.128, 40.83.120.64, 40.83.121.56, 40.83.125.161, 40.112.242.192, 51.107.58.192, 51.107.154.192, 51.116.58.192, 51.116.155.0, 51.120.99.0, 51.120.219.0, 51.140.146.64, 51.140.210.128, 52.151.25.45, 52.162.106.192, 52.165.152.214, 52.165.153.122, 52.165.154.193, 52.165.158.140, 52.174.22.21, 52.178.177.147, 52.178.184.149, 52.178.190.65, 52.178.195.197, 52.187.56.50, 52.187.59.251, 52.187.63.19, 52.187.63.37, 52.224.105.172, 52.225.177.153, 52.231.18.64, 52.231.146.128, 65.52.172.237, 65.52.250.128, 70.37.57.58, 104.44.129.141, 104.44.129.243, 104.44.129.255, 104.44.134.255, 104.208.54.11, 104.211.81.64, 104.211.146.128, 157.55.208.185, 191.233.50.128, 191.233.203.64, 191.236.154.88 | -| Microsoft Azure Government | 13.72.53.37, 13.72.180.105, 23.97.29.209, 52.181.183.11, 52.182.93.40, 52.227.64.26, 52.227.80.100, 52.227.182.254, 52.238.74.16, 52.244.79.34 | -| Microsoft Azure operated by 21Vianet | 42.159.4.236, 42.159.80.125 | +| All public regions | [Azure IP Ranges and Service Tags ΓÇô Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519) | +| Microsoft Azure Government | [Azure IP Ranges and Service Tags ΓÇô US Government Cloud](https://www.microsoft.com/download/details.aspx?id=57063) | +| Microsoft Azure operated by 21Vianet | [Azure IP Ranges and Service Tags ΓÇô China Cloud](https://www.microsoft.com/download/details.aspx?id=57062) | ## Configuring a Network Security Group With Network Security Groups, you do not need to worry about the individual addr ## Configuring a route table -The management addresses can be placed in a route table with a next hop of internet to ensure that all inbound management traffic is able to go back through the same path. These routes are needed when configuring forced tunneling. To create the route table, you can use the portal, PowerShell or Azure CLI. The commands to create a route table using Azure CLI from a PowerShell prompt are below. +The management addresses can be placed in a route table with a next hop of internet to ensure that all inbound management traffic is able to go back through the same path. These routes are needed when configuring forced tunneling. When possible, use the AppServiceManagement service tag instead of the individual addresses. To create the route table, you can use the portal, PowerShell or Azure CLI. The commands to create a route table using Azure CLI from a PowerShell prompt are below. ```azurecli+$sub = "subscription ID" $rg = "resource group name" $rt = "route table name" $location = "azure location"-$managementAddresses = "13.66.140.0", "13.67.8.128", "13.69.64.128", "13.69.227.128", "13.70.73.128", "13.71.170.64", "13.71.194.129", "13.75.34.192", "13.75.127.117", "13.77.50.128", "13.78.109.0", "13.89.171.0", "13.94.141.115", "13.94.143.126", "13.94.149.179", "20.36.106.128", "20.36.114.64", "20.37.74.128", "23.96.195.3", "23.102.188.65", "40.69.106.128", "40.70.146.128", "40.71.13.64", "40.74.100.64", "40.78.194.128", "40.79.130.64", "40.79.178.128", "40.83.120.64", "40.83.121.56", "40.83.125.161", "40.112.242.192", "51.107.58.192", "51.107.154.192", "51.116.58.192", "51.116.155.0", "51.120.99.0", "51.120.219.0", "51.140.146.64", "51.140.210.128", "52.151.25.45", "52.162.106.192", "52.165.152.214", "52.165.153.122", "52.165.154.193", "52.165.158.140", "52.174.22.21", "52.178.177.147", "52.178.184.149", "52.178.190.65", "52.178.195.197", "52.187.56.50", "52.187.59.251", "52.187.63.19", "52.187.63.37", "52.224.105.172", "52.225.177.153", "52.231.18.64", "52.231.146.128", "65.52.172.237", "65.52.250.128", "70.37.57.58", "104.44.129.141", "104.44.129.243", "104.44.129.255", "104.44.134.255", "104.208.54.11", "104.211.81.64", "104.211.146.128", "157.55.208.185", "191.233.50.128", "191.233.203.64", "191.236.154.88" -az network route-table create --name $rt --resource-group $rg --location $location -foreach ($ip in $managementAddresses) { - az network route-table route create -g $rg --route-table-name $rt -n $ip --next-hop-type Internet --address-prefix ($ip + "/32") -} +az network route-table route create --subscription $sub -g $rg --route-table-name $rt -n 'AppServiceManagement' --address-prefix 'AppServiceManagement' --next-hop-type 'Internet' ``` After your route table is created, you need to set it on your ASE subnet. |
application-gateway | Configuration Frontend Ip | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/configuration-frontend-ip.md | -You can configure the application gateway to have a public IP address, a private IP address, or both. A public IP address is required when you host a back end that clients must access over the Internet via an Internet-facing virtual IP (VIP). +You can configure the application gateway to have a public IP address, a private IP address, or both. A public IP address is required when you host a backend that clients must access over the internet via an internet-facing virtual IP. ## Public and private IP address support -Application Gateway V2 currently supports the following combinations: +Application Gateway v2 currently supports the following combinations: * Private IP address and public IP address * Public IP address only * [Private IP address only (preview)](application-gateway-private-deployment.md) -For more information, see [Frequently asked questions about Application Gateway](application-gateway-faq.yml#how-do-i-use-application-gateway-v2-with-only-private-frontend-ip-address). +For more information, see [Frequently asked questions about Application Gateway](application-gateway-faq.yml#how-do-i-use-application-gateway-v2-with-only-a-private-frontend-ip-address). +A public IP address isn't required for an internal endpoint that's not exposed to the internet. A private frontend configuration is useful for internal line-of-business applications that aren't exposed to the internet. It's also useful for services and tiers in a multitier application within a security boundary that aren't exposed to the internet but that require round-robin load distribution, session stickiness, or TLS termination. -A public IP address isn't required for an internal endpoint that's not exposed to the Internet. A private frontend configuration is useful for internal line-of-business applications that aren't exposed to the Internet. It's also useful for services and tiers in a multi-tier application within a security boundary that aren't exposed to the Internet but that require round-robin load distribution, session stickiness, or TLS termination. +Only one public IP address and one private IP address are supported. You choose the frontend IP when you create the application gateway. -Only one public IP address and one private IP address is supported. You choose the frontend IP when you create the application gateway. +> [!NOTE] +> The Application Gateway front end supports dual-stack IP addresses (public preview). You can create up to four frontend IPs. Two are IPv4 addresses (public and private) and two are IPv6 addresses (public and private). - > [!NOTE] - > Application Gateway frontend supports dual-stack IP addresses (Public Preview). You can create up to four frontend IPs: Two IPv4 addresses (public and private) and two IPv6 addresses (public and private). +- For a public IP address, you can create a new public IP address or use an existing public IP in the same location as the application gateway. For more information, see [Static versus dynamic public IP address](./application-gateway-components.md#static-versus-dynamic-public-ip-address). +- For a private IP address, you can specify a private IP address from the subnet where the application gateway is created. For Application Gateway v2 SKU deployments, a static IP address must be defined when you add a private IP address to the gateway. For Application Gateway v1 SKU deployments, if you don't specify an IP address, an available IP address is automatically selected from the subnet. The IP address type that you select (static or dynamic) can't be changed later. For more information, see [Create an application gateway with an internal load balancer](./application-gateway-ilb-arm.md). -- For a public IP address, you can create a new public IP address or use an existing public IP in the same location as the application gateway. For more information, see [static vs. dynamic public IP address](./application-gateway-components.md#static-versus-dynamic-public-ip-address).+A frontend IP address is associated to a *listener*, which checks for incoming requests on the frontend IP. -- For a private IP address, you can specify a private IP address from the subnet where the application gateway is created. For Application Gateway v2 sku deployments, a static IP address must be defined when adding a private IP address to the gateway. For Application Gateway v1 sku deployments, if you don't specify an IP address, an available IP address is automatically selected from the subnet. The IP address type that you select (static or dynamic) can't be changed later. For more information, see [Create an application gateway with an internal load balancer](./application-gateway-ilb-arm.md).+You can create private and public listeners with the same port number. However, be aware of any network security group (NSG) associated with the Application Gateway subnet. Depending on your NSG's configuration, you might need an allow-inbound rule with **Destination IP addresses** as your application gateway's public and private frontend IPs. When you use the same port, your application gateway changes the **Destination** of the inbound flow to the frontend IPs of your gateway. -A frontend IP address is associated to a *listener*, which checks for incoming requests on the frontend IP. + **Inbound rule**: ++- **Source**: According to your requirement +- **Destination**: Public and private frontend IPs of your application gateway. +- **Destination port**: According to configured listeners +- **Protocol**: TCP ++**Outbound rule**: ->[!NOTE] -> You can create private and public listeners with the same port number. However, be aware of any Network Security Group (NSG) associated with the application gateway subnet. Depending on your NSG's configuration, you may need an allow-inbound rule with **Destination IP addresses** as your application gateway's Public and Private frontend IPs. When using the same port, your application gateway changes the "Destination" of the inbound flow to the frontend IPs of your gateway. -> -> **Inbound Rule**: -> - Source: (as per your requirement) -> - Destination: Public and Private frontend IPs of your application gateway. -> - Destination Port: (as per configured listeners) -> - Protocol: TCP -> -> **Outbound Rule**: -> - (no specific requirement) +- No specific requirement > [!IMPORTANT]-> **The default domain name behavior for V1 SKU**: -> - Deployments before 1st May 2023: These deployments will continue to have the default domain names like \<label>.cloudapp.net mapped to the application gateway's Public IP address. -> - Deployments after 1st May 2023: For deployments after this date, there will NOT be any default domain name mapped to the gateway's Public IP address. You must manually configure using your domain name by mapping its DNS record to the gateway's IP address +> The default domain name behavior for v1 SKU: +> +> - Deployments before May 1, 2023: These deployments will continue to have the default domain names like \<label>.cloudapp.net mapped to the application gateway's public IP address. +> - Deployments after May 1, 2023: For deployments after this date, there will *not* be any default domain name mapped to the gateway's public IP address. You must manually configure using your domain name by mapping its DNS record to the gateway's IP address. ## Next steps |
application-gateway | Configuration Infrastructure | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/configuration-infrastructure.md | -The application gateway infrastructure includes the virtual network, subnets, network security groups, and user defined routes. +The Azure Application Gateway infrastructure includes the virtual network, subnets, network security groups (NSGs), and user-defined routes (UDRs). ## Virtual network and dedicated subnet -An application gateway is a dedicated deployment in your virtual network. Within your virtual network, a dedicated subnet is required for the application gateway. You can have multiple instances of a given application gateway deployment in a subnet. You can also deploy other application gateways in the subnet. But you can't deploy any other resource in the application gateway subnet. You can't mix v1 and v2 Azure Application Gateway SKUs on the same subnet. +An application gateway is a dedicated deployment in your virtual network. Within your virtual network, a dedicated subnet is required for the application gateway. You can have multiple instances of a specific Application Gateway deployment in a subnet. You can also deploy other application gateways in the subnet. But you can't deploy any other resource in the Application Gateway subnet. You can't mix v1 and v2 Application Gateway SKUs on the same subnet. > [!NOTE] > [Virtual network service endpoint policies](../virtual-network/virtual-network-service-endpoint-policies-overview.md) are currently not supported in an Application Gateway subnet. An application gateway is a dedicated deployment in your virtual network. Within Application Gateway uses one private IP address per instance, plus another private IP address if a private frontend IP is configured. -Azure also reserves five IP addresses in each subnet for internal use: the first four and the last IP addresses. For example, consider 15 application gateway instances with no private frontend IP. You need at least 20 IP addresses for this subnet: five for internal use and 15 for the application gateway instances. +Azure also reserves five IP addresses in each subnet for internal use. They're the first four addresses and the last IP addresses. For example, consider 15 Application Gateway instances with no private frontend IP. You need at least 20 IP addresses for this subnet. You need 5 for internal use and 15 for the Application Gateway instances. -Consider a subnet that has 27 application gateway instances and an IP address for a private frontend IP. In this case, you need 33 IP addresses: 27 for the application gateway instances, one for the private front end, and five for internal use. +Consider a subnet that has 27 Application Gateway instances and an IP address for a private frontend IP. In this case, you need 33 IP addresses. You need 27 for the Application Gateway instances, one for the private frontend, and 5 for internal use. -Application Gateway (Standard or WAF) SKU can support up to 32 instances (32 instance IP addresses + 1 private frontend IP configuration + 5 Azure reserved) – so a minimum subnet size of /26 is recommended +Application Gateway (Standard or WAF SKU) can support up to 32 instances (32 instance IP addresses + 1 private frontend IP configuration + 5 Azure reserved). We recommend a minimum subnet size of /26. -Application Gateway (Standard_v2 or WAF_v2 SKU) can support up to 125 instances (125 instance IP addresses + 1 private frontend IP configuration + 5 Azure reserved). A minimum subnet size of /24 is recommended. +Application Gateway (Standard_v2 or WAF_v2 SKU) can support up to 125 instances (125 instance IP addresses + 1 private frontend IP configuration + 5 Azure reserved). We recommend a minimum subnet size of /24. -To determine the available capacity of a subnet that has existing Application Gateways provisioned, take the size of the subnet and subtract the five reserved IP addresses of the subnet reserved by the platform.  Next, take each gateway and subtract the max-instance count.  For each gateway that has a private frontend IP configuration, subtract one additional IP address per gateway as well. +To determine the available capacity of a subnet that has existing application gateways provisioned, take the size of the subnet and subtract the five reserved IP addresses of the subnet reserved by the platform. Next, take each gateway and subtract the maximum instance count. For each gateway that has a private frontend IP configuration, subtract one more IP address per gateway. For example, here's how to calculate the available addressing for a subnet with three gateways of varying sizes:-- Gateway 1: Maximum of 10 instances; utilizes a private frontend IP configuration-- Gateway 2: Maximum of 2 instances; no private frontend IP configuration-- Gateway 3: Maximum of 15 instances; utilizes a private frontend IP configuration-- Subnet Size: /24 -Subnet Size /24 = 256 IP addresses - 5 reserved from the platform = 251 available addresses. -251 - Gateway 1 (10) - 1 private frontend IP configuration = 240 -240 - Gateway 2 (2) = 238 -238 - Gateway 3 (15) - 1 private frontend IP configuration = 222 +- **Gateway 1**: Maximum of 10 instances. Uses a private frontend IP configuration. +- **Gateway 2**: Maximum of 2 instances. No private frontend IP configuration. +- **Gateway 3**: Maximum of 15 instances. Uses a private frontend IP configuration. +- **Subnet size**: /24 + - Subnet size /24 = 256 IP addresses - 5 reserved from the platform = 251 available addresses + - **251**: Gateway 1 (10) - 1 private frontend IP configuration = 240 + - **240**: Gateway 2 (2) = 238 + - **238**: Gateway 3 (15) - 1 private frontend IP configuration = 222 > [!IMPORTANT]-> Although a /24 subnet isn't required per Application Gateway v2 SKU deployment, it is highly recommended. This is to ensure that Application Gateway v2 has sufficient space for autoscaling expansion and maintenance upgrades. You should ensure that the Application Gateway v2 subnet has sufficient address space to accommodate the number of instances required to serve your maximum expected traffic. If you specify the maximum instance count, then the subnet should have capacity for at least that many addresses. For capacity planning around instance count, see [instance count details](understanding-pricing.md#instance-count). +> Although a /24 subnet isn't required per Application Gateway v2 SKU deployment, we highly recommend it. A /24 subnet ensures that Application Gateway v2 has sufficient space for autoscaling expansion and maintenance upgrades. +> +> You should ensure that the Application Gateway v2 subnet has sufficient address space to accommodate the number of instances required to serve your maximum expected traffic. If you specify the maximum instance count, the subnet should have capacity for at least that many addresses. For capacity planning around instance count, see [Instance count details](understanding-pricing.md#instance-count). -> [!IMPORTANT] -> The subnet named "GatewaySubnet" is reserved for VPN gateways. The Application Gateway V1 resources using the "GatewaySubnet" subnet need to be moved to a different subnet or migrated to V2 SKU before September 30, 2023 to avoid control plane failures and platform inconsistencies. For changing the subnet of an existing Application gateway, see [steps here](application-gateway-faq.yml#can-i-change-the-virtual-network-or-subnet-for-an-existing-application-gateway). +The subnet named `GatewaySubnet` is reserved for VPN gateways. The Application Gateway v1 resources using the `GatewaySubnet` subnet need to be moved to a different subnet or migrated to the v2 SKU before September 30, 2023, to avoid control plane failures and platform inconsistencies. For information on changing the subnet of an existing Application Gateway instance, see [Frequently asked questions about Application Gateway](application-gateway-faq.yml#can-i-change-the-virtual-network-or-subnet-for-an-existing-application-gateway). > [!TIP]-> IP addresses are allocated from the beginning of the defined subnet space for gateway instances. As instances are created and removed due to creation of gateways or scaling events, it can become difficult to understand what the next available address is in the subnet. To be able to determine the next address to use for a future gateway and have a contiguous addressing theme for frontend IPs, consider assigning frontend IP addresses from the upper half of the defined subset space. For example, if my subnet address space is 10.5.5.0/24, consider setting the private frontend IP configuration of your gateways starting with 10.5.5.254 and then following with 10.5.5.253, 10.5.5.252, 10.5.5.251, and so forth for future gateways. +> IP addresses are allocated from the beginning of the defined subnet space for gateway instances. As instances are created and removed because of creation of gateways or scaling events, it can become difficult to understand what the next available address is in the subnet. To be able to determine the next address to use for a future gateway and have a contiguous addressing theme for frontend IPs, consider assigning frontend IP addresses from the upper half of the defined subset space. +> +> For example, if the subnet address space is 10.5.5.0/24, consider setting the private frontend IP configuration of your gateways starting with 10.5.5.254 and then following with 10.5.5.253, 10.5.5.252, 10.5.5.251, and so forth for future gateways. -> [!TIP] -> It is possible to change the subnet of an existing Application Gateway within the same virtual network. You can do this using Azure PowerShell or Azure CLI. For more information, see [Frequently asked questions about Application Gateway](application-gateway-faq.yml#can-i-change-the-virtual-network-or-subnet-for-an-existing-application-gateway) +It's possible to change the subnet of an existing Application Gateway instance within the same virtual network. To make this change, use Azure PowerShell or the Azure CLI. For more information, see [Frequently asked questions about Application Gateway](application-gateway-faq.yml#can-i-change-the-virtual-network-or-subnet-for-an-existing-application-gateway). -### DNS Servers for name resolution +### DNS servers for name resolution -The virtual network resource supports [DNS server](../virtual-network/manage-virtual-network.md#view-virtual-networks-and-settings-using-the-azure-portal) configuration, allowing you to choose between Azure-provided default or Custom DNS servers. The instances of your application gateway also honor this DNS configuration for any name resolution. Thus, after you change this setting, you must restart ([Stop](/powershell/module/az.network/Stop-AzApplicationGateway) and [Start](/powershell/module/az.network/start-azapplicationgateway)) your application gateway for these changes to take effect on the instances. +The virtual network resource supports [DNS server](../virtual-network/manage-virtual-network.md#view-virtual-networks-and-settings-using-the-azure-portal) configuration, which allows you to choose between Azure-provided default or custom DNS servers. The instances of your application gateway also honor this DNS configuration for any name resolution. After you change this setting, you must restart ([Stop](/powershell/module/az.network/Stop-AzApplicationGateway) and [Start](/powershell/module/az.network/start-azapplicationgateway)) your application gateway for these changes to take effect on the instances. > [!NOTE]-> If you use custom DNS servers in the Application Gateway VNet, the DNS server must be able to resolve public Internet names. This is required by Application Gateway. +> If you use custom DNS servers in the Application Gateway virtual network, the DNS server must be able to resolve public internet names. Application Gateway requires this capability. ++### Virtual network permission -### Virtual network permission +The Application Gateway resource is deployed inside a virtual network, so we also perform a check to verify the permission on the provided virtual network resource. This validation is performed during both creation and management operations. -Since the application gateway resource is deployed inside a virtual network, we also perform a check to verify the permission on the provided virtual network resource. This validation is performed during both creation and management operations. You should check your [Azure role-based access control](../role-based-access-control/role-assignments-list-portal.md) to verify the users (and service principals) that operate application gateways also have at least **Microsoft.Network/virtualNetworks/subnets/join/action** permission on the Virtual Network or Subnet. This validation also applies to the [Managed Identities for Application Gateway Ingress Controller](./tutorial-ingress-controller-add-on-new.md#deploy-an-aks-cluster-with-the-add-on-enabled). +Check your [Azure role-based access control](../role-based-access-control/role-assignments-list-portal.md) to verify that the users (and service principals) that operate application gateways also have at least **Microsoft.Network/virtualNetworks/subnets/join/action** permission on the virtual network or subnet. This validation also applies to the [managed identities for Application Gateway Ingress Controller](./tutorial-ingress-controller-add-on-new.md#deploy-an-aks-cluster-with-the-add-on-enabled). -You may use the built-in roles, such as [Network contributor](../role-based-access-control/built-in-roles.md#network-contributor), which already support this permission. If a built-in role doesn't provide the right permission, you can [create and assign a custom role](../role-based-access-control/custom-roles-portal.md). Learn more about [managing subnet permissions](../virtual-network/virtual-network-manage-subnet.md#permissions). +You can use the built-in roles, such as [Network contributor](../role-based-access-control/built-in-roles.md#network-contributor), which already support this permission. If a built-in role doesn't provide the right permission, you can [create and assign a custom role](../role-based-access-control/custom-roles-portal.md). Learn more about [managing subnet permissions](../virtual-network/virtual-network-manage-subnet.md#permissions). ++> [!NOTE] +> You might have to allow sufficient time for [Azure Resource Manager cache refresh](../role-based-access-control/troubleshooting.md?tabs=bicep#symptomrole-assignment-changes-are-not-being-detected) after role assignment changes. -> [!NOTE] -> You may have to allow sufficient time for [Azure Resource Manager cache refresh](../role-based-access-control/troubleshooting.md?tabs=bicep#symptomrole-assignment-changes-are-not-being-detected) after role assignment changes. +#### Identify affected users or service principals for your subscription -#### Identifying affected users or service principals for your subscription -By visiting Azure Advisor for your account, you can verify if your subscription has any users or service principals with insufficient permission. The details of that recommendation are as follows: +By visiting Azure Advisor for your account, you can verify if your subscription has any users or service principals with insufficient permission. The details of that recommendation are: **Title**: Update VNet permission of Application Gateway users </br> **Category**: Reliability </br> **Impact**: High </br> -#### Using temporary Azure Feature Exposure Control (AFEC) flag +#### Use temporary Azure Feature Exposure Control (AFEC) flag -As a temporary extension, we have introduced a subscription-level [Azure Feature Exposure Control (AFEC)](../azure-resource-manager/management/preview-features.md?tabs=azure-portal) that you can register for until you fix the permissions for all your users and/or service principals. Register for the given feature by following the same steps as a [preview feature registration](../azure-resource-manager/management/preview-features.md?#required-access) for your Azure subscription. +As a temporary extension, we introduced a subscription-level [Azure Feature Exposure Control (AFEC)](../azure-resource-manager/management/preview-features.md?tabs=azure-portal). You can register for the AFEC and use it until you fix the permissions for all your users and service principals. Register for the feature by following the same steps as a [preview feature registration](../azure-resource-manager/management/preview-features.md?#required-access) for your Azure subscription. **Name**: Microsoft.Network/DisableApplicationGatewaySubnetPermissionCheck </br> **Description**: Disable Application Gateway Subnet Permission Check </br> As a temporary extension, we have introduced a subscription-level [Azure Feature **EnrollmentType**: AutoApprove </br> > [!NOTE]-> We suggest using this feature control (AFEC) provision only as interim mitigation until you assign the correct permission. You must prioritize fixing the permissions for all the applicable Users (and Service Principals) and then unregister this AFEC flag to reintroduce the permission verification on the Virtual Network resource. It is recommended not to permanently depend on this AFEC method, as it will be removed in the future. +> We suggest using the AFEC provision only as interim mitigation until you assign the correct permission. You must prioritize fixing the permissions for all the applicable users (and service principals) and then unregister this AFEC flag to reintroduce the permission verification on the virtual network resource. We recommend that you don't depend on this AFEC method permanently because it will be removed in the future. ## Azure Virtual Network Manager -Azure Virtual Network Manager is a management service that allows you to group, configure, deploy, and manage virtual networks globally across subscriptions. With Virtual Network Manager, you can define network groups to identify and logically segment your virtual networks. After that, you can determine the connectivity and security configurations you want and apply them across all the selected virtual networks in network groups at once. Azure Virtual Network Manager's security admin rule configuration allows you to define security policies at scale and apply them to multiple virtual networks at once. +Azure Virtual Network Manager is a management service that allows you to group, configure, deploy, and manage virtual networks globally across subscriptions. With Virtual Network Manager, you can define network groups to identify and logically segment your virtual networks. After that, you can determine the connectivity and security configurations you want and apply them across all the selected virtual networks in network groups at once. -> [!NOTE] -> Security admin rules of Azure Virtual Network Manager apply to Application Gateway subnets that only contain Application Gateways that have ["Network Isolation"](Application-gateway-private-deployment.md) enabled. Subnets that have any Application Gateway that does not have ["Network Isolation"](Application-gateway-private-deployment.md) enabled, will not have security admin rules. +Security admin rule configuration in Azure Virtual Network Manager allows you to define security policies at scale and apply them to multiple virtual networks at once. +> [!NOTE] +> Security admin rules of Azure Virtual Network Manager apply to Application Gateway subnets that only contain application gateways that have [Network Isolation](Application-gateway-private-deployment.md) enabled. Subnets that have any application gateway that doesn't have [Network Isolation](Application-gateway-private-deployment.md) enabled won't have security admin rules. ## Network security groups -You can use Network security groups (NSGs) for your Application Gateway's subnet, but you should note some key points and restrictions. +You can use NSGs for your Application Gateway subnet, but be aware of some key points and restrictions. > [!IMPORTANT]-> These NSG limitations are relaxed when using [Private Application Gateway deployment (Preview)](application-gateway-private-deployment.md#network-security-group-control). +> These NSG limitations are relaxed when you use [Private Application Gateway deployment (preview)](application-gateway-private-deployment.md#network-security-group-control). ### Required security rules -To use NSG with your application gateway, you will need to create or retain some essential security rules. You may set their priority in the same order. +To use an NSG with your application gateway, you need to create or retain some essential security rules. You may set their priority in the same order. -**Inbound rules** +#### Inbound rules -1. **Client traffic** - Allow incoming traffic from the expected clients (as source IP or IP range), and for the destination as your application gateway's entire subnet IP prefix and inbound access ports. (Example: If you have listeners configured for ports 80 & 443, you must allow these ports. You can also set this to Any). +**Client traffic**: Allow incoming traffic from the expected clients (as source IP or IP range), and for the destination as your application gateway's entire subnet IP prefix and inbound access ports. For example, if you have listeners configured for ports 80 and 443, you must allow these ports. You can also set this rule to `Any`. | Source | Source ports | Destination | Destination ports | Protocol | Access | ||||||| |`<as per need>`|Any|`<Subnet IP Prefix>`|`<listener ports>`|TCP|Allow| -Upon configuring **active public and private listeners** (with Rules) **with the same port number**, your application gateway changes the "Destination" of all inbound flows to the frontend IPs of your gateway. This is true even for the listeners not sharing any port. You must thus include your gateway's frontend Public and Private IP addresses in the Destination of the inbound rule when using the same port configuration. -+After you configure *active public and private listeners* (with rules) *with the same port number*, your application gateway changes the **Destination** of all inbound flows to the frontend IPs of your gateway. This change occurs even for listeners that aren't sharing any port. You must include your gateway's frontend public and private IP addresses in the **Destination** of the inbound rule when you use the same port configuration. | Source | Source ports | Destination | Destination ports | Protocol | Access | ||||||| |`<as per need>`|Any|`<Public and Private<br/>frontend IPs>`|`<listener ports>`|TCP|Allow| -2. **Infrastructure ports** - Allow incoming requests from the source as GatewayManager service tag and any destination. The destination port range differs based on SKU and is required for communicating the status of the Backend Health. (These ports are protected/locked down by Azure certificates. External entities can't initiate changes on those endpoints without appropriate certificates in place). - - V2: Ports 65200-65535 - - V1: Ports 65503-65534 +**Infrastructure ports**: Allow incoming requests from the source as the **GatewayManager** service tag and **Any** destination. The destination port range differs based on SKU and is required for communicating the status of the backend health. These ports are protected/locked down by Azure certificates. External entities can't initiate changes on those endpoints without appropriate certificates in place. ++- **V2**: Ports 65200-65535 +- **V1**: Ports 65503-65534 | Source | Source ports | Destination | Destination ports | Protocol | Access | ||||||| |GatewayManager|Any|Any|`<as per SKU given above>`|TCP|Allow| -3. **Azure Load Balancer probes** - Allow incoming traffic from the source as AzureLoadBalancer service tag. This rule is created by default for [network security group](../virtual-network/network-security-groups-overview.md), and you must not override it with a manual Deny rule to ensure smooth operations of your application gateway. +**Azure Load Balancer probes**: Allow incoming traffic from the source as the **AzureLoadBalancer** service tag. This rule is created by default for [NSGs](../virtual-network/network-security-groups-overview.md). You must not override it with a manual **Deny** rule to ensure smooth operations of your application gateway. | Source | Source ports | Destination | Destination ports | Protocol | Access | ||||||| |AzureLoadBalancer|Any|Any|Any|Any|Allow| -You may block all other incoming traffic by using a deny-all rule. +You can block all other incoming traffic by using a **Deny All** rule. -**Outbound rules** +#### Outbound rules -1. **Outbound to the Internet** - Allow outbound traffic to the Internet for all destinations. This rule is created by default for [network security group](../virtual-network/network-security-groups-overview.md), and you must not override it with a manual Deny rule to ensure smooth operations of your application gateway. Outbound NSG rules that deny any outbound connectivity must not be created. +**Outbound to the internet**: Allow outbound traffic to the internet for all destinations. This rule is created by default for [NSGs](../virtual-network/network-security-groups-overview.md). You must not override it with a manual **Deny** rule to ensure smooth operations of your application gateway. Outbound NSG rules that deny any outbound connectivity must not be created. | Source | Source ports | Destination | Destination ports | Protocol | Access | ||||||| |Any|Any|Internet|Any|Any|Allow| -## Supported user-defined routes +## Supported user-defined routes -Fine grain control over the Application Gateway subnet via Route Table rules is possible in public preview. More details can be found [here](application-gateway-private-deployment.md#route-table-control). +Fine-grain control over the Application Gateway subnet via route table rules is possible in public preview. For more information, see [Private Application Gateway deployment (preview)](application-gateway-private-deployment.md#route-table-control). -With current functionality there are some restrictions: +With current functionality, there are some restrictions: > [!IMPORTANT]-> Using UDRs on the Application Gateway subnet might cause the health status in the [backend health view](application-gateway-backend-health.md) to appear as **Unknown**. It also might cause generation of Application Gateway logs and metrics to fail. We recommend that you don't use UDRs on the Application Gateway subnet so that you can view the backend health, logs, and metrics. --- **v1**+> Using UDRs on the Application Gateway subnet might cause the health status in the [backend health view](application-gateway-backend-health.md) to appear as **Unknown**. It also might cause generation of Application Gateway logs and metrics to fail. We recommend not using UDRs on the Application Gateway subnet so that you can view the backend health, logs, and metrics. - For the v1 SKU, user-defined routes (UDRs) are supported on the Application Gateway subnet, as long as they don't alter end-to-end request/response communication. For example, you can set up a UDR in the Application Gateway subnet to point to a firewall appliance for packet inspection. But you must make sure that the packet can reach its intended destination after inspection. Failure to do so might result in incorrect health-probe or traffic-routing behavior. This includes learned routes or default 0.0.0.0/0 routes that are propagated by Azure ExpressRoute or VPN gateways in the virtual network. +- **v1**: For the v1 SKU, UDRs are supported on the Application Gateway subnet if they don't alter end-to-end request/response communication. For example, you can set up a UDR in the Application Gateway subnet to point to a firewall appliance for packet inspection. But you must make sure that the packet can reach its intended destination after inspection. Failure to do so might result in incorrect health-probe or traffic-routing behavior. Learned routes or default 0.0.0.0/0 routes that are propagated by Azure ExpressRoute or VPN gateways in the virtual network are also included. -- **v2**+- **v2**: For the v2 SKU, there are supported and unsupported scenarios. - For the v2 SKU, there are supported and unsupported scenarios: +### v2 supported scenarios - **v2 supported scenarios** - > [!WARNING] - > An incorrect configuration of the route table could result in asymmetrical routing in Application Gateway v2. Ensure that all management/control plane traffic is sent directly to the Internet and not through a virtual appliance. Logging, metrics, and CRL checks could also be affected. +> [!WARNING] +> An incorrect configuration of the route table could result in asymmetrical routing in Application Gateway v2. Ensure that all management/control plane traffic is sent directly to the internet and not through a virtual appliance. Logging, metrics, and CRL checks could also be affected. +**Scenario 1:** UDR to disable Border Gateway Protocol (BGP) route propagation to the Application Gateway subnet - **Scenario 1**: UDR to disable Border Gateway Protocol (BGP) Route Propagation to the Application Gateway subnet +Sometimes the default gateway route (0.0.0.0/0) is advertised via the ExpressRoute or VPN gateways associated with the Application Gateway virtual network. This behavior breaks management plane traffic, which requires a direct path to the internet. In such scenarios, you can use a UDR to disable BGP route propagation. - Sometimes the default gateway route (0.0.0.0/0) is advertised via the ExpressRoute or VPN gateways associated with the Application Gateway virtual network. This breaks management plane traffic, which requires a direct path to the Internet. In such scenarios, a UDR can be used to disable BGP route propagation. +To disable BGP route propagation: - To disable BGP route propagation, use the following steps: +1. Create a route table resource in Azure. +1. Disable the **Virtual network gateway route propagation** parameter. +1. Associate the route table to the appropriate subnet. - 1. Create a Route Table resource in Azure. - 2. Disable the **Virtual network gateway route propagation** parameter. - 3. Associate the Route Table to the appropriate subnet. +Enabling the UDR for this scenario shouldn't break any existing setups. - Enabling the UDR for this scenario shouldn't break any existing setups. +**Scenario 2:** UDR to direct 0.0.0.0/0 to the internet - **Scenario 2**: UDR to direct 0.0.0.0/0 to the Internet +You can create a UDR to send 0.0.0.0/0 traffic directly to the internet. - You can create a UDR to send 0.0.0.0/0 traffic directly to the Internet. +**Scenario 3:** UDR for Azure Kubernetes Service (AKS) with kubenet - **Scenario 3**: UDR for Azure Kubernetes Service with kubenet +If you're using kubenet with AKS and Application Gateway Ingress Controller, you need a route table to allow traffic sent to the pods from Application Gateway to be routed to the correct node. You don't need to use a route table if you use Azure Container Networking Interface. - If you're using kubenet with Azure Kubernetes Service (AKS) and Application Gateway Ingress Controller (AGIC), you'll need a route table to allow traffic sent to the pods from Application Gateway to be routed to the correct node. This won't be necessary if you use Azure CNI. +To use the route table to allow kubenet to work: - To use the route table to allow kubenet to work, follow the steps below: +1. Go to the resource group created by AKS. The name of the resource group should begin with `MC_`. +1. Find the route table created by AKS in that resource group. The route table should be populated with the following information: + + - Address prefix should be the IP range of the pods you want to reach in AKS. + - Next hop type should be virtual appliance. + - Next hop address should be the IP address of the node hosting the pods. +1. Associate this route table to the Application Gateway subnet. - 1. Go to the resource group created by AKS (the name of the resource group should begin with "MC_") - 2. Find the route table created by AKS in that resource group. The route table should be populated with the following information: - - Address prefix should be the IP range of the pods you want to reach in AKS. - - Next hop type should be Virtual Appliance. - - Next hop address should be the IP address of the node hosting the pods. - 3. Associate this route table to the Application Gateway subnet. - - **v2 unsupported scenarios** +### v2 unsupported scenarios - **Scenario 1**: UDR for Virtual Appliances +**Scenario 1:** UDR for virtual appliances - Any scenario where 0.0.0.0/0 needs to be redirected through any virtual appliance, a hub/spoke virtual network, or on-premises (forced tunneling) isn't supported for V2. +Any scenario where 0.0.0.0/0 needs to be redirected through a virtual appliance, a hub/spoke virtual network, or on-premises (forced tunneling) isn't supported for v2. ## Next steps -- [Learn about frontend IP address configuration](configuration-frontend-ip.md).-- [Learn about private Application Gateway deployment](application-gateway-private-deployment.md).+- [Learn about frontend IP address configuration](configuration-frontend-ip.md) +- [Learn about private Application Gateway deployment](application-gateway-private-deployment.md) |
application-gateway | Diagnostics | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/application-gateway/for-containers/diagnostics.md | Activity logging is automatically enabled for every Resource Manager resource. Y The following PowerShell sample enables all logging to a storage account for Application Gateway for Containers. Replace the resource group name, storage account name, and subscription ID with your own values. The storage account and resource group must be in the same region as your Application Gateway for Containers. ```PowerShell- $storageAccount = Get-AzStorageAccount -ResourceGroupName acctest5097 -Name centraluseuaptclogs - $metric = @() - $log = @() - $metric += New-AzDiagnosticSettingMetricSettingsObject -Enabled $true -Category AllMetrics -RetentionPolicyDay 30 -RetentionPolicyEnabled $true - $log += New-AzDiagnosticSettingLogSettingsObject -Enabled $true -CategoryGroup allLogs -RetentionPolicyDay 30 -RetentionPolicyEnabled $true - New-AzDiagnosticSetting -Name 'AppGWForContainersLogs' -ResourceId "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/acctest5097/providers/Microsoft.ServiceNetworking/trafficControllers/myagfc" -StorageAccountId $storageAccount.Id -Log $log -Metric $metric + # Retrieve the Azure Storage Account information +$storageAccount = Get-AzStorageAccount -ResourceGroupName acctest5097 -Name centraluseuaptclogs ++# Initialize arrays to store metric and log settings +$metric = @() +$log = @() ++# Configure metric settings +$metric += New-AzDiagnosticSettingMetricSettingsObject -Enabled $true -Category AllMetrics -RetentionPolicyDay 30 -RetentionPolicyEnabled $true ++# Configure log settings +$log += New-AzDiagnosticSettingLogSettingsObject -Enabled $true -CategoryGroup allLogs -RetentionPolicyDay 30 -RetentionPolicyEnabled $true ++# Create a new diagnostic setting for the specified resource +New-AzDiagnosticSetting -Name 'AppGWForContainersLogs' -ResourceId "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/acctest5097/providers/Microsoft.ServiceNetworking/trafficControllers/myagfc" -StorageAccountId $storageAccount.Id -Log $log -Metric $metric ``` |
automation | Automation Managing Data | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/automation-managing-data.md | Title: Azure Automation data security description: This article helps you learn how Azure Automation protects your privacy and secures your data. Previously updated : 11/17/2023 Last updated : 11/20/2023 For information about TLS 1.2 support with the Log Analytics agent for Windows a ### Upgrade TLS protocol for Hybrid Workers and Webhook calls -From **1 October 2024**, all agent-based and extension-based User Hybrid Runbook Workers using Transport Layer Security (TLS) 1.0 and 1.1 protocols would no longer be able to connect to Azure Automation and all jobs running or scheduled on these machines would fail. +From **31 October 2024**, all agent-based and extension-based User Hybrid Runbook Workers, Webhooks, and DSC nodes using Transport Layer Security (TLS) 1.0 and 1.1 protocols would no longer be able to connect to Azure Automation. All jobs running or scheduled on Hybrid Workers using TLS 1.0 and 1.1 protocols would fail. Ensure that the Webhook calls that trigger runbooks navigate on TLS 1.2 or higher. Ensure to make registry changes so that Agent and Extension based workers negotiate only on TLS 1.2 and higher protocols. Learn how to [disable TLS 1.0/1.1 protocols on Windows Hybrid Worker and enable TLS 1.2 or above](/system-center/scom/plan-security-tls12-config#configure-windows-operating-system-to-only-use-tls-12-protocol) on Windows machine. |
automation | Disable Local Authentication | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/automation/disable-local-authentication.md | Title: Disable local authentication in Azure Automation description: This article describes disabling local authentication in Azure Automation. Previously updated : 06/12/2023 Last updated : 11/20/2023 #Customer intent: As an administrator, I want disable local authentication so that I can enhance security. The following table describes the behaviors or features that are prevented from ||| |Starting a runbook using a webhook. | Start a runbook job using Azure Resource Manager template, which uses Microsoft Entra authentication. | |Using Automation Desired State Configuration.| Use [Azure Policy Guest configuration](../governance/machine-configuration/overview.md).  |-|Using agent-based Hybrid Runbook Workers.| Use [extension-based Hybrid Runbook Workers (Preview)](./extension-based-hybrid-runbook-worker-install.md).| -|Using Automation Update management |Use [Update Manager (preview)](../update-center/overview.md) +|Using agent-based Hybrid Runbook Workers.| Use [extension-based Hybrid Runbook Workers](./extension-based-hybrid-runbook-worker-install.md).| +|Using Azure Update Manager |Use [Azure Update Manager](../update-manager/overview.md)| ## Next steps |
azure-app-configuration | Howto Targetingfilter Aspnet Core | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/howto-targetingfilter-aspnet-core.md | ms.devlang: csharp Previously updated : 11/20/2020 Last updated : 11/20/2023 # Enable staged rollout of features for targeted audiences Feature flags allow you to dynamically activate or deactivate functionality in y In this article, you'll learn how to roll out a new feature in an ASP.NET Core web application to specified users and groups, using `TargetingFilter` with Azure App Configuration. +## Prerequisites ++- Finish the [Quickstart: Add feature flags to an ASP.NET Core app](./quickstart-feature-flag-aspnet-core.md). +- Update the `Microsoft.FeatureManagement.AspNetCore` package to version **2.6.0** or later. + ## Create a web application with feature flags and authentication To roll out features based on users and groups, you'll need a web application that allows users to sign in. Users with `contoso-xyz.com` email addresses will not see the *Beta* item. While ## Next steps > [!div class="nextstepaction"]-> [Feature management overview](./concept-feature-management.md) +> [Feature management overview](./concept-feature-management.md) |
azure-app-configuration | Quickstart Azure Kubernetes Service | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/quickstart-azure-kubernetes-service.md | In this quickstart, you: * Created a ConfigMap with data from your App Configuration store. * Ran the application with configuration from your App Configuration store without changing your application code. +To learn how to update your AKS workloads to dynamically refresh configuration, continue to the next tutorial. ++> [!div class="nextstepaction"] +> [Use dynamic configuration in Azure Kubernetes Service](./enable-dynamic-configuration-azure-kubernetes-service.md) + To learn more about the Azure App Configuration Kubernetes Provider, see [Azure App Configuration Kubernetes Provider reference](./reference-kubernetes-provider.md). |
azure-app-configuration | Quickstart Python Provider | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/quickstart-python-provider.md | In this section, you will create a console application and load data from your A #### [Windows command prompt](#tab/windowscommandprompt) - To build and run the app locally using the Windows command prompt, run the following command and replace `<app-configuration-store-connection-string>` with the connection string of your app configuration store: + To run the app locally using the Windows command prompt, run the following command and replace `<app-configuration-store-connection-string>` with the connection string of your app configuration store: ```cmd setx AZURE_APPCONFIG_CONNECTION_STRING "connection-string-of-your-app-configuration-store" In this section, you will create a console application and load data from your A export AZURE_APPCONFIG_CONNECTION_STRING='<app-configuration-store-connection-string>' ``` -1. Restart the command prompt to allow the change to take effect. Print out the value of the environment variable to validate that it is set properly with the command below. +1. Print out the value of the environment variable to validate that it is set properly with the command below. #### [Windows command prompt](#tab/windowscommandprompt) - Using the Windows command prompt, run the following command: + Using the Windows command prompt, restart the command prompt to allow the change to take effect and run the following command: ```cmd- printenv AZURE_APPCONFIG_CONNECTION_STRING + echo %AZURE_APPCONFIG_CONNECTION_STRING% ``` #### [PowerShell](#tab/powershell) In this section, you will create a console application and load data from your A ```console echo "$AZURE_APPCONFIG_CONNECTION_STRING" -1. After the build successfully completes, run the following command to run the app locally: +1. After the environment variable is properly set, run the following command to run the app locally: ```python python app-configuration-quickstart.py |
azure-app-configuration | Quickstart Python | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-app-configuration/quickstart-python.md | Add the following key-value to the App Configuration store and leave **Label** a ### [Windows command prompt](#tab/windowscommandprompt) - To build and run the app locally using the Windows command prompt, run the following command and replace `<app-configuration-store-connection-string>` with the connection string of your app configuration store: + To run the app locally using the Windows command prompt, run the following command and replace `<app-configuration-store-connection-string>` with the connection string of your app configuration store: ```cmd setx AZURE_APPCONFIG_CONNECTION_STRING "connection-string-of-your-app-configuration-store" Add the following key-value to the App Configuration store and leave **Label** a export AZURE_APPCONFIG_CONNECTION_STRING='<app-configuration-store-connection-string>' ``` -1. Restart the command prompt to allow the change to take effect. Print out the value of the environment variable to validate that it is set properly with the command below. +1. Print out the value of the environment variable to validate that it is set properly with the command below. ### [Windows command prompt](#tab/windowscommandprompt) - Using the Windows command prompt, run the following command: + Using the Windows command prompt, restart the command prompt to allow the change to take effect and run the following command: ```cmd- printenv AZURE_APPCONFIG_CONNECTION_STRING + echo %AZURE_APPCONFIG_CONNECTION_STRING% ``` ### [PowerShell](#tab/powershell) |
azure-arc | Validation Program | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/data/validation-program.md | To see how all Azure Arc-enabled components are validated, see [Validation progr |Solution and version | Kubernetes version | Azure Arc-enabled data services version | SQL engine version | PostgreSQL server version| |--|--|--|--|--|-|Lenovo ThinkAgile MX1020 |1.26.6| 1.24.0_2023-10-10 |16.0.5100.7246|Not validated| -|Lenovo ThinkAgile MX3520 |1.22.6| 1.10.0_2022-08-09 |16.0.312.4243| 12.3 (Ubuntu 12.3-1)| +|[Lenovo ThinkEdge SE455 V3](https://lenovopress.lenovo.com/lp1724-lenovo-thinkedge-se455-v3-server)|1.26.6|1.24.0_2023-10-10|16.0.5100.7246|Not validated| +|Lenovo ThinkAgile MX1020 |1.26.6|1.24.0_2023-10-10 |16.0.5100.7246|Not validated| +|Lenovo ThinkAgile MX3520 |1.22.6|1.10.0_2022-08-09 |16.0.312.4243| 12.3 (Ubuntu 12.3-1)| ### Nutanix |
azure-arc | Upgrade | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/resource-bridge/upgrade.md | This article describes how Arc resource bridge is upgraded, and the two ways upg ## Prerequisites -In order to upgrade Arc resource bridge, its status must be online and the [credentials in the appliance VM](maintenance.md#update-credentials-in-the-appliance-vm) must be valid. +In order to upgrade Arc resource bridge, the appliance VM must be online, its status is "Running" and the [credentials in the appliance VM](maintenance.md#update-credentials-in-the-appliance-vm) must be valid. -There must be sufficient space on the management machine and appliance VM to download required images (~3.5 GB). For VMware, a new template is created. +There must be sufficient space on the management machine (~3.5 GB) and appliance VM (35 GB) to download required images. For VMware, a new template is created. Currently, in order to upgrade Arc resource bridge, you must enable outbound connection from the Appliance VM IPs (`k8snodeippoolstart/end`, VM IP 1/2) to `msk8s.sb.tlu.dl.delivery.mp.microsoft.com`, port 443. Be sure the full list of [required endpoints for Arc resource bridge](network-requirements.md) are also enabled. There are two ways to upgrade Arc resource bridge: cloud-managed upgrades manage ## Cloud-managed upgrade -Arc resource bridge is a Microsoft-managed product. Microsoft manages upgrades of Arc resource bridge through cloud-managed upgrade. Cloud-managed upgrade allows Microsoft to ensure that the resource bridge remains on a supported version. +As a Microsoft-managed product, Arc resource bridges on a supported [private cloud provider](#private-cloud-providers) with an appliance version 1.0.15 or higher are automatically opted into cloud-manaaged upgrade. With cloud-managed upgrade, Microsoft will manage the upgrade of your Arc resource bridge to be within supported versions provided prerequisites are met. If prerequisites are not met, then cloud managed upgrade will fail. ++While Microsoft manages the upgrade of your Arc resource bridge, you are still responsible for checking that your resource bridge is healthy, online, in a "Running" status and within the supported versions. Disruptions could cause cloud-managed upgrade to fail and you should remain proactive on the health, version and status of your appliance VM. You can check on the health, version and status of your appliance by using the az arcappliance show command from your management machine or checking the Azure resource of your Arc resource bridge. Cloud-managed upgrades are handled through Azure. A notification is pushed to Azure to reflect the state of the appliance VM as it upgrades. As the resource bridge progresses through the upgrade, its status might switch back and forth between different upgrade steps. Upgrade is complete when the appliance VM `status` is `Running` and `provisioningState` is `Succeeded`. Currently, private cloud providers differ in how they perform Arc resource bridg For Arc-enabled VMware vSphere, manual upgrade is available, but appliances on version 1.0.15 and higher will receive cloud-managed upgrade as the default experience. Appliances that are below version 1.0.15 must be manually upgraded. A manual upgrade only upgrades the appliance to the next version, not the latest version. If you have multiple versions to upgrade, then another option is to review the steps for [performing a recovery](/azure/azure-arc/vmware-vsphere/recover-from-resource-bridge-deletion), then delete the appliance VM and perform the recovery steps. This will deploy a new Arc resource bridge using the latest version and reconnect pre-existing Azure resources. -Azure Arc VM management (preview) on Azure Stack HCI supports upgrade of an Arc resource bridge on Azure Stack HCI, version 22H2 up until appliance version 1.0.14 and `az arcappliance` CLI extension version 0.2.33. These upgrades can be done through manual upgrade. For subsequent upgrades, you must transition to Azure Stack HCI, version 23H2 (preview). In version 23H2 (preview), the LCM tool manages upgrades across all components as a "validated recipe" package. For more information, visit the [Arc VM management FAQ page](/azure-stack/hci/manage/azure-arc-vms-faq). --For Arc-enabled System Center Virtual Machine Manager (SCVMM), the upgrade feature isn't currently available yet. Review the steps for [performing the recovery operation](/azure/azure-arc/system-center-virtual-machine-manager/disaster-recovery), then delete the appliance VM from SCVMM and perform the recovery steps. This deploys a new resource bridge and reconnects pre-existing Azure resources. +Azure Arc VM management (preview) on Azure Stack HCI supports upgrade of an Arc resource bridge on Azure Stack HCI, version 22H2 up until appliance version 1.0.14 and `az arcappliance` CLI extension version 0.2.33. These upgrades can be done through manual upgrade. However, HCI version 22H2 will not be supported for appliance version 1.0.15 or higher because it is being deprecated. Customers on HCI 22h2 will receive limited support. To use appliance version 1.0.15 or higher, you must transition to Azure Stack HCI, version 23H2 (preview). In version 23H2 (preview), the LCM tool manages upgrades across all components as a "validated recipe" package. For more information, visit the [Arc VM management FAQ page](/azure-stack/hci/manage/azure-arc-vms-faq). +For Arc-enabled System Center Virtual Machine Manager (SCVMM) (preview), the manual upgrade feature is available for appliance version 1.0.14 and higher. Appliances below version 1.0.14 need to perform the recovery option to get to version 1.0.15 or higher. Review the steps for [performing the recovery operation](/azure/azure-arc/system-center-virtual-machine-manager/disaster-recovery), then delete the appliance VM from SCVMM and perform the recovery steps. This deploys a new resource bridge and reconnects pre-existing Azure resources. + ## Version releases The Arc resource bridge version is tied to the versions of underlying components used in the appliance image, such as the Kubernetes version. When there's a change in the appliance image, the Arc resource bridge version gets incremented. This generally happens when a new `az arcappliance` CLI extension version is released. A new extension is typically released on a monthly cadence at the end of the month. For detailed release info, see the [Arc resource bridge release notes](https://github.com/Azure/ArcResourceBridge/releases) on GitHub. |
azure-arc | Onboard Service Principal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/onboard-service-principal.md | Before you start connecting your machines, review the following requirements: * Microsoft.HybridCompute * Microsoft.GuestConfiguration * Microsoft.HybridConnectivity- * Microsoft.AzureArcData (if you plan to Arc-enable SQL Servers) + * Microsoft.AzureArcData (if you plan to Arc-enable SQL Server instances) See detailed how to here: [Azure resource providers prerequisites](prerequisites.md#azure-resource-providers) |
azure-arc | Vmware Faq | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-arc/servers/vmware-faq.md | Title: Azure Arc-enabled servers VMware Frequently Asked Questions description: Learn how to use Azure Arc-enabled servers on virtual machines running in VMware vSphere environments. Previously updated : 09/14/2023 Last updated : 11/20/2023 Azure Arc is the overarching brand for a suite of Azure hybrid products that ext ## What's the difference between Azure Arc-enabled servers and Azure Arc-enabled VMware vSphere? > [!NOTE]-> Arc-enabled VMware vSphere refers to the Arc integration with VMware vSphere environments. VMware vSphere environment. **Azure Arc-enabled VMware vSphere is currently in Public Preview.** -> Arc-enabled VMware vSphere supports vSphere environments anywhere, either on-premises as well [Azure VMware Solution (AVS)](./../../azure-vmware/deploy-arc-for-azure-vmware-solution.md), VMware Cloud on AWS, and Google Cloud VMware Engine. +> [Arc-enabled VMware vSphere](../vmware-vsphere/overview.md) supports vSphere environments anywhere, either on-premises as well as [Azure VMware Solution (AVS)](./../../azure-vmware/deploy-arc-for-azure-vmware-solution.md), VMware Cloud on AWS, and Google Cloud VMware Engine. The easiest way to think of this is as follows: |
azure-cache-for-redis | Cache How To Manage Redis Cache Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-cache-for-redis/cache-how-to-manage-redis-cache-powershell.md | To create a cache in the Azure operated by 21Vianet Cloud, use one of the follow * China East * China North -For more information about the Azure operated by 21Vianet Cloud, see [AzureChinaCloud for Azure operated by 21Vianet in China](https://www.windowsazure.cn/). - ### To connect to Microsoft Azure Germany To connect to Microsoft Azure Germany, use one of the following commands. |
azure-monitor | Agent Data Sources | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/agent-data-sources.md | description: Data sources define the log data that Azure Monitor collects from a Previously updated : 05/10/2022 Last updated : 10/19/2023 |
azure-monitor | Azure Monitor Agent Send Data To Event Hubs And Storage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/azure-monitor-agent-send-data-to-event-hubs-and-storage.md | Create a data collection rule for collecting events and sending to storage and e "news", "syslog", "user",- "UUCP" + "uucp" ], "logLevels": [ "Debug", Use the following section to troubleshoot sending data to Event Hubs and Storage ### Data not found in storage account table storage -- Check that the built-in role `Storage Table Data Contributor` is assigned with managed identity on storage account.+- Check that the built-in role `Storage Table Data Contributor` is assigned with managed identity on the storage account. - Check that the managed identity is assigned to the VM. - Check that the AMA settings have managed identity parameter. ### Data not flowing to event hub -- Check that the built-in role `Azure Event Hubs Data Sender` is assigned with managed identity on storage account.+- Check that the built-in role `Azure Event Hubs Data Sender` is assigned with managed identity on the event hub instance. - Check that the managed identity is assigned to the VM. - Check that the AMA settings have managed identity parameter. |
azure-monitor | Data Collection Rule Azure Monitor Agent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/agents/data-collection-rule-azure-monitor-agent.md | Examples of using a custom XPath to filter events: This section provides answers to common questions. -### How can I collect Windows security events by using the new Azure Monitor Agent? +### How can I collect Windows security events by using Azure Monitor Agent? There are two ways you can collect Security events using the new agent, when sending to a Log Analytics workspace:-- You can use AMA to natively collect Security Events, same as other Windows Events. These flow to the ['Event'](/azure/azure-monitor/reference/tables/Event) table in your Log Analytics workspace. If you want Security Events to flow into the ['SecurityEvent'](/azure/azure-monitor/reference/tables/SecurityEvent) table instead, you can [create the required DCR with PowerShell or with Azure Policy](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/how-to-configure-security-events-collection-with-azure-monitor/ba-p/3770719).+- You can use Azure Monitor Agent to natively collect Security Events, same as other Windows Events. These flow to the ['Event'](/azure/azure-monitor/reference/tables/Event) table in your Log Analytics workspace. - If you have Microsoft Sentinel enabled on the workspace, the security events flow via Azure Monitor Agent into the [`SecurityEvent`](/azure/azure-monitor/reference/tables/SecurityEvent) table instead (the same as using the Log Analytics agent). This scenario always requires the solution to be enabled first. ### Will I duplicate events if I use Azure Monitor Agent and the Log Analytics agent on the same machine? If you're collecting the same events with both agents, duplication occurs. This Limit duplication events to only the time when you transition from one agent to the other. After you've fully tested the data collection rule and verified its data collection, disable collection for the workspace and disconnect any Microsoft Monitoring Agent data connectors. -### Besides Xpath queries and specifying performance counters, is other more granular event filtering possible by using the new Azure Monitor Agent? +### Does Azure Monitor Agent offer more granular event filtering options other than Xpath queries and specifying performance counters? -For Syslog on Linux, you can choose facilities and the log level for each facility to collect. +For Syslog events on Linux, you can select facilities and the log level for each facility. -### If I create data collection rules that contain the same event ID and associate it to the same VM, will the events be duplicated? +### If I create data collection rules that contain the same event ID and associate them to the same VM, will events be duplicated? Yes. To avoid duplication, make sure the event selection you make in your data collection rules doesn't contain duplicate events. |
azure-monitor | Usage Flows | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/app/usage-flows.md | The User Flows tool visualizes how users move between the pages and features of * Where are the places that users churn most from your site? * Are there places where users repeat the same action over and over? -The User Flows tool starts from an initial page view, custom event, or exception that you specify. From this initial event, User Flows shows the events that happened before and after user sessions. Lines of varying thickness show how many times users followed each path. Special **Session Started** nodes show where the subsequent nodes began a session. **Session Ended** nodes show how many users sent no page views or custom events after the preceding node, highlighting where users probably left your site. +The User Flows tool starts from an initial custom event, exception, dependency, page view or request that you specify. From this initial event, User Flows shows the events that happened before and after user sessions. Lines of varying thickness show how many times users followed each path. Special **Session Started** nodes show where the subsequent nodes began a session. **Session Ended** nodes show how many users sent no page views or custom events after the preceding node, highlighting where users probably left your site. > [!NOTE] > Your Application Insights resource must contain page views or custom events to use the User Flows tool. [Learn how to set up your app to collect page views automatically with the Application Insights JavaScript SDK](./javascript.md). The User Flows tool starts from an initial page view, custom event, or exception :::image type="content" source="./media/usage-flows/initial-event.png" lightbox="./media/usage-flows/initial-event.png" alt-text="Screenshot that shows choosing an initial event for User Flows."::: -To begin answering questions with the User Flows tool, choose an initial page view, custom event, or exception to serve as the starting point for the visualization: +To begin answering questions with the User Flows tool, choose an initial custom event, exception, dependency, page view or request to serve as the starting point for the visualization: 1. Select the link in the **What do users do after?** title or select **Edit**.-1. Select a page view, custom event, or exception from the **Initial event** dropdown list. +1. Select a custom event, exception, dependency, page view or request from the **Initial event** dropdown list. 1. Select **Create graph**. The **Step 1** column of the visualization shows what users did most frequently after the initial event. The items are ordered from top to bottom and from most to least frequent. The **Step 2** and subsequent columns show what users did next. The information creates a picture of all the ways that users moved through your site. If page views or custom events are missing that you expect to see in the visuali * Check the **Excluded events** section on the **Edit** menu. * Use the plus buttons on **Others** nodes to include less-frequent events in the visualization. * If the page view or custom event you expect is sent infrequently by users, increase the time range of the visualization on the **Edit** menu.-* Make sure the page view, custom event, or exception you expect is set up to be collected by the Application Insights SDK in the source code of your site. Learn more about [collecting custom events](./api-custom-events-metrics.md). +* Make sure the custom event, exception, dependency, page view or request you expect is set up to be collected by the Application Insights SDK in the source code of your site. Learn more about [collecting custom events](./api-custom-events-metrics.md). If you want to see more steps in the visualization, use the **Previous steps** and **Next steps** dropdown lists above the visualization. Use the **Split by** options on the **Edit** menu: * [Usage overview](usage-overview.md) * [Users, sessions, and events](usage-segmentation.md) * [Retention](usage-retention.md)-* [Adding custom events to your app](./api-custom-events-metrics.md) +* [Adding custom events to your app](./api-custom-events-metrics.md) |
azure-monitor | Tables Feature Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/logs/tables-feature-support.md | The following list identifies the tables in a [Log Analytics workspace](log-anal | [AppTraces](/azure/azure-monitor/reference/tables/apptraces) | | | [ASimAuditEventLogs](/azure/azure-monitor/reference/tables/ASimAuditEventLogs) | | | [ASimDnsActivityLogs](/azure/azure-monitor/reference/tables/ASimDnsActivityLogs) | |-| ASimFileEventLogs | | +| [ASimFileEventLogs](/azure/azure-monitor/reference/tables/asimfileeventlogs) | | | [ASimNetworkSessionLogs](/azure/azure-monitor/reference/tables/ASimNetworkSessionLogs) | | | [ASimWebSessionLogs](/azure/azure-monitor/reference/tables/ASimWebSessionLogs) | | | [ATCExpressRouteCircuitIpfix](/azure/azure-monitor/reference/tables/atcexpressroutecircuitipfix) | | |
azure-monitor | Workbooks Getting Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/azure-monitor/visualize/workbooks-getting-started.md | By default, the workbook is auto-filled with the same settings as the LA workspa ## Share a workbook -When you want to share a workbook or template, keep in mind that the person you want to share with must have permissions to access the workbook. They must have an Azure account, and **Azure Sentinel Workbook Reader** permissions. +When you want to share a workbook or template, keep in mind that the person you want to share with must have permissions to access the workbook. They must have an Azure account, and **Monitoring Reader** permissions. To share a workbook or workbook template: 1. In the Azure portal, select the workbook or template you want to share. Select **Auto refresh** to open a list of intervals that you can use to select t ## Next steps -[Azure Workbooks data sources](workbooks-data-sources.md) +[Azure Workbooks data sources](workbooks-data-sources.md) |
backup | Azure Kubernetes Service Cluster Backup Support Matrix | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/azure-kubernetes-service-cluster-backup-support-matrix.md | Title: Azure Kubernetes Service (AKS) backup support matrix description: This article provides a summary of support settings and limitations of Azure Kubernetes Service (AKS) backup. Previously updated : 08/17/2023 Last updated : 11/20/2023 - references_regions - ignite-2023 AKS backup is available in all the Azure public cloud regions: East US, North Eu - Any unsupported persistent volume type is skipped while a backup is being created for the AKS cluster. -- The backup extension uses the AKS cluster's system identity to do the backup operations. Currently, AKS clusters using a User Identity, or a Service Principal aren't supported. If your AKS cluster uses a Service Principal, you can [update your AKS cluster to use a System Identity](../aks/use-managed-identity.md#enable-managed-identities-on-an-existing-aks-cluster).+- Currently, AKS clusters using a Service Principal aren't supported. If your AKS cluster uses a Service Principal, you can [update your AKS cluster to use a System Identity](../aks/use-managed-identity.md#enable-managed-identities-on-an-existing-aks-cluster). ++- You can deploy the Backup Extension in the Ubuntu-based cluster nodes. AKS Clusters with the Windows-based nodes aren't supported by Azure Backup for AKS. - You must install the backup extension in the AKS cluster. If you're using Azure CLI to install the backup extension, ensure that the version is 2.41 or later. Use `az upgrade` command to upgrade the Azure CLI. |
backup | Encryption At Rest With Cmk For Backup Vault | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/encryption-at-rest-with-cmk-for-backup-vault.md | + + Title: Encryption of backup data in the Backup vault using customer-managed keys +description: Learn how Azure Backup allows you to encrypt your backup data using customer-managed keys (CMK) in a Backup vault. + Last updated : 11/20/2023+++++++# Encryption of backup data in the Backup vault using customer-managed keys (preview) ++Azure Backup allows you to encrypt your backup data using customer-managed keys (CMK) instead of using platform-managed keys, which are enabled by default. Your keys to encrypt the backup data must be stored in [Azure Key Vault](../key-vault/index.yml). ++The encryption key used for encrypting backups might be different from the one used for the source. The data is protected using an AES 256-based data encryption key (DEK), which in turn, is protected using your key encryption keys (KEK). This provides you with full control over the data and the keys. To allow encryption, you must grant Backup vault the permissions to access the encryption key in the Azure Key Vault. You can change the key when required. ++>[!Note] +>Support for customer-managed keys configuration for Backup vault is in preview. ++## Support matrix ++### Supported regions ++CMK for Backup vault is currently available in the following regions: West Central US, Switzerland North. ++### Key Vault and managed HSM key requirements ++- **Encryption settings** use Azure Key Vault or Managed HSM Key and Backup vault's managed identity details. ++- The Backup vault's managed identity needs to have: ++ - Built-in [Crypto Service Encryption User role](/azure/role-based-access-control/built-in-roles#key-vault-crypto-service-encryption-user) assigned if your Key Vault is using IAM-based RBAC configuration. + - **Get**, **Wrap**, and **Unwrap** permissions if your Key Vault is using *Access Policies based configuration*. + - **Get**, **Wrap**, and **Unwrap** permissions granted via its Local RBAC on the key if you're using managed MSM. ++- Ensure that you've a valid (non-expired), enabled Key Vault Key. Don't use disabled or expired key as it can't be used for encryption at rest and will lead to backup and restore operation failures. Key Vault term also indicates Managed HSM if you haven't noted earlier. ++- Key Vault must have Soft Delete and Purge Protection enabled. ++- Encryption settings support Azure Key Vault RSA and RSA-HSM keys only of sizes 2048, 3072, and 4096. [Learn more about keys](/azure/key-vault/keys/about-keys). Before you consider Key Vault region for encryption settings, see [Key Vault DR scenarios](/azure/key-vault/general/disaster-recovery-guidance) for region failover support. ++- Managed HSM uses Local RBAC to manage the keys permissions. [Learn more](/azure/key-vault/managed-hsm/overview). ++### Known limitations ++- If you remove Key Vault access permissions given to the managed identity, PostgresSQL backup or restore operation will fail with generic error. +- If you remove Encryption Settings Key Vault permissions, disables System-assigned identity, or detaches/deletes the managed identity from the Backup vault being used for Encryption Settings, the background operations tiering and restore points expiry jobs will fail without surfacing errors to the Azure portal or other interfaces (REST API, CLI, and so on). These operations will continue to fail and incur cost until the required prerequisites and settings are restored. ++## Before you start ++- After you enable it for a Backup vault, encryption using customer-managed keys can't be reverted to use platform-managed keys (default). You can change the encryption keys, managed identity as per the requirements. ++- CMK is applied on the Azure Backup Storage Vault and Vault-Archive tiers, and not applicable for operational-tier. ++- Moving CMK encrypted Backup vault across Resource Groups and Subscriptions isn't currently supported. ++- User-assigned Manged Identity for Backup vault feature is currently in preview. +- Ensure that you check the Key Vault Key requirements provided in [this section](#key-vault-and-managed-hsm-key-requirements). +- Once you enable the encryption settings on the Backup vault, don't disable/detach the managed identity, or remove Key Vault permissions used for encryption settings. If you do these actions, it'll lead to failure of backup, restore, tiering, restore points expiry jobs, and will incur cost for the data stored in the Backup vault until: +++ - You can restore the Key Vault permissions. + - You reenable System Assigned identity, grant the Key Vault permissions to it and perform Encryption Settings update operation, if the System-assigned identity was used for encryption settings. + - You reattach the managed identity is reattached and has the required Key Vault permissions. + - You ensure that it has permissions to access the Key Vault and key to use new User-assigned identity. ++- Encryption settings use Azure Key Vault Key and Backup vault's managed identity details. ++ >[!Note] + >If the Key or Key Vault being used is deleted or access is revoked and can't be restored, you'll lose access to the data stored in the Backup vault. Also, ensure that you've appropriate permissions to provide/update managed identity, Backup vault, and Key Vault details. ++- Ensure that you've checked the [known limitations](#known-limitations) before you start using the encryption feature. ++- You can configure this feature via the Azure portal and REST APIs. ++## Enable encryption using customer-managed keys at vault creation ++When you create a Backup vault, you can enable encryption on the backups using customer-managed keys. Learn how to [create a Backup vault](create-manage-backup-vault.md#create-a-backup-vault). ++To enable the encryption, follow these steps: ++1. Next to the **Basics** tab, on the **Vault Properties** tab, specify the *encryption key* and the *identity* to be used for encryption. ++ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/backup-vault-properties.png" alt-text="Screenshot shows the Backup vault property." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/backup-vault-properties.png"::: ++ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/add-key-uri.png" alt-text="Screenshot shows how to add key URI to the Backup vault." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/add-key-uri.png"::: ++2. Select **Use customer-managed key** as the **Encryption type**. +3. To specify the key to be used for encryption, select the appropriate option. +4. Provide the *URI for the encryption key*. ++ You can also browse and select the key. ++5. To enable auto-rotation of the encryption key used for the Backup vault, click **Select from Key Vault** or run the *Version component* from the **Key URI** when you choose **Enter key URI**. [Learn more](encryption-at-rest-with-cmk.md#enable-autorotation-of-encryption-keys) about auto-rotation. ++6. Specify the *user-assigned managed identity* to manage encryption with *customer-managed keys*. +7. Add **Tags** (optional) and continue creating the vault. ++## Update the Backup vault properties to encrypt using customer-managed keys ++To configure a vault, perform the following actions in the given sequence to achieve the intended results. Each action is discussed in detail in the sections below: ++1. Enable managed identity for your Backup vault. ++2. Assign permissions to the vault to access the encryption key in Azure Key Vault. ++3. Enable soft-delete and purge protection on Azure Key Vault. ++4. Assign the encryption key to the Backup vault. ++### Enable managed identity for your Backup vault ++Azure Backup uses system-assigned managed identities and user-assigned managed identities of the Backup vault to authenticate the vault to access encryption keys stored in Azure Key Vault. You've an option to use either system-assigned identity of Backup vault or user-assigned identity attached to Backup vault. ++To enable managed identity for your Backup vault, see the following sections. ++>[!NOTE] +>- Once enabled, you must **not** disable the managed identity (even temporarily). Disabling the managed identity might lead to inconsistent behavior. +>- Also, you can't update both Key Vault Key URI and managed identity in a single request due to security reasons. Please update one attribute at a time. +++### Enable system-assigned managed identity for the vault ++Follow these steps: ++1. Go to your *Backup vault* > **Identity**. ++ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/enable-system-assigned-managed-identity-for-vault.png" alt-text="Screenshot shows how to open Identity settings." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/enable-system-assigned-managed-identity-for-vault.png"::: ++2. Select the **System assigned** tab. ++3. Change the **Status** to **On**. ++4. Select **Save** to enable the identity for the vault. ++An *Object ID* is generated, which is the system-assigned managed identity of the vault. ++>[!NOTE] +>Disabling the managed identity might lead to inconsistent behavior. ++++#### Assign user-assigned managed identity to the vault (in preview) ++To assign the user-assigned managed identity for your *Backup vault*, choose a client: ++1. Go to your *Backup vault* > **Identity**. ++ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/assign-user-assigned-managed-identity-to-vault.png" alt-text="Screenshot shows how to assign the user-assigned managed identity to the vault." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/assign-user-assigned-managed-identity-to-vault.png"::: ++2. Select the **User assigned** tab. ++3. Select **+Add** to add a user-assigned managed identity. ++4. In the **Add user assigned managed identity** pane, select the *subscription for your identity*. ++5. Select the *identity* from the list. You can also filter by the *name of the identity* or the *resource group*. ++6. Select **Add** to finish assigning the identity. ++>[!Note] +>- Vaults using user-assigned managed identities for CMK encryption don't support the use of private endpoints for Backup. +>- Azure Key Vaults limiting access to specific networks aren't yet supported for use along with user-assigned managed identities for CMK encryption. ++++### Assign permissions to the Backup vault to access the encryption key in Azure Key Vault ++You now need to permit the Backup vault to access the Azure Key Vault that contains the encryption key. This is done by allowing the Backup vault's managed identity to access the Key Vault. ++**Scenario: Key Vault having Access Control (IAM) access configuration enabled.** ++Follow these steps: ++1. Go to *Azure Key Vault* > **Access Control** > **Add Role Assignment**. +2. Select **Key Vault Crypto Service Encryption User** role from **Job function** roles. +3. Select **Next** > **Assign Access to** > **Managed Identity** > **Select Members**. +4. Select your *Backup vault managed identity*. +5. Select **Next** and assign. ++**Scenario: If your Key Vault has Access Policies configuration enabled** ++Follow these steps: ++1. Go to your *Azure Key Vault* > **Access Policies** > **+Create**. ++ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/access-policies.png" alt-text="Screenshot shows how to add Access Policies." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/access-policies.png"::: ++ 2. Under **Key Permissions**, select **Get**, **List**, **Unwrap Key**, and **Wrap Key** operations. This specifies the actions on the key that will be permitted. ++ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/key-permissions.png" alt-text="Screenshot shows how to assign key permissions." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/key-permissions.png"::: ++3. Select **Next** to go to **Select Principal** and search for your vault in the search box using its name or managed identity. Once it shows up, select the *vault* > **Next**. ++ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/select-principal.png" alt-text="Screenshot of Select principal in your Azure Key Vault." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/select-principal.png"::: ++4. Once done, select **Add** to add the new access policy. ++5. Select **Save** to save changes made to the access policy of the Azure Key Vault. ++>[!NOTE] +>- If you're using **user-assigned identities**, the same permissions must be assigned to the user-assigned identity. +>- You can also assign an RBAC role to the Backup vault that contains the above mentioned permissions, such as the *[Key Vault Crypto Officer](../key-vault/general/rbac-guide.md#azure-built-in-roles-for-key-vault-data-plane-operations)* role. These roles might contain additional permissions other than the ones discussed above. ++++### Enable soft-delete and purge protection on Azure Key Vault ++You need to **enable soft delete and purge protection** on your Azure Key Vault that stores your encryption key. ++You can do this from the Azure Key Vault UI as shown below. Alternatively, you can set these properties while creating the Key Vault. Learn more about these [Key Vault properties](../key-vault/general/soft-delete-overview.md). ++++### Assign encryption key to the Backup vault ++Before proceeding further, ensure that all the steps mentioned above are completed successfully: ++- The Backup vault's managed identity is enabled and has been assigned the required permissions. +- The Azure Key Vault has the soft-delete and purge-protection enabled. ++Once done, continue with selecting the encryption key for your vault. ++To assign the key and follow the steps, choose a client by following these steps: ++1. Go to your *Backup vault* > **Properties**. ++ ![Screenshot shows the encryption settings.](./media/encryption-at-rest-with-cmk/encryption-settings.png) ++2. Select **Update** under **Encryption Settings (preview)**. ++ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/update-encryption-settings.png" alt-text="Screenshot shows how to update encryption settings." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/update-encryption-settings.png"::: ++3. In the **Encryption Settings** pane, select **Use your own key** and continue to specify the key using one of the following ways. + + *Ensure that you use an RSA key, which is in enabled and active state.* ++ 1. Enter the **Key URI** with which you want to encrypt the data in this Backup vault. You can also obtain this key URI from the corresponding key in your Azure Key Vault. Ensure the key URI is copied correctly. It's recommended that you use the **Copy to clipboard** button provided with the key identifier. ++ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/key-uri.png" alt-text="Screenshot of the key URI in your Backup vault." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/key-uri.png"::: ++ >[!NOTE] + >When you try to update Encryption Settings but update operation fails due to internal error, the encryption setting is updated to **Inconsistent** and requires your attention. + :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/encryption-key-with-full-key-uri.png" alt-text="Screenshot shows encryption key with full key URI." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/encryption-key-with-full-key-uri.png"::: ++ >[!Note] + >When specifying the encryption key using the full Key URI with version, the key will not be autorotated, and you need to do key updates manually by specifying the new key or version when required. Alternatively, remove the Version component of the Key URI to get automatic rotation. ++ ![Screenshot shows how to enter key URI.](./media/encryption-at-rest-with-cmk/key-uri.png) ++ 2. Browse and select the key from the Key Vault in the **Key picker** pane. ++ >[!NOTE] + >When you specify the encryption key using the key picker pane, the key will be auto-rotated whenever a new version for the key is enabled. [Learn more](encryption-at-rest-with-cmk.md#enable-autorotation-of-encryption-keys) on enabling autorotation of encryption keys. ++ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/key-vault-encryption.png" alt-text="Screenshot shows how to select key from Key Vault." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/key-vault-encryption.png"::: ++4. Select **Update**. ++5. **Tracking progress and status of encryption key update**: You can track the progress and status of the encryption key assignment under the Notifications. The encryption key updates are also logged in the vault's Activity Log under Backup Vault update (PATCH) operation. ++ ![Screenshot shows the status as complete.](./media/encryption-at-rest-with-cmk/status-succeeded.png) +++++### Update encryption settings details ++You can update the encryption settings details anytime. Whenever you want to use a new key URI, ensure that your existing Key Vault still has access to the managed identity and the key is valid. Otherwise, the update operation will fail. ++>[!Note] +>The managed identity that you want to use for encryption needs to have the required permission before you use. ++++## Back up to a vault encrypted with customer-managed keys ++Before you configure protection, we recommend you to ensure that the following checklist is adhered. ++++>[!IMPORTANT] +> Before proceeding to configure protection, you must have **successfully** completed the following steps: +> +>1. Created a Backup vault. +>2. Enabled the Backup vault's system-assigned managed identity or assigned a user-assigned managed identity to the vault. +>3. Assigned permissions to your Backup vault (or the user-assigned managed identity) to access encryption keys from your Key Vault. +>4. Enabled soft delete and purge protection for your Key Vault +>5. Assigned a valid encryption key for your Backup vault +> +>If all the above steps are confirmed, only then proceed with configuring backup. ++The process to configure and perform backups to a Backup vault encrypted with customer-managed keys is the same as to a vault that uses platform-managed keys with **no changes to the experience**. ++## Troubleshoot Encryption Settings operations error ++### UserErrorCMKMissingMangedIdentityPermissionOnKeyVault ++**Error code**: UserErrorCMKMissingMangedIdentityPermissionOnKeyVault ++**Cause**: This error occurs when: ++- The managed identity being used for Encryption settings doesn't have the permissions to access the Key Vault. Also, the backup or restore jobs might fail with this error code if the access is removed after Encryption Settings are updated or managed identity is disable/detached from the Backup vault. +- You're using non-RSA (EC Key URI). ++**Recommended action**: Ensure that the managed identity selected to use for encryption settings has the required permissions and the key is an RSA type, and then retry the operation. ++++### UserErrorCMKKeyVaultAuthFailure ++**Error code**: UserErrorCMKKeyVaultAuthFailure ++**Cause**: Encryption Settings managed identity doesn't have the required permissions to access the Key Vault or key. Backup vault Managed identity (system or user assigned used for Encryption Settings) should have the following permissions on your Key Vault: ++- If Key Vault is using IAM – RBAC then Key Vault Crypto Service Encryption User built-in role permissions on the Key Vault. +- If you use *Access Policies*, **Get**, **Wrap** and **Unwrap** permissions are needed. ++**Recommended action**: Check the Key Vault access policies and grant permissions accordingly. ++## Next steps ++[Overview of security features in Azure Backup](security-overview.md). |
backup | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/backup/whats-new.md | Title: What's new in Azure Backup description: Learn about the new features in the Azure Backup service. Previously updated : 11/15/2023 Last updated : 11/20/2023 - ignite-2023 You can learn more about the new releases by bookmarking this page or by [subscr ## Updates summary - November 2023+ - [Encryption using Customer Managed Keys for Backup vaults (preview)](#encryption-using-customer-managed-keys-for-backup-vaults-preview) - [Back up Azure Database for PostgreSQL-Flexible server (preview)](#back-up-azure-database-for-postgresql-flexible-server-preview) - [Azure Kubernetes Service backup is now generally available](#azure-kubernetes-service-backup-is-now-generally-available) - [Manage protection of datasources using Azure Business Continuity center (preview)](#manage-protection-of-datasources-using-azure-business-continuity-center-preview) You can learn more about the new releases by bookmarking this page or by [subscr - [Backup for Azure Blobs (in preview)](#backup-for-azure-blobs-in-preview) +## Encryption using Customer Managed Keys for Backup vaults (preview) ++Azure Backup Vault now allows you to encrypt your backup data using customer-managed keys (CMK) instead of using platform-managed keys, which are enabled by default. This feature enables you to control data access using the key and Key Vault you provide. ++For more information, see [Encryption of backup data in the Backup vault using customer-managed keys (preview)](encryption-at-rest-with-cmk-for-backup-vault.md). + ## Back up Azure Database for PostgreSQL-Flexible server (preview) Azure Backup and Azure Database services together help you to build an enterprise-class backup solution for Azure PostgreSQL-Flexible server. You can meet your data protection and compliance needs with an end-user-controlled backup policy that enables retention of backups for up to 10 years. |
bastion | Tutorial Create Host Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/bastion/tutorial-create-host-portal.md | In this tutorial, you deployed Bastion to a virtual network and connected to a V > [!div class="nextstepaction"] > [VM connections and features](vm-about.md)++> [!div class="nextstepaction"] +> [Configure Azure DDos protection for your virtual network](../ddos-protection/manage-ddos-protection.md) |
bastion | Tutorial Protect Bastion Host Ddos | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/bastion/tutorial-protect-bastion-host-ddos.md | - Title: 'Tutorial: Protect your Bastion host with Azure DDoS protection' -description: Learn how to deploy Bastion using settings that you specify and secure the Bastion host with Azure DDoS protection. --- Previously updated : 12/20/2022-----# Tutorial: Protect your Bastion host with Azure DDoS protection --This article helps you create an Azure Bastion host with a DDoS protected virtual network. Azure DDoS protection protects your publicly accessible bastion host from Distributed Denial of Service attacks. --> [!IMPORTANT] -> Azure DDoS Protection incurs a cost when you use the Standard SKU. Overages charges only apply if more than 100 public IPs are protected in the tenant. Ensure you delete the resources in this tutorial if you aren't using the resources in the future. For information about pricing, see [Azure DDoS Protection Pricing]( https://azure.microsoft.com/pricing/details/ddos-protection/). For more information about Azure DDoS protection, see [What is Azure DDoS Protection?](../ddos-protection/ddos-protection-overview.md). --In this tutorial, you'll learn how to: --> [!div class="checklist"] -> * Deploy Bastion to your VNet. -> * Create a DDoS protection plan and enable DDoS protection. -> * Connect to a virtual machine. -> * Remove the public IP address from a virtual machine. ---## Prerequisites --* Verify that you have an Azure subscription. If you don't already have an Azure subscription, you can activate your [MSDN subscriber benefits](https://azure.microsoft.com/pricing/member-offers/msdn-benefits-details) or sign up for a [free account](https://azure.microsoft.com/pricing/free-trial). -* A [virtual network](../virtual-network/quick-create-portal.md). This will be the VNet to which you deploy Bastion. -* A virtual machine in the virtual network. This VM isn't a part of the Bastion configuration and doesn't become a bastion host. You connect to this VM later in this tutorial via Bastion. If you don't have a VM, create one using [Quickstart: Create a VM](../virtual-machines/windows/quick-create-portal.md). -* **Required VM roles:** -- * Reader role on the virtual machine. - * Reader role on the NIC with private IP of the virtual machine. --* **Required inbound ports:** -- * For Windows VMs - RDP (3389) - * For Linux VMs - SSH (22) -- > [!NOTE] - > The use of Azure Bastion with Azure Private DNS Zones is not supported at this time. Before you begin, please make sure that the virtual network where you plan to deploy your Bastion resource is not linked to a private DNS zone. - > --### <a name="values"></a>Example values --You can use the following example values when creating this configuration, or you can substitute your own. --**Basic VNet and VM values:** --|**Name** | **Value** | -| | | -| Virtual machine| TestVM | -| Resource group | TestRG1 | -| Region | East US | -| Virtual network | VNet1 | -| Address space | 10.1.0.0/16 | -| Subnets | FrontEnd: 10.1.0.0/24 | --**Azure Bastion values:** --|**Name** | **Value** | -| | | -| Name | VNet1-bastion | -| + Subnet Name | AzureBastionSubnet | -| AzureBastionSubnet addresses | A subnet within your VNet address space with a subnet mask /26 or larger.<br> For example, 10.1.1.0/26. | -| Tier/SKU | Standard | -| Instance count (host scaling)| 3 or greater | -| Public IP address | Create new | -| Public IP address name | VNet1-ip | -| Public IP address SKU | Standard | -| Assignment | Static | ---## <a name="createhost"></a>Deploy Bastion --This section helps you deploy Bastion to your VNet. Once Bastion is deployed, you can connect securely to any VM in the VNet using its private IP address. --> [!IMPORTANT] -> [!INCLUDE [Pricing](../../includes/bastion-pricing.md)] -> --1. Sign in to the [Azure portal](https://portal.azure.com). --1. Go to your virtual network. --1. On the page for your virtual network, in the left pane, select **Bastion** to open the **Bastion** page. --1. On the Bastion page, select **Configure manually**. This lets you configure specific additional settings when deploying Bastion to your VNet. -- :::image type="content" source="./media/tutorial-create-host-portal/manual-configuration.png" alt-text="Screenshot of Bastion page showing configure bastion on my own." lightbox="./media/tutorial-create-host-portal/manual-configuration.png"::: --1. On the **Create a Bastion** page, configure the settings for your bastion host. Project details are populated from your virtual network values. Configure the **Instance details** values. -- * **Name**: Type the name that you want to use for your bastion resource. -- * **Region**: The Azure public region in which the resource will be created. Choose the region in which your virtual network resides. -- * **Tier:** The tier is also known as the **SKU**. For this tutorial, select **Standard**. The Standard SKU lets you configure the instance count for host scaling and other features. For more information about features that require the Standard SKU, see [Configuration settings - SKU](configuration-settings.md#skus). -- * **Instance count:** This is the setting for **host scaling**. It's configured in scale unit increments. Use the slider or type a number to configure the instance count that you want. For this tutorial, you can select the instance count you'd prefer. For more information, see [Host scaling](configuration-settings.md#instance) and [Pricing](https://azure.microsoft.com/pricing/details/azure-bastion). -- :::image type="content" source="./media/tutorial-create-host-portal/instance-values.png" alt-text="Screenshot of Bastion page instance values." lightbox="./media/tutorial-create-host-portal/instance-values.png"::: --1. Configure the **virtual networks** settings. Select your VNet from the dropdown. If you don't see your VNet in the dropdown list, make sure you selected the correct Region in the previous settings on this page. --1. To configure the AzureBastionSubnet, select **Manage subnet configuration**. -- :::image type="content" source="./media/tutorial-create-host-portal/select-vnet.png" alt-text="Screenshot of configure virtual networks section." lightbox="./media/tutorial-create-host-portal/select-vnet.png"::: --1. On the **Subnets** page, select **+Subnet** to open the **Add subnet** page. --1. On the **Add subnet page**, create the 'AzureBastionSubnet' subnet using the following values. Leave the other values as default. -- * The subnet name must be **AzureBastionSubnet**. - * The subnet must be at least **/26 or larger** (/26, /25, /24 etc.) to accommodate features available with the Standard SKU. -- Select **Save** at the bottom of the page to save your values. --1. At the top of the **Subnets** page, select **Create a Bastion** to return to the Bastion configuration page. -- :::image type="content" source="./media/tutorial-create-host-portal/create-page.png" alt-text="Screenshot of Create a Bastion."lightbox="./media/tutorial-create-host-portal/create-page.png"::: --1. The **Public IP address** section is where you configure the public IP address of the Bastion host resource on which RDP/SSH will be accessed (over port 443). The public IP address must be in the same region as the Bastion resource you're creating. Create a new IP address. You can leave the default naming suggestion. --1. When you finish specifying the settings, select **Review + Create**. This validates the values. --1. Once validation passes, you can deploy Bastion. Select **Create**. You'll see a message letting you know that your deployment is in process. Status displays on this page as the resources are created. It takes about 10 minutes for the Bastion resource to be created and deployed. --## Enable Azure DDoS protection --This section helps you create an Azure DDoS protection and enable the service on the virtual network. --1. In the search box in the portal, enter **DDoS protection**. Select **DDoS protection plans** in the search results. --2. Select **+ Create**. --3. In the **Basics** tab of **Create a DDoS protection plan**, enter or select the following information: -- | Setting | Value | - | - | -- | - | **Project details** | | - | Subscription | Select your subscription. | - | Resource group | Select your resource group. | - | Name | Enter a name for the DDoS protection plan. | - | Region | Select the region. | --4. Select **Review + create**. --5. Select **Create**. --6. In the search box in the portal, enter **Virtual network**. Select **Virtual networks** in the search results. --7. Select your virtual network. --8. In **Settings**, select **DDoS protection**. --9. Select **Enable**. --10. Select the pull-down box in **DDoS protection plan**. Select the protection plan you created in the previous steps. --11. Select **Save**. --## <a name="connect"></a>Connect to a VM --You can use any of the following detailed articles to connect to a VM. Some connection types require the Bastion [Standard SKU](configuration-settings.md#skus). ---You can also use the basic [Connection steps](#steps) in the section below to connect to your VM. --### <a name="steps"></a>Connection steps ---### <a name="audio"></a>To enable audio output ---## <a name="ip"></a>Remove VM public IP address ---## Clean up resources --If you're not going to continue to use this application, delete -your resources using the following steps: --1. Enter the name of your resource group in the **Search** box at the top of the portal. When you see your resource group in the search results, select it. -1. Select **Delete resource group**. -1. Enter the name of your resource group for **TYPE THE RESOURCE GROUP NAME:** and select **Delete**. --## Next steps --In this tutorial, you deployed Bastion to a virtual network and connected to a VM. You then removed the public IP address from the VM. Next, learn about and configure additional Bastion features. --> [!div class="nextstepaction"] -> [Bastion features and configuration settings](configuration-settings.md) --> [!div class="nextstepaction"] -> [Bastion - VM connections and features](vm-about.md) |
batch | Create Pool Extensions | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/batch/create-pool-extensions.md | Request Body "deploymentConfiguration": { "virtualMachineConfiguration": { "imageReference": {- "publisher": "almalinux", - "offer": "almalinux", - "sku": "9-gen1", + "publisher": "microsoftcblmariner", + "offer": "cbl-mariner", + "sku": "cbl-mariner-2", "version": "latest" },- "nodeAgentSkuId": "batch.node.el 9", + "nodeAgentSkuId": "batch.node.mariner 2.0", "extensions": [ { "name": "secretext", |
communication-services | Service Limits | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communication-services/concepts/service-limits.md | Beginning in CY24 Q1, customers must choose between indefinite message retention ### PSTN Call limitations -| **Name** | Limit | -|--|--| -|Number of outbound concurrent calls | 2 +| **Name** | **Scope** | Limit | +|--|--|--| +|Default number of outbound concurrent calls |per Number | 2 ### Call maximum limitations |
communications-gateway | Connectivity | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communications-gateway/connectivity.md | + + Title: Connecting to Azure Communications Gateway +description: Learn about connecting Azure Communications Gateway to your networks and the IP addresses and domain names you need to know. ++++ Last updated : 11/20/2023++#CustomerIntent: As someone planning a deployment, I want to learn about my options for connectivity, so that I can start deploying +++# Connectivity for Azure Communications Gateway ++Each Azure region in your deployment connects to your core network. You need to choose the type of connection (for example, MAPS Voice or Express Route) and route traffic between your network and Azure Communications Gateway with specific IP addresses and domain names. ++This article describes: ++- The types of connection you can use. +- The IP addresses and domain names you need to know about. +- Your options for choosing domain names for Azure Communications Gateway. ++## Connecting to your network ++Azure Communications Gateway supports multiple types of connection to your network. +- We strongly recommend using Microsoft Azure Peering Service Voice (also called MAPS Voice or MAPSV). +- If you can't use MAPS Voice, we recommend ExpressRoute Microsoft Peering. ++The following table lists all the available connection types and whether they're supported for each communications service. The connection types are in the order that we recommend (with recommended services first). ++|Connection type | Operator Connect / Teams Phone Mobile | Microsoft Teams Direct Routing | Zoom Phone Cloud Peering | Notes | +|||||| +| MAPS Voice |✅ |✅|✅|- Best media quality because of prioritization with Microsoft network<br>- No extra costs<br>- See [Azure Internet peering for Communications Services walkthrough](../internet-peering/walkthrough-communications-services-partner.md)| +|ExpressRoute Microsoft Peering |✅|✅|✅|- Easy to deploy<br>- Extra cost<br>- Consult with your onboarding team and ensure that it's available in your region<br>- See [Using ExpressRoute for Microsoft PSTN services](/azure/expressroute/using-expressroute-for-microsoft-pstn)| +|Public internet |❌|✅|✅|- No extra setup<br>- Not recommended for production| ++Set up your network as in the following diagram and configure it in accordance with any network connectivity specifications for your chosen communications services. Your network must have two sites with cross-connect functionality. For more information on the reliability design for Azure Communications Gateway, see [Reliability in Azure Communications Gateway](reliability-communications-gateway.md). +++## IP addresses and domain names ++Azure Communications Gateway (ACG) deployments require multiple IP addresses and fully qualified domain names (FQDNs). The following diagram and table describe the IP addresses and FQDNs that you might need to know about. +++|IP address or range on diagram | Description | Notes | +|||| +| 1 | IP address range in operator site A for sending signaling traffic to ACG | Specify this information when you deploy ACG. | +| 2 | IP address range or FQDN in site A for receiving signaling traffic from ACG | Specify this information when you deploy ACG. | +| 3 | IP addresses or address ranges in operator site A for sending and receiving media traffic | Specify this information when you deploy ACG. | +| 4 | IP address range in operator site B for sending signaling traffic to Azure Communications Gateway | Specify this information when you deploy ACG. | +| 5 | IP address range or FQDN in operator site A for receiving signaling traffic from ACG | Specify this information when you deploy ACG. | +| 6 | IP addresses or address ranges in operator site B for sending and receiving media traffic | Specify this information when you deploy ACG. | +| 7 | ACG region 1 FQDN for receiving signaling traffic from operator network | Get the FQDN from the **Hostname** field for region 1 in the Azure portal. Configure your network to route calls to this FQDN. | +| 8 | ACG region 1 IP addresses or address ranges for sending signaling traffic to your network | Ask your onboarding team for the values. Configure them in your network's access control lists (ACLs). | +| 9 | ACG region 1 IP addresses or address ranges for media traffic between operator network and ACG | Ask your onboarding team for the values. Configure them in your network's access control lists (ACLs). | +| 10 | ACG region 2 FQDN for receiving signaling traffic from operator network | Get the FQDN from the **Hostname** field for region 2 in the Azure portal. Configure your network to route calls to this FQDN. | +| 11 | ACG region 2 IP addresses or address ranges for sending signaling traffic to your network | Ask your onboarding team for the values. Configure them in your network's access control lists (ACLs). | +| 12 | ACG region 2 IP addresses or address ranges for media traffic between operator network and ACG | Ask your onboarding team for the values. Configure them in your network's access control lists (ACLs). | +| 13 | ACG base domain providing the Provisioning API | Get the FQDN from the **Overview** field in the Azure portal. | +| 14 | ACG region 1 IP addresses or address ranges for sending signaling traffic to communications services | - For Zoom Phone Cloud Peering, ask your onboarding team for this information and provide it to Zoom.<br>- Microsoft manages this information for other communications services. | +| 15 | ACG region 1 FQDN or IP addresses for receiving signaling traffic from communications services | - For Zoom Phone Cloud Peering, ask your onboarding team for this information and provide it to Zoom.<br>- Microsoft manages this information for other communications services. | +| 16 | ACG region 1 IP addresses or address ranges for media traffic between communications service and ACG | - For Zoom Phone Cloud Peering, ask your onboarding team for this information and provide it to Zoom.<br>- Microsoft manages this information for other communications services. | +| 17 | ACG region 2 IP addresses or address ranges for sending signaling traffic to communications services | - For Zoom Phone Cloud Peering, ask your onboarding team for this information and provide it to Zoom.<br>- Microsoft manages this information for other communications services. | +| 18 | ACG region 2 FQDN or IP addresses for receiving signaling traffic from communications services | - For Zoom Phone Cloud Peering, ask your onboarding team for this information and provide it to Zoom.<br>- Microsoft manages this information for other communications services. | +| 19 | ACG region 2 IP addresses or address ranges for media traffic between communications service and ACG | - For Zoom Phone Cloud Peering, ask your onboarding team for this information and provide it to Zoom.<br>- Microsoft manages this information for other communications services. | +| 20 | IP addresses or FQDNs used by communications services to receive signaling traffic | You don't need to manage this information. | +| 21 | IP addresses or FQDNs used by communications services to send signaling traffic | You don't need to manage this information. | +| 22 | IP addresses used by communications services to send and receive media traffic | You don't need to manage this information. | ++> [!TIP] +> This diagram shows three sets of IP addresses for the communications service for simplicity. The details might vary for each communications service, but you won't need to manage the details because we manage the connection from Azure Communications Gateway to communications services. ++Each site in your network must send traffic to its local Azure Communications Gateway service region by default, and fail over to the other region if the local region is unavailable. For example, site A must route traffic to region 1, and, if it detects that region 1 is unavailable, reroute traffic to region 2. For more information on the call routing requirements, see [Call routing requirements](reliability-communications-gateway.md#call-routing-requirements). ++## Autogenerated domain names and domain delegation ++Azure Communications Gateway provides multiple FQDNs: ++* A _base domain_ for your deployment. This domain provides the Provisioning API. It's item 13 in [IP addresses and domain names](#ip-addresses-and-domain-names). +* _Per-region domain names_ that resolve to the signaling IP addresses to which your network should route signaling traffic. These domain names are subdomains of the base domain. They're items 7 and 10 in [IP addresses and domain names](#ip-addresses-and-domain-names). ++You must decide whether you want these FQDNs to be `*.commsgw.azure.com` domain names or subdomains of a domain you already own, using [domain delegation with Azure DNS](../dns/dns-domain-delegation.md). ++Domain delegation provides topology hiding and might increase customer trust, but requires giving us full control over the subdomain that you delegate. For Microsoft Teams Direct Routing, choose domain delegation if you don't want customers to see an `*.commsgw.azure.com` in their Microsoft 365 admin centers. ++## Related content ++- Learn how to [route calls to Azure Communications Gateway](reliability-communications-gateway.md#call-routing-requirements). +- Learn more about [planning an Azure Communications Gateway deployment](get-started.md) |
communications-gateway | Deploy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communications-gateway/deploy.md | When your resource has been provisioned, you can connect Azure Communications Ga </ApplicationServer> </InitialFilterCriteria> ```-1. Configure your routers and peering connection to ensure all traffic to Azure Communications Gateway is through Azure Internet Peering for Communications Services (also known as MAPS for Voice) or ExpressRoute Microsoft Peering. +1. Configure your routers and peering connection to ensure all traffic to Azure Communications Gateway is through Azure Internet Peering for Communications Services (also known as Microsoft Azure Peering Service for Voice and MAPS Voice) or ExpressRoute Microsoft Peering. 1. Enable Bidirectional Forwarding Detection (BFD) on your on-premises edge routers to speed up link failure detection. - The interval must be 150 ms (or 300 ms if you can't use 150 ms).- - With MAPS, BFD must bring up the BGP peer for each Private Network Interface (PNI). + - With MAPS Voice, BFD must bring up the BGP peer for each Private Network Interface (PNI). 1. Meet any other requirements for your communications platform (for example, the *Network Connectivity Specification* for Operator Connect or Teams Phone Mobile). If you need access to Operator Connect or Teams Phone Mobile specifications, contact your onboarding team. ## Configure domain delegation with Azure DNS |
communications-gateway | Get Started | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communications-gateway/get-started.md | This article summarizes the steps and documentation that you need. > [!IMPORTANT] > You must fully understand the onboarding process for your chosen communications service and any dependencies introduced by the onboarding process. For advice, ask your onboarding team. >-> Some steps in the deployment and integration process can require days or weeks to complete. For example, you might need to arrange Microsoft Azure Peering Service (MAPS) connectivity before you can deploy, wait for onboarding, or wait for a specific date to launch your service. We recommend that you read through any documentation from your onboarding team and the procedures in [Deploy Azure Communications Gateway](#deploy-azure-communications-gateway) and [Integrate with your chosen communications services](#integrate-with-your-chosen-communications-services) before you start deploying. +> Some steps in the deployment and integration process can require days or weeks to complete. For example, you might need to arrange Microsoft Azure Peering Service for Voice (MAPS Voice) connectivity before you can deploy, wait for onboarding, or wait for a specific date to launch your service. We recommend that you read through any documentation from your onboarding team and the procedures in [Deploy Azure Communications Gateway](#deploy-azure-communications-gateway) and [Integrate with your chosen communications services](#integrate-with-your-chosen-communications-services) before you start deploying. ## Learn about and plan for Azure Communications Gateway Read the following articles to learn about Azure Communications Gateway. - [Your network and Azure Communications Gateway](role-in-network.md), to learn how Azure Communications Gateway fits into your network. - [Onboarding with Included Benefits for Azure Communications Gateway](onboarding.md), to learn about onboarding to Operator Connect or Teams Phone Mobile and the support we can provide.-- [Reliability in Azure Communications Gateway](reliability-communications-gateway.md), to create a network design that includes Azure Communications Gateway.+- [Connectivity for Azure Communications Gateway](connectivity.md) and [Reliability in Azure Communications Gateway](reliability-communications-gateway.md), to create a network design that includes Azure Communications Gateway. - [Overview of security for Azure Communications Gateway](security.md), to learn about how Azure Communications Gateway keeps customer data and your network secure. - [Plan and manage costs for Azure Communications Gateway](plan-and-manage-costs.md), to learn about costs for Azure Communications Gateway. - [Azure Communications Gateway limits, quotas and restrictions](limits.md), to learn about the limits and quotas associated with the Azure Communications Gateway |
communications-gateway | Plan And Manage Costs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communications-gateway/plan-and-manage-costs.md | If your Azure subscription has a spending limit, Azure prevents you from spendin You must pay for Azure networking costs, because these costs aren't included in the Azure Communications Gateway meters. -- If you're connecting to the public internet with Microsoft Azure Peering Service (MAPS), you might need to pay a third party for the cross-connect at the exchange location.+- If you're connecting to the public internet with Microsoft Azure Peering Service for Voice (MAPS Voice), you might need to pay a third party for the cross-connect at the exchange location. - If you're connecting to the public internet with ExpressRoute Microsoft Peering, you must purchase ExpressRoute circuits with a specified bandwidth and data billing model. - If you're connecting into Azure as a next hop, you might need to pay virtual network peering costs. |
communications-gateway | Prepare To Deploy | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communications-gateway/prepare-to-deploy.md | The following sections describe the information you need to collect and the deci ## Arrange onboarding -You need an Microsoft onboarding team to deploy Azure Communications Gateway. Azure Communications Gateway includes an onboarding program called [Included Benefits](onboarding.md). If you're not eligible for Included Benefits or you require more support, discuss your requirements with your Microsoft sales representative. +You need a Microsoft onboarding team to deploy Azure Communications Gateway. Azure Communications Gateway includes an onboarding program called [Included Benefits](onboarding.md). If you're not eligible for Included Benefits or you require more support, discuss your requirements with your Microsoft sales representative. The Operator Connect and Teams Phone Mobile programs also require an onboarding partner who manages the necessary changes to the Operator Connect or Teams Phone Mobile environments and coordinates with Microsoft Teams on your behalf. The Azure Communications Gateway Included Benefits project team fulfills this role, but you can choose a different onboarding partner to coordinate with Microsoft Teams on your behalf. Wait for confirmation that Azure Communications Gateway is enabled before moving ## Create a network design -Connectivity between your networks and Azure Communications Gateway must meet any relevant network connectivity specifications. +Decide how Azure Communications Gateway should connect to your network. You must choose: --If you want to use ExpressRoute Microsoft Peering, consult with your onboarding team and ensure that it's available in your region. --Ensure your network is set up as shown in the following diagram and has been configured in accordance with any network connectivity specifications that you've been issued for your chosen communications services. You must have two Azure Regions with cross-connect functionality. For more information on the reliability design for Azure Communications Gateway, see [Reliability in Azure Communications Gateway](reliability-communications-gateway.md). ---You must decide whether you want Azure Communications Gateway to have an autogenerated `*.commsgw.azure.com` domain name or a subdomain of a domain you already own, using [domain delegation with Azure DNS](../dns/dns-domain-delegation.md). Domain delegation provides topology hiding and might increase customer trust, but requires giving us full control over the subdomain that you delegate. For Microsoft Teams Direct Routing, choose domain delegation if you don't want customers to see an `*.commsgw.azure.com` in their Microsoft 365 admin centers. +- The type of connection you want to use (for example, MAPS Voice (recommended) or ExpressRoute). +- The form of domain names Azure Communications Gateway uses towards your network: an autogenerated `*.commsgw.azure.com` domain name or a subdomain of a domain you already own (using [domain delegation with Azure DNS](../dns/dns-domain-delegation.md)). + +For more information about your options, see [Connectivity for Azure Communications Gateway](connectivity.md). For Teams Phone Mobile, you must decide how your network should determine whether a call involves a Teams Phone Mobile subscriber and therefore route the call to Microsoft Phone System. You can: If you plan to route emergency calls through Azure Communications Gateway, read - [Operator Connect and Teams Phone Mobile](emergency-calls-operator-connect.md) - [Zoom Phone Cloud Peering](emergency-calls-zoom.md) -## Configure MAPS or ExpressRoute +## Configure MAPS Voice or ExpressRoute Connect your network to Azure: -- To configure MAPS, follow the instructions in [Azure Internet peering for Communications Services walkthrough](../internet-peering/walkthrough-communications-services-partner.md).+- To configure MAPS Voice, follow the instructions in [Azure Internet peering for Communications Services walkthrough](../internet-peering/walkthrough-communications-services-partner.md). - To configure ExpressRoute Microsoft Peering, follow the instructions in [Tutorial: Configure peering for ExpressRoute circuit](../../articles/expressroute/expressroute-howto-routing-portal-resource-manager.md). ## Next step |
communications-gateway | Reliability Communications Gateway | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communications-gateway/reliability-communications-gateway.md | The reliability design described in this document is implemented by Microsoft an ## Next steps +- Learn about [connecting Azure Communications Gateway to your network](connectivity.md) - Learn about [how Azure Communications Gateway keeps your network and data secure](security.md) - Learn more about [planning an Azure Communications Gateway deployment](get-started.md) |
communications-gateway | Role In Network | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communications-gateway/role-in-network.md | Azure Communications Gateway also offers metrics for monitoring your deployment. We expect your network to have two geographically redundant sites. You must provide networking connections between each site and: * The other site in your deployment, as cross-connects.-* The two Azure Regions in which you deploy Azure Communications Gateway. +* The Azure Regions in which you deploy Azure Communications Gateway. Connectivity between your networks and Azure Communications Gateway must meet any relevant network connectivity specifications. +- We strongly recommend using Microsoft Azure Peering Service Voice (also called MAPS Voice or MAPSV). +- If you can't use MAPS Voice, we recommend ExpressRoute Microsoft Peering. -The following diagram shows an operator network using MAPS or ExpressRoute (as recommended) to connect to Azure Communications Gateway. +The following diagram shows an operator network using MAPS Voice or ExpressRoute (as recommended) to connect to Azure Communications Gateway. -For more information on how to route calls between Azure Communications Gateway and your network, see [Call routing requirements](reliability-communications-gateway.md#call-routing-requirements). +For more information, see: ++- [Connectivity for Azure Communications Gateway](connectivity.md), including details of the IP connectivity. +- [Reliability in Azure Communications Gateway](reliability-communications-gateway.md), including application-level call routing requirements for failover. ## SIP signaling support |
communications-gateway | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/communications-gateway/whats-new.md | For more information about Direct Routing with Azure Communications Gateway, see ### ExpressRoute Microsoft Peering between Azure and operator networks -From September 2023, you can use ExpressRoute Microsoft Peering to connect operator networks to Azure Communications Gateway as an alternative to Peering Services Voice (also known as MAPS for voice). We recommend that most deployments use MAPS for voice unless there's a specific reason that ExpressRoute Microsoft Peering is preferable. For example, you might have existing ExpressRoute connectivity to your network that you can reuse. For details and examples of when ExpressRoute might be preferable to MAPS, see [Using ExpressRoute for Microsoft PSTN Services](../../articles/expressroute/using-expressroute-for-microsoft-pstn.md). +From September 2023, you can use ExpressRoute Microsoft Peering to connect operator networks to Azure Communications Gateway as an alternative to Microsoft Azure Peering Services Voice (also known as MAPS Voice). We recommend that most deployments use MAPS for voice unless there's a specific reason that ExpressRoute Microsoft Peering is preferable. For example, you might have existing ExpressRoute connectivity to your network that you can reuse. For details and examples of when ExpressRoute might be preferable to MAPS, see [Using ExpressRoute for Microsoft PSTN services](../../articles/expressroute/using-expressroute-for-microsoft-pstn.md). ## May 2023 |
data-manager-for-agri | Concepts Ingest Satellite Imagery | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/data-manager-for-agri/concepts-ingest-satellite-imagery.md | Using satellite data in Data Manager for Agriculture involves following steps: ## Consumption visibility and logging As all ingest data is under a BYOL model, transparency into the cost of a given job is needed. Our data manager offers built-in logging to provide transparency on PU consumption for calls to our upstream partner Sentinel Hub. The information appears under the ΓÇ£SatelliteLogsΓÇ¥ Category of the standard data manager Logging found [here](how-to-set-up-audit-logs.md). -## STAC Search for available imagery +## STAC search for available imagery Our data manager supports the industry standard [STAC](https://stacspec.org/en) search interface to find metadata on imagery in the sentinel collection prior to committing to downloading pixels. To do so, the search endpoint accepts a location in the form of a point, polygon or multipolygon plus a start and end date time. Alternatively, if you already have the unique "Item ID," it can be provided as an array, of up 5, to retrieve those specific items directly > [!IMPORTANT] Longitude = \frac{10 m}{\frac{111320}{cos(lat)}} $$ $$-\ Where\: lat = The\: centroid's\: latitude\: from\: the\: provided\: geometry +\ Where\ lat = The\ centroid's\ latitude\ from\ the\ provided\ geometry $$ ## Caching |
defender-for-cloud | Alert Validation | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/alert-validation.md | After the Microsoft Defender for Endpoint agent is installed on your machine, as :::image type="content" source="media/alert-validation/powershell-no-exit.png" alt-text="Screenshot showing PowerShell message line." lightbox="media/alert-validation/powershell-no-exit.png"::: -Alternately, you can also use the [EICAR](https://www.eicar.org/download/eicar.com.txt) test string to perform this test: Create a text file, paste the EICAR line, and save the file as an executable file to your machine's local drive. +Alternately, you can also use the [EICAR](https://www.eicar.org/download-anti-malware-testfile/) test string to perform this test: Create a text file, paste the EICAR line, and save the file as an executable file to your machine's local drive. > [!NOTE] > When reviewing test alerts for Windows, make sure that you have Defender for Endpoint running with Real-Time protection enabled. Learn how to [validate this configuration](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus). Alternately, you can also use the [EICAR](https://www.eicar.org/download/eicar.c After the Microsoft Defender for Endpoint agent is installed on your machine, as part of Defender for Servers integration, follow these steps from the machine where you want to be the attacked resource of the alert: 1. Open a Terminal window, copy and run the following command:-[`curl -o ~/Downloads/eicar.com.txt`](https://www.eicar.org/download/eicar.com.txt). +`curl -o ~/Downloads/eicar.com.txt` + 1. The Command Prompt window closes automatically. If successful, a new alert should appear in Defender for Cloud Alerts blade in 10 minutes. > [!NOTE] |
defender-for-cloud | Defender For Storage Infrastructure As Code Enablement | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/defender-for-storage-infrastructure-as-code-enablement.md | If you want to turn off the on-upload malware scanning or sensitive data threat To disable the entire Defender for Storage plan for the storage account, you can use the following code snippet: + ``` resource "azurerm_storage_account" "example" { ... } resource "azapi_resource_action" "disable_defender_for_Storage" { body = jsonencode({ properties = {- isEnabled = true + isEnabled = false overrideSubscriptionLevelSettings = false } }) |
defender-for-cloud | Plan Defender For Servers Select Plan | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/plan-defender-for-servers-select-plan.md | description: Select a Microsoft Defender for Servers plan in Microsoft Defender Previously updated : 11/06/2022 Last updated : 11/20/2023 # Select a Defender for Servers plan You can choose from two paid plans: | Feature | Details | Plan 1 | Plan 2 | |:|:|::|::|-| **Defender for Endpoint integration** | Defender for Servers integrates with Defender for Endpoint and protects servers with all the features, including:<br/><br/>- [Attack surface reduction](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction) to lower the risk of attack.<br/><br/> - [Next-generation protection](/microsoft-365/security/defender-endpoint/next-generation-protection), including real-time scanning and protection and [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/next-generation-protection).<br/><br/> - EDR, including [threat analytics](/microsoft-365/security/defender-endpoint/threat-analytics), [automated investigation and response](/microsoft-365/security/defender-endpoint/automated-investigations), [advanced hunting](/microsoft-365/security/defender-endpoint/advanced-hunting-overview), and [Microsoft Defender Experts](/microsoft-365/security/defender-endpoint/endpoint-attack-notifications).<br/><br/> - Vulnerability assessment and mitigation provided by [Microsoft Defender Vulnerability Management (MDVM)](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities) as part of the Defender for Endpoint integration. With Plan 2, you can get premium MDVM features, provided by the [MDVM add-on](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities#vulnerability-managment-capabilities-for-servers).| :::image type="icon" source="./media/icons/yes-icon.png" ::: | :::image type="icon" source="./media/icons/yes-icon.png"::: | +| **Defender for Endpoint integration** | Defender for Servers integrates with Defender for Endpoint and protects servers with all the features, including:<br/><br/>- [Attack surface reduction](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction) to lower the risk of attack.<br/><br/> - [Next-generation protection](/microsoft-365/security/defender-endpoint/next-generation-protection), including real-time scanning and protection and [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/next-generation-protection).<br/><br/> - EDR, including [threat analytics](/microsoft-365/security/defender-endpoint/threat-analytics), [automated investigation and response](/microsoft-365/security/defender-endpoint/automated-investigations), [advanced hunting](/microsoft-365/security/defender-endpoint/advanced-hunting-overview), and [Endpoint Attack Notifications](/microsoft-365/security/defender-endpoint/endpoint-attack-notifications).<br/><br/> - Vulnerability assessment and mitigation provided by [Microsoft Defender Vulnerability Management (MDVM)](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities) as part of the Defender for Endpoint integration. With Plan 2, you can get premium MDVM features, provided by the [MDVM add-on](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities#vulnerability-managment-capabilities-for-servers).| :::image type="icon" source="./media/icons/yes-icon.png" ::: | :::image type="icon" source="./media/icons/yes-icon.png"::: | | **Licensing** | Defender for Servers covers licensing for Defender for Endpoint. Licensing is charged per hour instead of per seat, lowering costs by protecting virtual machines only when they're in use.| :::image type="icon" source="./media/icons/yes-icon.png"::: | :::image type="icon" source="./media/icons/yes-icon.png"::: | | **Defender for Endpoint provisioning** | Defender for Servers automatically provisions the Defender for Endpoint sensor on every supported machine that's connected to Defender for Cloud.| :::image type="icon" source="./media/icons/yes-icon.png"::: | :::image type="icon" source="./media/icons/yes-icon.png"::: | | **Unified view** | Alerts from Defender for Endpoint appear in the Defender for Cloud portal. You can get detailed information in the Defender for Endpoint portal.| :::image type="icon" source="./media/icons/yes-icon.png"::: | :::image type="icon" source="./media/icons/yes-icon.png"::: | |
defender-for-cloud | Release Notes | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/defender-for-cloud/release-notes.md | Title: Release notes description: This page is updated frequently with the latest updates in Defender for Cloud. Previously updated : 11/14/2023 Last updated : 11/20/2023 # What's new in Microsoft Defender for Cloud? If you're looking for items older than six months, you can find them in the [Arc | Date | Update | |--|--|+| November 20|GA release: New autoprovisioning process for SQL Servers on machines plan| | November 15 | [Defender for Cloud is now integrated with Microsoft 365 Defender](#defender-for-cloud-is-now-integrated-with-microsoft-365-defender) | | November 15 | [General availability of Containers Vulnerability Assessment powered by Microsoft Defender Vulnerability Management (MDVM) in Defender for Containers and Defender for Container Registries](#general-availability-of-containers-vulnerability-assessment-powered-by-microsoft-defender-vulnerability-management-mdvm-in-defender-for-containers-and-defender-for-container-registries) | | November 15 | [Change to Container Vulnerability Assessments recommendation names](#change-to-container-vulnerability-assessments-recommendation-names) | If you're looking for items older than six months, you can find them in the [Arc | November 15 | [General Availability release of sensitive data discovery for databases](#general-availability-release-of-sensitive-data-discovery-for-databases) | | November 6 | [New version of the recommendation to find missing system updates is now GA](#new-version-of-the-recommendation-to-find-missing-system-updates-is-now-ga) | +### GA release: New autoprovisioning process for SQL Servers on machines plan ++November 20, 2023 ++In preparation for the Microsoft Monitoring Agent (MMA) deprecation in August 2024, Defender for Cloud released a SQL Server-targeted Azure Monitoring Agent (AMA) autoprovisioning process. The new process is automatically enabled and configured for all new customers, and also provides the ability for resource level enablement for Azure SQL VMs and Arc-enabled SQL Servers. ++Customers using the MMA autoprovisioning process are requested to [migrate to the new Azure Monitoring Agent for SQL server on machines autoprovisioning process](/azure/defender-for-cloud/defender-for-sql-autoprovisioning). The migration process is seamless and provides continuous protection for all machines. + ### Defender for Cloud is now integrated with Microsoft 365 Defender November 15, 2023 We're releasing enhancements to the attack path analysis capabilities in Defende - **Cross-cloud attack paths** ΓÇô detection of attack paths that are cross-clouds (paths that start in one cloud and end in another). - **MITRE** ΓÇô Mapping all attack paths to the MITRE framework. - **Refreshed user experience** ΓÇô refreshed experience with stronger capabilities: advanced filters, search, and grouping of attack paths to allow easier triage.- - **Export capabilities** ΓÇô export capabilities of attack paths to CSV, LA workspace and Event Hubs. - - **Email notifications** ΓÇô you can receive email notifications of new attack paths. Learn [how to identify and remediate attack paths](how-to-manage-attack-path.md). Agentless discovery for Kubernetes is now available to all Defender For Containe > [!NOTE] > Enabling the latest additions won't incur new costs to active Defender for Containers customers.- For more information, see [Overview of Container security Microsoft Defender for Containers](defender-for-containers-introduction.md). ### Recommendation release: Microsoft Defender for Storage should be enabled with malware scanning and sensitive data threat detection |
event-grid | Namespace Handler Event Hubs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/event-grid/namespace-handler-event-hubs.md | -# Azure Event hubs as a handler destination in subscriptions to Azure Event Grid namespace topics +# Azure Event hubs as a handler destination in subscriptions to Azure Event Grid namespace topics (Preview) An event handler is the place where the event is sent. The handler takes an action to process the event. Currently, **Azure Event Hubs** is the only handler supported as a destination for subscriptions to namespace topics. Use **Event Hubs** when your solution gets events from Event Grid faster than it can process the events. Once the events are in an event hub, your application can process events from the event hub at its own schedule. You can scale your event processing to handle the incoming events. + ## Message headers Here are the properties you receive in the header of an event or message sent to Event Hubs: |
event-grid | Namespace Push Delivery Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/event-grid/namespace-push-delivery-overview.md | -# Azure Event Grid namespaces - Push delivery +# Azure Event Grid namespaces - Push delivery (Preview) This article builds on [push delivery with HTTP for Event Grid basic](push-delivery-overview.md) and provides essential information before you start using push delivery on Event Grid namespaces over HTTP protocol. This article is suitable for users who need to build applications to react to discrete events using Event Grid namespaces. If you're interested to know more about the difference between the Event Grid basic tier and the standard tier with namespaces, see [choose the right Event Grid tier for your solution](choose-right-tier.md). |
governance | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/governance/resource-graph/overview.md | to, the response is a _403_ (Forbidden). As a free service, queries to Resource Graph are throttled to provide the best experience and response time for all customers. If your organization wants to use the Resource Graph API for large-scale and frequent queries, use portal **Feedback** from the-[Resource Graph portal page](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyMenuBlade/ResourceGraph). +[Resource Graph portal page](https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade). Provide your business case and select the **Microsoft can email you about your feedback** checkbox in order for the team to contact you. |
hdinsight-aks | Subscribe To Release Notes Repo | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/hdinsight-aks/subscribe-to-release-notes-repo.md | + + Title: Subscribe to GitHub release notes repo +description: Learn how to subscribe to HDInsight on AKS GitHub release notes repo ++ Last updated : 11/20/2023+++# Subscribe to HDInsight on AKS release notes GitHub repo ++Learn how to subscribe to HDInsight on AKS release notes GitHub repo to get email notifications. ++## Prerequisites ++* You should have a valid GitHub account to subscribe to this HDInsight on AKS Release Notes notification. For more information on GitHub, [see here](https://github.com). ++## Steps to subscribe to HDInsight on AKS release notes GitHub repo ++1. Go to [HDInsight on AKS GitHub repository](https://github.com/Azure/HDInsight-on-aks). +1. Click **watch** and then **Custom** +1. Select **Releases** and click **Apply** ++ :::image type="content" source="./media/subscribe-to-release-notes-repo/github-subscription.png" alt-text="Screenshot showing how to subscribe to GitHub repo."::: ++ :::image type="content" source="./media/subscribe-to-release-notes-repo/subscribe-to-github-repo.png" alt-text="Screenshot showing how to select release option."::: ++Whenever a new Release Note is published, a notification will be sent to the subscribed e-mail ID. + |
hdinsight | Hdinsight Known Issues | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/hdinsight/hdinsight-known-issues.md | Title: Azure HDInsight known issues -description: Track known issues and the ETA for the fix in Azure HDInsight +description: Track known issues for Azure HDInsight, along with troubleshooting steps, actions, and frequently asked questions. Last updated 10/13/2023 Last updated 10/13/2023 # Azure HDInsight known issues -This page lists known issues for the Azure HDInsight service. Before submitting a Support request, review this list to see if the issue that you're experiencing is already known and being addressed. +This article lists known issues for the Azure HDInsight service. Before you submit a support request, review this list to see if Microsoft is already aware of the issue that you're experiencing and is addressing it. -For service level outages or degradation notifications, check the [Azure service health status](https://azure.status.microsoft/status) page. +For service-level outages or degradation notifications, check the [Azure Service Health status](https://azure.status.microsoft/status) page. ++## Summary of known issues Azure HDInsight has the following known issues: -| HDInsight component | Issue description | +| HDInsight component | Issue description | ||-|-| Kafka | [Kafka 2.4.1 has validation error in ARM templates](#kafka-241-has-validation-error-in-arm-templates) | -| Spark | [Conda version regression in recent HDInsight release](#conda-version-regression-in-recent-hdinsight-release)| -| Platform | [Cluster reliability issue](#cluster-reliability-issue) observed with Azure HDInsight clusters using images older than March 2022| +| Kafka | [Kafka 2.4.1 validation error in ARM templates](#kafka-241-validation-error-in-arm-templates) | +| Spark | [Conda version regression in a recent HDInsight release](#conda-version-regression-in-a-recent-hdinsight-release)| +| Platform | [Cluster reliability issue with older images in HDInsight clusters](#cluster-reliability-issue-with-older-images-in-hdinsight-clusters)| -## Known issues summary +### Kafka 2.4.1 validation error in ARM templates -### Kafka 2.4.1 has validation error in ARM templates -**Issue published date**: October, 13 2023 +**Issue published date**: October 13, 2023 -When submitting cluster creation requests using ARM templates, Runbooks, PowerShell, Azure CLI, and other automation tools, you might receive a BadRequest error message if you specify clusterType="Kafka", HDI version = "5.0" and Kafka version = "2.4.1". +When you're submitting cluster creation requests by using Azure Resource Manager templates (ARM templates), runbooks, PowerShell, the Azure CLI, and other automation tools, you might receive a "BadRequest" error message if you specify `clusterType = "Kafka"`, `HDI version = "5.0"`, and `Kafka version = "2.4.1"`. #### Troubleshooting steps -When using [templates or automation tools](/azure/hdinsight/hdinsight-hadoop-provision-linux-clusters#cluster-setup-methods) to create HDInsight Kafka clusters, choose componentVersion = "2.4". This enables you to successfully create a Kafka 2.4.1 cluster in HDInsight 5.0. +When you're using [templates or automation tools](/azure/hdinsight/hdinsight-hadoop-provision-linux-clusters#cluster-setup-methods) to create HDInsight Kafka clusters, choose `componentVersion = "2.4"`. This value enables you to successfully create a Kafka 2.4.1 cluster in HDInsight 5.0. #### Resources -- [Create HDInsight clusters using automation](/azure/hdinsight/hdinsight-hadoop-provision-linux-clusters#cluster-setup-methods)+- [Create HDInsight clusters by using automation](/azure/hdinsight/hdinsight-hadoop-provision-linux-clusters#cluster-setup-methods) - [Supported HDInsight versions](/azure/hdinsight/hdinsight-component-versioning#supported-hdinsight-versions) - [HDInsight Kafka cluster](/azure/hdinsight/kafka/apache-kafka-introduction) -### Conda version regression in recent HDInsight release -**Issue published date**: October, 13 2023 +### Conda version regression in a recent HDInsight release -In the latest Azure HDInsight release, the conda version was mistakenly downgraded to version 4.2.9. This regression is fixed in an upcoming release, but currently it can impact Spark job execution and result in script action failures. Conda 4.3.30 is the expected version in 5.0 and 5.1 clusters, so follow the steps to mitigate the issue. +**Issue published date**: October 13, 2023 -<!--/issueDescription--> +In the latest Azure HDInsight release, the conda version was mistakenly downgraded to 4.2.9. This regression is fixed in an upcoming release, but currently it can affect Spark job execution and result in script action failures. Conda 4.3.30 is the expected version in 5.0 and 5.1 clusters, so follow the steps to mitigate the issue. -#### Recommended Steps +#### Recommended steps -1. SSH to any VM in the cluster. -2. Switch to the root user: `sudo su` -3. Check the conda version: `/usr/bin/anaconda/bin/conda info` +1. Use Secure Shell (SSH) to connect to any virtual machine (VM) in the cluster. +2. Switch to the root user: `sudo su`. +3. Check the conda version: `/usr/bin/anaconda/bin/conda info`. 4. If the version is 4.2.9, run the following [script action](/azure/hdinsight/hdinsight-hadoop-customize-cluster-linux#script-action-to-a-running-cluster) on all nodes to upgrade the cluster to conda version 4.3.30: `https://hdiconfigactions2.blob.core.windows.net/hdi-sre-workspace/conda_update_4_3_30_patch.sh` -#### Recommended Documents +#### Resources - [Script action to a running cluster](/azure/hdinsight/hdinsight-hadoop-customize-cluster-linux#script-action-to-a-running-cluster)-- [Safely manage Python environment on Azure HDInsight using Script Action](/azure/hdinsight/spark/apache-spark-python-package-installation)+- [Safely manage a Python environment on Azure HDInsight by using script actions](/azure/hdinsight/spark/apache-spark-python-package-installation) - [Supported HDInsight versions](/azure/hdinsight/hdinsight-component-versioning#supported-hdinsight-versions) -### Cluster reliability issue -**Issue published date**: October, 13 2023 +### Cluster reliability issue with older images in HDInsight clusters -As part of the proactive reliability management of Azure HDInsight, we recently came across a potential reliability issue on HDInsight clusters that use images dated February 2022 or older. +**Issue published date**: October 13, 2023 -#### Issue Background +As part of the proactive reliability management of Azure HDInsight, we recently found a potential reliability issue on HDInsight clusters that use images dated February 2022 or older. -In HDInsight images dated prior to March 2022, a known bug was discovered on one particular AzLinux build. The `waagent`, a lightweight process that manages virtual machines, was unstable and resulted in VM outages. HDInsight clusters that consumed the AzLinux build have experienced service outages, job failures, and adverse effects on features like IPSec and Autoscale. +#### Issue background -#### Required Action +In HDInsight images dated before March 2022, a known bug was discovered on one particular Azure Linux build. The Microsoft Azure Linux Agent (`waagent`), a lightweight process that manages virtual machines, was unstable and resulted in VM outages. HDInsight clusters that consumed the Azure Linux build have experienced service outages, job failures, and adverse effects on features like IPsec and autoscale. -If your cluster was created prior to February 2022, we advise rebuilding your cluster with the latest HDInsight image by November 10, 2023. Cluster images dated prior to March 2022 will not be supported beyond this date. These images will not receive security updates, bug fixes, or patches, leaving them highly susceptible to vulnerabilities. +#### Required action ++If your cluster was created before March 2022, we advise rebuilding your cluster with the latest HDInsight image. Support for cluster images dated before March 2022 ended on November 10, 2023. These images won't receive security updates, bug fixes, or patches, leaving them highly susceptible to vulnerabilities. > [!IMPORTANT] -> It’s recommended to keep your clusters updated to the latest HDInsight version on a regular basis. Using clusters based on the latest HDInsight image ensures that clusters have the latest operating system patches, security patches, bug fixes, library versions, and minimizes risk and potential security vulnerabilities. -> +> We recommend that you keep your clusters updated to the latest HDInsight version on a regular basis. Using clusters that are based on the latest HDInsight image ensures that they have the latest operating system patches, security patches, bug fixes, and library versions. This practice helps you minimize risk and potential security vulnerabilities. #### FAQ -##### What happens in the case of a VM outage in the HDInsight clusters that use these impacted HDInsight images? +##### What happens if there's a VM outage in HDInsight clusters that use these affected HDInsight images? -Recovery of such Virtual Machines is not straight-forward restarts and could result in several hours of outage with a mandatory manual intervention from the Microsoft support team. +You can't recover such virtual machines through straightforward restarts. The outage could last for several hours and require manual intervention from the Microsoft support team. -##### Is this issue rectified in latest HDInsight images? +##### Is this issue rectified in the latest HDInsight images? -Yes, we've fixed this issue on the HDInsight images dated March 1, 2022 or later. It is advised to move to the latest stable version to ensure SLA and service reliability. +Yes. We fixed this issue on HDInsight images dated on or after March 1, 2022. We advise that you move to the latest stable version to maintain the service-level agreement (SLA) and service reliability. -#### How do we determine the date of the HDInsight image our clusters are built on? +##### How do I determine the date of the HDInsight image that my clusters are built on? -The last 10 digits in your image version indicate the date and time of HDInsight image. For example, if your cluster image is “5.0.3000.1.2208310943” indicates that the date of your image is 31 August 2022. Learn how to [verify your HDInsight image version.](/azure/hdinsight/view-hindsight-cluster-image-version) +The last 10 digits in your HDInsight image version indicate the date and time of the image. For example, an image version of 5.0.3000.1.2208310943 indicates a date of August 31, 2022. [Learn how to verify your HDInsight image version](/azure/hdinsight/view-hindsight-cluster-image-version). #### Resources -- [Create HDInsight clusters using automation](/azure/hdinsight/hdinsight-hadoop-provision-linux-clusters#cluster-setup-methods)+- [Create HDInsight clusters by using automation](/azure/hdinsight/hdinsight-hadoop-provision-linux-clusters#cluster-setup-methods) - [Supported HDInsight versions](/azure/hdinsight/hdinsight-component-versioning#supported-hdinsight-versions) - [HDInsight Kafka cluster](/azure/hdinsight/kafka/apache-kafka-introduction) - [Verify your HDInsight image version](/azure/hdinsight/view-hindsight-cluster-image-version) - ## Recently closed known issues -Select the **Title** to view more information about that specific known issue. Fixed issues are removed after 60 days. +Select the title to view more information about that specific known issue. Fixed issues are removed after 60 days. -| Issue ID | Area |Title | Issues publish date| Status | +| Issue ID | Area |Title | Issue publish date| Status | |||-|-|-|-|NA|NA|NA|NA|NA| +|Not applicable|Not applicable|Not applicable|Not applicable|Not applicable| ## Next steps -* [Check Azure Service Health status](https://azure.status.microsoft/status) -* [HDInsight cluster management best practices](cluster-management-best-practices.md) -* [HDInsight 5.x component versions](hdinsight-5x-component-versioning.md) -* [Create Apache Hadoop clusters in HDInsight by using Resource Manager templates](hdinsight-hadoop-create-linux-clusters-arm-templates.md) +- [Check Azure Service Health status](https://azure.status.microsoft/status) +- [HDInsight cluster management best practices](cluster-management-best-practices.md) +- [HDInsight 5.x component versions](hdinsight-5x-component-versioning.md) +- [Create Apache Hadoop clusters in HDInsight by using Resource Manager templates](hdinsight-hadoop-create-linux-clusters-arm-templates.md) |
key-vault | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/key-vault/general/overview.md | Your applications can securely access the information they need by using URIs. T Access to a key vault requires proper authentication and authorization before a caller (user or application) can get access. Authentication establishes the identity of the caller, while authorization determines the operations that they're allowed to perform. -Authentication is done via Microsoft Entra ID. Authorization may be done via Azure role-based access control (Azure RBAC) or Key Vault access policy. Azure RBAC can be used for both management of the vaults and access data stored in a vault, while key vault access policy can only be used when attempting to access data stored in a vault. +Authentication is done via Microsoft Entra ID. Authorization may be done via Azure role-based access control (Azure RBAC) or Key Vault access policy. Azure RBAC can be used for both management of the vaults and to access data stored in a vault, while key vault access policy can only be used when attempting to access data stored in a vault. Azure Key Vaults may be either software-protected or, with the Azure Key Vault Premium tier, hardware-protected by hardware security modules (HSMs). Software-protected keys, secrets, and certificates are safeguarded by Azure, using industry-standard algorithms and key lengths. For situations where you require added assurance, you can import or generate keys in HSMs that never leave the HSM boundary. Azure Key Vault uses nCipher HSMs, which are Federal Information Processing Standards (FIPS) 140-2 Level 2 validated. You can use nCipher tools to move a key from your HSM to Azure Key Vault. |
machine-learning | How To Deploy Online Endpoints | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/how-to-deploy-online-endpoints.md | For supported general-purpose and GPU instance types, see [Managed online endpoi -### Use more than one model in a deployment +### Identify model path with respect to `AZUREML_MODEL_DIR` -Currently, you can specify only one model per deployment in the deployment definition when you use the Azure CLI, Python SDK, or any of the other client tools. +When deploying your model to Azure Machine Learning, you need to specify the location of the model you wish to deploy as part of your deployment configuration. In Azure Machine Learning, the path to your model is tracked with the `AZUREML_MODEL_DIR` environment variable. By identifying the model path with respect to `AZUREML_MODEL_DIR`, you can deploy one or more models that are stored locally on your machine or deploy a model that is registered in your Azure Machine Learning workspace. -To use more than one model in a deployment, register a model folder that contains all the models as files or subdirectories. In your scoring script, use the environment variable `AZUREML_MODEL_DIR` to get the path to the model root folder. The underlying directory structure will be retained. For an example of deploying multiple models to one deployment, see [Deploy multiple models to one deployment (CLI example)](https://github.com/Azure/azureml-examples/blob/main/cli/endpoints/online/custom-container/minimal/multimodel) and [Deploy multiple models to one deployment (SDK example)](https://github.com/Azure/azureml-examples/blob/main/sdk/python/endpoints/online/custom-container/online-endpoints-custom-container-multimodel.ipynb). +For illustration, we reference the following local folder structure for the first two cases where you deploy a single model or deploy multiple models that are stored locally: +++#### Use a single local model in a deployment ++To use a single model that you have on your local machine in a deployment, specify the `path` to the `model` in your deployment YAML. Here's an example of the deployment YAML with the path `/Downloads/multi-models-sample/models/model_1/v1/sample_m1.pkl`: ++```yml +$schema: https://azuremlschemas.azureedge.net/latest/managedOnlineDeployment.schema.json +name: blue +endpoint_name: my-endpoint +model: +ΓÇ» path: /Downloads/multi-models-sample/models/model_1/v1/sample_m1.pkl +code_configuration: +ΓÇ» code: ../../model-1/onlinescoring/ +ΓÇ» scoring_script: score.py +environment: +ΓÇ» conda_file: ../../model-1/environment/conda.yml +ΓÇ» image: mcr.microsoft.com/azureml/openmpi4.1.0-ubuntu20.04:latest +instance_type: Standard_DS3_v2 +instance_count: 1 +``` ++After you create your deployment, the environment variable `AZUREML_MODEL_DIR` will point to the storage location within Azure where your model is stored. For example, `/var/azureml-app/azureml-models/81b3c48bbf62360c7edbbe9b280b9025/1` will contain the model `sample_m1.pkl`. ++Within your scoring script (`score.py`), you can load your model (in this example, `sample_m1.pkl`) in the `init()` function: ++```python +def init(): + model_path = os.path.join(str(os.getenv("AZUREML_MODEL_DIR")), "sample_m1.pkl") + model = joblib.load(model_path) +``` ++#### Use multiple local models in a deployment ++Although the Azure CLI, Python SDK, and other client tools allow you to specify only one model per deployment in the deployment definition, you can still use multiple models in a deployment by registering a model folder that contains all the models as files or subdirectories. ++In the previous example folder structure, you notice that there are multiple models in the `models` folder. In your deployment YAML, you can specify the path to the `models` folder as follows: ++```yml +$schema: https://azuremlschemas.azureedge.net/latest/managedOnlineDeployment.schema.json +name: blue +endpoint_name: my-endpoint +model: +ΓÇ» path: /Downloads/multi-models-sample/models/ +code_configuration: +ΓÇ» code: ../../model-1/onlinescoring/ +ΓÇ» scoring_script: score.py +environment: +ΓÇ» conda_file: ../../model-1/environment/conda.yml +ΓÇ» image: mcr.microsoft.com/azureml/openmpi4.1.0-ubuntu20.04:latest +instance_type: Standard_DS3_v2 +instance_count: 1 +``` ++After you create your deployment, the environment variable `AZUREML_MODEL_DIR` will point to the storage location within Azure where your models are stored. For example, `/var/azureml-app/azureml-models/81b3c48bbf62360c7edbbe9b280b9025/1` will contain the models and the file structure. ++For this example, the contents of the `AZUREML_MODEL_DIR` folder will look like this: +++Within your scoring script (`score.py`), you can load your models in the `init()` function. The following code loads the `sample_m1.pkl` model: ++```python +def init(): + model_path = os.path.join(str(os.getenv("AZUREML_MODEL_DIR")), "models","model_1","v1", "sample_m1.pkl ") + model = joblib.load(model_path) +``` ++For an example of how to deploy multiple models to one deployment, see [Deploy multiple models to one deployment (CLI example)](https://github.com/Azure/azureml-examples/blob/main/cli/endpoints/online/custom-container/minimal/multimodel) and [Deploy multiple models to one deployment (SDK example)](https://github.com/Azure/azureml-examples/blob/main/sdk/python/endpoints/online/custom-container/online-endpoints-custom-container-multimodel.ipynb). > [!TIP]-> If you have more than 1500 files to register, you may consider compressing the files or subdirectories as .tar.gz when registering the model. To consume the models, you can uncompress the files or subdirectories in the init() function from the scoring script. Alternatively, when you register the model, set the `azureml.unpack` property to `True`, which will allow automatic uncompression. In either case, uncompression happens once in the initialization stage. +> If you have more than 1500 files to register, consider compressing the files or subdirectories as .tar.gz when registering the models. To consume the models, you can uncompress the files or subdirectories in the `init()` function from the scoring script. Alternatively, when you register the models, set the `azureml.unpack` property to `True`, to automatically uncompress the files or subdirectories. In either case, uncompression happens once in the initialization stage. ++#### Use models registered in your Azure Machine Learning workspace in a deployment ++To use one or more models, which are registered in your Azure Machine Learning workspace, in your deployment, specify the name of the registered model(s) in your deployment YAML. For example, the following deployment YAML configuration specifies the registered `model` name as `azureml:local-multimodel:3`: ++```yml +$schema: https://azuremlschemas.azureedge.net/latest/managedOnlineDeployment.schema.json +name: blue +endpoint_name: my-endpoint +model: azureml:local-multimodel:3 +code_configuration: +ΓÇ» code: ../../model-1/onlinescoring/ +ΓÇ» scoring_script: score.py +environment: +ΓÇ» conda_file: ../../model-1/environment/conda.yml +ΓÇ» image: mcr.microsoft.com/azureml/openmpi4.1.0-ubuntu20.04:latest +instance_type: Standard_DS3_v2 +instance_count: 1 +``` ++For this example, consider that `local-multimodel:3` contains the following model artifacts, which can be viewed from the **Models** tab in the Azure Machine Learning studio: +++After you create your deployment, the environment variable `AZUREML_MODEL_DIR` will point to the storage location within Azure where your models are stored. For example, `/var/azureml-app/azureml-models/local-multimodel/3` will contain the models and the file structure. `AZUREML_MODEL_DIR` will point to the folder containing the root of the model artifacts. +Based on this example, the contents of the `AZUREML_MODEL_DIR` folder will look like this: +++Within your scoring script (`score.py`), you can load your models in the `init()` function. For example, load the `diabetes.sav` model: ++```python +def init(): + model_path = os.path.join(str(os.getenv("AZUREML_MODEL_DIR"), "models", "diabetes", "1", "diabetes.sav") + model = joblib.load(model_path) +``` |
machine-learning | Reference Managed Online Endpoints Vm Sku List | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/machine-learning/reference-managed-online-endpoints-vm-sku-list.md | This table shows the VM SKUs that are supported for Azure Machine Learning manag | X-Large | Standard_D32a_v4 </br> Standard_D32as_v4 </br> Standard_D48a_v4 </br> Standard_D48as_v4 </br> Standard_D64a_v4 </br> Standard_D64as_v4 </br> Standard_D96a_v4 </br> Standard_D96as_v4 | Standard_F32s_v2 <br/> Standard_F48s_v2 <br/> Standard_F64s_v2 <br/> Standard_F72s_v2 <br/> Standard_FX24mds <br/> Standard_FX36mds <br/> Standard_FX48mds | Standard_E32s_v3 <br/> Standard_E48s_v3 <br/> Standard_E64s_v3 | Standard_NC48ads_A100_v4 </br> Standard_NC96ads_A100_v4 </br> Standard_ND96asr_v4 </br> Standard_ND96amsr_A100_v4 </br> Standard_ND40rs_v2 | > [!CAUTION]-> `Standard_DS1_v2` and `Standard_F2s_v2` may be too small for bigger models and may lead to container termination due to insufficient memory, not enough space on the disk, or probe failure as it takes too long to initiate the container. If you face [OutOfQuota errors](how-to-troubleshoot-online-endpoints.md?tabs=cli#error-outofquota) or [ReourceNotReady errors](how-to-troubleshoot-online-endpoints.md?tabs=cli#error-resourcenotready), try bigger VM SKUs. If you want to reduce the cost of deploying multiple models with managed online endpoint, see [the example for multi models](how-to-deploy-online-endpoints.md#use-more-than-one-model-in-a-deployment). +> `Standard_DS1_v2` and `Standard_F2s_v2` may be too small for bigger models and may lead to container termination due to insufficient memory, not enough space on the disk, or probe failure as it takes too long to initiate the container. If you face [OutOfQuota errors](how-to-troubleshoot-online-endpoints.md?tabs=cli#error-outofquota) or [ReourceNotReady errors](how-to-troubleshoot-online-endpoints.md?tabs=cli#error-resourcenotready), try bigger VM SKUs. If you want to reduce the cost of deploying multiple models with managed online endpoint, see [the example for multi models](how-to-deploy-online-endpoints.md#use-multiple-local-models-in-a-deployment). > [!NOTE] > We recommend having more than 3 instances for deployments in production scenarios. In addition, Azure Machine Learning reserves 20% of your compute resources for performing upgrades on some VM SKUs as described in [Virtual machine quota allocation for deployment](how-to-deploy-online-endpoints.md#virtual-machine-quota-allocation-for-deployment). VM SKUs that are exempted from this extra quota reservation are listed below: This table shows the VM SKUs that are supported for Azure Machine Learning manag > - Standard_ND96asr_v4 > - Standard_ND96amsr_A100_v4 > - Standard_ND40rs_v2+ |
managed-ccf | Quickstart Java | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/managed-ccf/quickstart-java.md | Azure Managed CCF (Managed CCF) is a new and highly secure service for deploying ## Prerequisites - An Azure subscription - [create one for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).-- Java Development Kit (KDK) versions that are [supported by the Azure SDK for Java](https://github.com/Azure/azure-sdk-for-jav).+- Java Development Kit (JDK) versions that are [supported by the Azure SDK for Java](https://github.com/Azure/azure-sdk-for-jav). - [OpenSSL](https://www.openssl.org/) on a computer running Windows or Linux. ## Setup |
operator-nexus | Quickstarts Virtual Machine Deployment Bicep | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/operator-nexus/quickstarts-virtual-machine-deployment-bicep.md | This quick-start guide is designed to help you get started with using Nexus virt Before deploying the virtual machine template, let's review the content to understand its structure. Once you have reviewed and saved the template file named ```virtual-machine-bicep-template.bicep```, proceed to the next section to deploy the template. |
partner-solutions | Add Connectors | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/partner-solutions/apache-kafka-confluent-cloud/add-connectors.md | Title: Azure services and Confluent Cloud integration description: This article describes how to use Azure services and install connectors for Confluent Cloud integration.+ Previously updated : 06/24/2022-- Last updated : 11/20/2023+ # Azure services and Confluent Cloud integrations To set up your connector, see [Azure Cosmos DB Sink Connector for Confluent Clou ## Next steps - For help with troubleshooting, see [Troubleshooting Apache Kafka on Confluent Cloud solutions](troubleshoot.md).-- Get started with Apache Kafka on Confluent Cloud - Azure Native ISV Service on+- Get started with Apache Kafka on Confluent Cloud - An Azure Native ISV Service on > [!div class="nextstepaction"] > [Azure portal](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Confluent%2Forganizations) |
partner-solutions | Create Cli | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/partner-solutions/apache-kafka-confluent-cloud/create-cli.md | Title: Create Apache Kafka for Confluent Cloud through Azure CLI description: This article describes how to use the Azure CLI to create an instance of Apache Kafka for Confluent Cloud.+ Previously updated : 06/07/2021-- Last updated : 11/20/2023+ # QuickStart: Get started with Apache Kafka for Confluent Cloud - Azure CLI |
partner-solutions | Create Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/partner-solutions/apache-kafka-confluent-cloud/create-powershell.md | Title: Create Apache Kafka for Confluent Cloud through Azure PowerShell description: This article describes how to use Azure PowerShell to create an instance of Apache Kafka for Confluent Cloud.+ Previously updated : 11/03/2021-- Last updated : 11/20/2023+ # QuickStart: Get started with Apache Kafka for Confluent Cloud - Azure PowerShell |
partner-solutions | Create | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/partner-solutions/apache-kafka-confluent-cloud/create.md | Title: Create Apache Kafka for Confluent Cloud through Azure portal description: This article describes how to use the Azure portal to create an instance of Apache Kafka for Confluent Cloud. Previously updated : 12/14/2021-- Last updated : 11/20/2023 After you've selected the offer for Apache Kafka on Confluent Cloud, you're read > [!div class="nextstepaction"] > [Manage the Confluent Cloud resource](manage.md) -- Get started with Apache Kafka on Confluent Cloud - Azure Native ISV Service on+- Get started with Apache Kafka on Confluent Cloud - An Azure Native ISV Service on > [!div class="nextstepaction"] > [Azure portal](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Confluent%2Forganizations) |
partner-solutions | Get Support | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/partner-solutions/apache-kafka-confluent-cloud/get-support.md | Title: Contact support for Confluent Cloud description: This article describes how to contact support for Confluent Cloud on the Azure portal. Previously updated : 06/07/2021--+ Last updated : 11/20/2023 # Get support for Confluent Cloud resource To submit a request from your resource, follow these steps: ## Next steps - For help with troubleshooting, see [Troubleshooting Apache Kafka on Confluent Cloud solutions](troubleshoot.md).-- Get started with Apache Kafka on Confluent Cloud - Azure Native ISV Service on+- Get started with Apache Kafka on Confluent Cloud - An Azure Native ISV Service on > [!div class="nextstepaction"] > [Azure portal](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Confluent%2Forganizations) |
partner-solutions | Manage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/partner-solutions/apache-kafka-confluent-cloud/manage.md | Title: Manage a Confluent Cloud description: This article describes management of a Confluent Cloud on the Azure portal. How to set up single sign-on, delete a Confluent organization, and get support.+ Last updated : 11/20/2023 Previously updated : 06/07/2021-- # Manage the Confluent Cloud resource |
partner-solutions | Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/partner-solutions/apache-kafka-confluent-cloud/overview.md | Title: Apache Kafka on Confluent Cloud overview description: Learn about using Apache Kafka on Confluent Cloud in the Azure Marketplace. Previously updated : 02/22/2022--+ Last updated : 11/20/2023 -# What is Apache Kafka on Confluent Cloud - Azure Native ISV Service? +# What is Apache Kafka on Confluent Cloud - An Azure Native ISV Service? Azure Native ISV Services enable you to easily provision, manage, and tightly integrate independent software vendor (ISV) software and services on Azure. This Azure Native ISV Service is developed and managed by Microsoft and Confluent. -You can find Apache Kafka on Confluent Cloud - Azure Native ISV Service in the [Azure portal](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Confluent%2Forganizations) or get it on [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/confluentinc.confluent-cloud-azure-prod?tab=Overview). +You can find Apache Kafka on Confluent Cloud - An Azure Native ISV Service in the [Azure portal](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Confluent%2Forganizations) or get it on [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/confluentinc.confluent-cloud-azure-prod?tab=Overview). Apache Kafka on Confluent Cloud is an Azure Marketplace offering that provides Apache Kafka as a service. It's fully managed so you can focus on building your applications rather than managing the clusters. To learn more, see Confluent blog articles about Azure services that integrate w ## Next steps - To create an instance of Apache Kafka on Confluent Cloud, see [QuickStart: Get started with Confluent Cloud on Azure](create.md).-- Get started with Apache Kafka on Confluent Cloud - Azure Native ISV Service on+- Get started with Apache Kafka on Confluent Cloud - An Azure Native ISV Service on > [!div class="nextstepaction"] > [Azure portal](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Confluent%2Forganizations) |
partner-solutions | Troubleshoot | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/partner-solutions/apache-kafka-confluent-cloud/troubleshoot.md | Title: Troubleshooting Apache Kafka for Confluent Cloud description: This article provides information about troubleshooting and frequently asked questions (FAQ) for Confluent Cloud on Azure. Previously updated : 02/18/2021--+ Last updated : 11/20/2023 # Troubleshooting Apache Kafka on Confluent Cloud solutions If the problem persists, contact [Confluent support](https://support.confluent.i ## Next steps - Learn about [managing your instance](manage.md) of Apache Kafka on Confluent Cloud.-- Get started with Apache Kafka on Confluent Cloud - Azure Native ISV Service on+- Get started with Apache Kafka on Confluent Cloud - An Azure Native ISV Service on > [!div class="nextstepaction"] > [Azure portal](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Confluent%2Forganizations) |
postgresql | Concepts Single To Flexible | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/postgresql/migrate/concepts-single-to-flexible.md | Along with data migration, the tool automatically provides the following built-i ## Limitations -- You can have only one active migration or validation to your flexible server.-- The source and target server must be in the same Azure region. Cross region migrations are enabled only for servers in China regions.+- You can have only one active migration or validation to your Flexible server. +- The source and target server must be in the same Azure region. Cross region migrations are enabled only for servers in India, China and UAE as Flexible server may not be available in all regions within these geographies. - The tool takes care of the migration of data and schema. It doesn't migrate managed service features such as server parameters, connection security details and firewall rules. - The migration tool shows the number of tables copied from source to target server. You need to manually validate the data in target server post migration. - The tool only migrates user databases and not system databases like template_0, template_1, azure_sys and azure_maintenance. |
private-5g-core | Azure Private 5G Core Release Notes 2308 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/private-5g-core/azure-private-5g-core-release-notes-2308.md | -This article applies to the AP5GC 2308 release (2308.0-8). This release is compatible with the Azure Stack Edge Pro 1 GPU and Azure Stack Edge Pro 2 running the ASE 2303 and ASE 2309 releases. It supports the 2023-06-01 and 2022-11-01 [Microsoft.MobileNetwork](/rest/api/mobilenetwork) API versions. +This article applies to the AP5GC 2308 release (2308.0-9). This release is compatible with the Azure Stack Edge Pro 1 GPU and Azure Stack Edge Pro 2 running the ASE 2303 and ASE 2309 releases. It supports the 2023-06-01 and 2022-11-01 [Microsoft.MobileNetwork](/rest/api/mobilenetwork) API versions. For more information about compatibility, see [Packet core and Azure Stack Edge compatibility](azure-stack-edge-packet-core-compatibility.md). -With this release, there's a new naming scheme and Packet Core versions are now called ΓÇÿ2308.0-1ΓÇÖ rather than ΓÇÿPMN-2308.ΓÇÖ +With this release, there's a new naming scheme and Packet Core versions are now called ΓÇÿ2308.0-9ΓÇÖ rather than ΓÇÿPMN-2308.ΓÇÖ > [!WARNING]-> For this release, it's important that the packet core version is upgraded to the AP5GC 2308 release before the upgrading to the ASE 2309 release. Upgrading to ASE 2309 before upgrading to Packet Core 2308.0.1 causes a total system outage. Recovery requires you to delete and re-create the AKS cluster on your ASE. +> For this release, it's important that the packet core version is upgraded to the AP5GC 2308 release before the upgrading to the ASE 2309 release. Upgrading to ASE 2309 before upgrading to Packet Core 2308.0.9 causes a total system outage. Recovery requires you to delete and re-create the AKS cluster on your ASE. ## Support lifetime |
reliability | Disaster Recovery Guidance Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/reliability/disaster-recovery-guidance-overview.md | The tables below lists each product that offers disaster recovery guidance and/o | [Azure SQL Server Registry](/sql/sql-server/end-of-support/sql-server-extended-security-updates?preserve-view=true&view=sql-server-ver15#configure-regional-redundancy) | | [Azure Stream Analytics](../stream-analytics/geo-redundancy.md) | | [Azure Virtual WAN](../expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering.md) |-| [Azure Web Application Firewall](../application-gateway/application-gateway-faq.yml?#how-do-i-achieve-a-dr-scenario-across-datacenters-by-using-application-gateway) | +| [Azure Web Application Firewall](../application-gateway/application-gateway-faq.yml?#how-do-i-achieve-a-disaster-recovery-scenario-across-datacenters-by-using-application-gateway) | ### ![An icon that signifies this service is strategic.](media/icon-strategic.svg) Strategic services |
sap | Soft Stop Sap And Hana Database | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/sap/center-sap-solutions/soft-stop-sap-and-hana-database.md | -Using the [Azure PowerShell](/powershell/module/az.workloads) and [REST API](/rest/api/workloads) interfaces, you can: +Using the [Azure PowerShell](/powershell/module/az.workloads), [CLI](/cli/azure/workloads/sap-virtual-instance) and [REST API](/rest/api/workloads) interfaces, you can: - Soft stop the entire SAP system, that is the application server instances and central services instance. - Soft stop specific SAP application server instances. Using the [Azure PowerShell](/powershell/module/az.workloads) and [REST API](/re ## Soft stop SAP system -Currently, you can initiate a soft stop operation from the Azure PowerShell and REST API interfaces. You must use the stop operation along with a soft stop timeout value in seconds to initiate a soft stop. Once you initiate soft stop on VIS and the operation is successfully triggered on the SAP system, then monitor the Health and Status of the VIS to check if the system has stopped. +Currently, you can initiate a soft stop operation from the Azure PowerShell, Azure Command-Line Interface (Azure CLI) and REST API interfaces. You must use the stop operation along with a soft stop timeout value in seconds to initiate a soft stop. Once you initiate soft stop on VIS and the operation is successfully triggered on the SAP system, then monitor the Health and Status of the VIS to check if the system has stopped. > [!NOTE] > When attempting to soft stop an SAP system or applicaton server instance using Azure Center for SAP solutions, soft stop timeout value must be greater than 0 and less than 82800 seconds. Use the [Stop-AzWorkloadsSapVirtualInstance](/powershell/module/az.workloads/Sto Stop-AzWorkloadsSapVirtualInstance -InputObject /subscriptions/sub1/resourceGroups/rg1/providers/Microsoft.Workloads/sapVirtualInstances/DB0 --SoftStopTimeoutSecond 300 ` ``` +### Soft stop system in CLI +Use the [az workloads sap-virtual-instance stop](/cli/azure/workloads/sap-virtual-instance#az-workloads-sap-virtual-instance-stop) command: ++```azurecli-interactive + az workloads sap-virtual-instance stop --id /subscriptions/sub1/resourceGroups/rg1/providers/Microsoft.Workloads/sapVirtualInstances/DB0 --soft-stop-timeout-seconds 300 +``` + ### Soft stop system using REST API Use this [sample payload](/rest/api/workloads/2023-04-01/sap-virtual-instances/stop?tabs=HTTP#sapvirtualinstances_stop) to soft stop an SAP system. You can specify the soft stop timeout value in seconds. ## Soft stop SAP Application server instance-You can soft stop a specific application server in Azure Center for SAP solutions using Azure PowerShell and REST API interfaces. Once you initiate soft stop on application server and the operation is successfully triggered, then monitor Health and Status of the application server instance to check if it has stopped. +You can soft stop a specific application server in Azure Center for SAP solutions using Azure PowerShell, CLI and REST API interfaces. Once you initiate soft stop on application server and the operation is successfully triggered, then monitor Health and Status of the application server instance to check if it has stopped. To soft stop an application server represented as an *App server instance for SAP solutions* resource: Use the [Stop-AzWorkloadsSapApplicationInstance](/powershell/module/az.workloads Stop-AzWorkloadsSapApplicationInstance -InputObject /subscriptions/Sub1/resourceGroups/RG1/providers/Microsoft.Workloads/sapVirtualInstances/DB0/applicationInstances/app0 --SoftStopTimeoutSecond 300 ` ``` +### Using CLI +Use the [az workloads sap-application-server-instance stop](/cli/azure/workloads/sap-application-server-instance?view=azure-cli-latest#az-workloads-sap-application-server-instance-stop) command: ++```azurecli-interactive + az workloads sap-application-server-instance stop --id /subscriptions/Sub1/resourceGroups/RG1/providers/Microsoft.Workloads/sapVirtualInstances/DB0/applicationInstances/app0 --soft-stop-timeout-seconds 300 +``` + ### Using REST API Use this [sample payload](/rest/api/workloads/2023-04-01/sap-application-server-instances/stop-instance?tabs=HTTP#stop-the-sap-application-server-instance) to soft stop an application server instance. You can specify the soft stop timeout value in seconds. ## Soft stop HANA database-You can soft stop the HANA database so that the database stops gracefully after all running statements have finished. You can use the Azure PowerShell and REST API interfaces to soft stop database. Once you initiate soft stop on HANA database and the operation is successfully triggered on the database instance, then monitor the status of the database instance on the VIS to check if it has stopped. +You can soft stop the HANA database so that the database stops gracefully after all running statements have finished. You can use the Azure PowerShell, CLI and REST API interfaces to soft stop database. Once you initiate soft stop on HANA database and the operation is successfully triggered on the database instance, then monitor the status of the database instance on the VIS to check if it has stopped. > [!NOTE] > When attempting to soft stop HANA database instance using Azure Center for SAP solutions, soft stop timeout value must be greater than 0 and less than 1800 seconds. Use the [Stop-AzWorkloadsSapDatabaseInstance](/powershell/module/az.workloads/st Stop-AzWorkloadsSapDatabaseInstance -InputObject /subscriptions/Sub1/resourceGroups/RG1/providers/Microsoft.Workloads/sapVirtualInstances/DB0/databaseInstances/ab0 --SoftStopTimeoutSecond 300 ` ``` +### Using CLI +Use the [az workloads sap-database-instance stop](/cli/azure/workloads/sap-database-instance?view=azure-cli-latest#az-workloads-sap-database-instance-stop) command: ++```azurecli-interactive + az workloads sap-database-instance stop --id /subscriptions/Sub1/resourceGroups/RG1/providers/Microsoft.Workloads/sapVirtualInstances/DB0/databaseInstances/ab0 --soft-stop-timeout-seconds 300 +``` + ### Using REST API Use this [sample payload](/rest/api/workloads/2023-04-01/sap-database-instances/stop-instance?tabs=HTTP#stop-the-database-instance-of-the-sap-system.) to soft stop HANA database. You can specify the soft stop timeout value in seconds. |
search | Retrieval Augmented Generation Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/search/retrieval-augmented-generation-overview.md | -Retrieval Augmentation Generation (RAG) is an architecture that augments the capabilities of a Large Language Model (LLM) like ChatGPT by adding an information retrieval system that provides the data. Adding an information retrieval system gives you control over the data used by an LLM when it formulates a response. For an enterprise solution, RAG architecture means that you can constrain generative AI to *your enterprise content* sourced from vectorized documents, images, audio, and video. +Retrieval Augmentation Generation (RAG) is an architecture that augments the capabilities of a Large Language Model (LLM) like ChatGPT by adding an information retrieval system that provides grounding data. Adding an information retrieval system gives you control over grounding data used by an LLM when it formulates a response. For an enterprise solution, RAG architecture means that you can constrain generative AI to *your enterprise content* sourced from vectorized documents, images, audio, and video. The decision about which information retrieval system to use is critical because it determines the inputs to the LLM. The information retrieval system should provide: The decision about which information retrieval system to use is critical because + Integration with LLMs. -Azure AI Search is a [proven solution for information retrieval](https://github.com/Azure-Samples/chat-with-your-data-solution-accelerator) in a RAG architecture. It provides indexing and query capabilities, with the infrastructure and security of the Azure cloud. Through code and other components, you can design a comprehensive RAG solution that includes all of the elements for generative AI over your proprietary content. +Azure AI Search is a [proven solution for information retrieval](/azure/developer/python/get-started-app-chat-template?tabs=github-codespaces) in a RAG architecture. It provides indexing and query capabilities, with the infrastructure and security of the Azure cloud. Through code and other components, you can design a comprehensive RAG solution that includes all of the elements for generative AI over your proprietary content. > [!NOTE] > New to copilot and RAG concepts? Watch [Vector search and state of the art retrieval for Generative AI apps](https://ignite.microsoft.com/sessions/18618ca9-0e4d-4f9d-9a28-0bc3ef5cf54e?source=sessions). Since you probably know what kind of content you want to search over, consider t | video | vectors <sup>1</sup> | Video files can be vectorized externally for a mathematical representation of video content and then [indexed as vector fields](vector-search-how-to-create-index.md) in your index. | | audio | vectors <sup>1</sup> | Audio files can be vectorized externally for a mathematical representation of audio content and then [indexed as vector fields](vector-search-how-to-create-index.md) in your index. | - <sup>1</sup> [Vector support](vector-search-overview.md) is in public preview. It currently requires that you call other libraries or models for data chunking and vectorization. See [this repo](https://github.com/Azure/cognitive-search-vector-pr) for samples that call Azure OpenAI embedding models to vectorize content and queries, and that demonstrate data chunking. + <sup>1</sup> The generally available functionality of [vector support](vector-search-overview.md) requires that you call other libraries or models for data chunking and vectorization. However, [integrated vectorization (preview)](vector-search-integrated-vectorization.md) embeds these steps. For code samples showing both approaches, see [azure-search-vectors repo](https://github.com/Azure/azure-search-vector-samples). <sup>2</sup> [Skills](cognitive-search-working-with-skillsets.md) are built-in support for [AI enrichment](cognitive-search-concept-intro.md). For OCR and Image Analysis, the indexing pipeline makes an internal call to the Azure AI Vision APIs. These skills pass an extracted image to Azure AI for processing, and receive the output as text that's indexed by Azure AI Search. |
search | Search Howto Index Cosmosdb | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/search/search-howto-index-cosmosdb.md | Because terminology can be confusing, it's worth noting that [Azure Cosmos DB in + An [automatic indexing policy](../cosmos-db/index-policy.md) on the Azure Cosmos DB collection, set to [Consistent](../cosmos-db/index-policy.md#indexing-mode). This is the default configuration. Lazy indexing isn't recommended and may result in missing data. -+ Read permissions. A "full access" connection string includes a key that grants access to the content, but if you're using Azure roles, make sure the [search service managed identity](search-howto-managed-identities-data-sources.md) has **Cosmos DB Account Reader Role** permissions. ++ Read permissions. A "full access" connection string includes a key that grants access to the content, but if you're using Azure RBAC (Entra ID), make sure the [search service managed identity](search-howto-managed-identities-data-sources.md) is assigned both **Cosmos DB Account Reader Role** and [**Cosmos DB Built-in Data Reader Role**](../cosmos-db/how-to-setup-rbac.md#built-in-role-definitions). + A REST client, such as [Postman](search-get-started-rest.md), to send REST calls that create the data source, index, and indexer. |
sentinel | Enable Enrichment Widgets | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/sentinel/enable-enrichment-widgets.md | Title: Visualize data with enrichment widgets in Microsoft Sentinel + Title: Enable enrichment widgets in Microsoft Sentinel description: This article shows you how to enable the enrichment widgets experience, allowing you to better visualize entity data and insights and make better, faster decisions. -# Visualize data with enrichment widgets in Microsoft Sentinel +# Enable enrichment widgets in Microsoft Sentinel -This article shows you how to enable the enrichment widgets experience, allowing you to better visualize entity data and insights and make better, faster decisions. +Enrichment widgets are dynamic components that provide you with in-depth, actionable intelligence about entities. They integrate external and internal content and data from various sources, allowing you a better understanding of potential security threats. -Enrichment widgets are components that help you retrieve, visualize, and understand more information about entities. These widgets take data presentation to the next level by integrating external content, enhancing your ability to make informed decisions quickly. +This article shows you how to enable the enrichment widgets experience, allowing you to take advantage of this new capability and helping you make better, faster decisions. > [!IMPORTANT] > |
sentinel | Whats New | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/sentinel/whats-new.md | The listed features were released in the last three months. For information abou ## November 2023 -- [Visualize data with enrichment widgets](#visualize-data-with-enrichment-widgets-preview)+- [Elevate your cybersecurity intelligence with enrichment widgets (Preview)](#elevate-your-cybersecurity-intelligence-with-enrichment-widgets-preview) -### Visualize data with enrichment widgets (Preview) +<a name="visualize-data-with-enrichment-widgets-preview"></a> +### Elevate your cybersecurity intelligence with enrichment widgets (Preview) -In the fast-moving, high-pressure environment of your Security Operations Center, data visualization is one of your SIEM's key capabilities to help you quickly and effectively find usable information within the vast sea of data that constantly confronts you. Microsoft Sentinel uses widgets, the latest evolution of its data visualization capabilities, to present you with its most relevant findings. +Enrichment Widgets in Microsoft Sentinel are dynamic components designed to provide you with in-depth, actionable intelligence about entities. They integrate external and internal content and data from various sources, offering a comprehensive understanding of potential security threats. These widgets serve as a powerful enhancement to your cybersecurity toolkit, offering both depth and breadth in information analysis. Widgets are already available in Microsoft Sentinel today (in Preview). They currently appear for IP entities, both on their full [entity pages](entity-pages.md) and on their [entity info panels](incident-investigation.md) that appear in Incident pages. These widgets show you valuable information about the entities, from both internal and third-party sources. |
service-connector | Quickstart Cli App Service Connection | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/quickstart-cli-app-service-connection.md | -The [Azure CLI](/cli/azure) is a set of commands used to create and manage Azure resources. The Azure CLI is available across Azure services and is designed to get you working quickly with Azure, with an emphasis on automation. This quickstart shows you the options to create a service connection with the Azure CLI. +This quickstart describes the steps for creating a service connection in Azure App Service with the Azure CLI. [!INCLUDE [quickstarts-free-trial-note](../../includes/quickstarts-free-trial-note.md)] Use the Azure CLI [az webapp connection create](/cli/azure/webapp/connection/cre az webapp connection create storage-blob --secret ``` -> [!NOTE] -> If you don't have a Blob Storage, you can run `az webapp connection create storage-blob --new --secret` to provision a new one and directly get connected to your app service. +> [!TIP] +> If you don't have a Blob Storage, run `az webapp connection create storage-blob --new --secret` to provision a new one and directly get connected to your App Service resource. #### [Using a managed identity](#tab/Using-Managed-Identity) > [!IMPORTANT]-> Using Managed Identity requires you have the permission to [Microsoft Entra role assignment](../active-directory/managed-identities-azure-resources/howto-assign-access-portal.md). If you don't have the permission, your connection creation would fail. You can ask your subscription owner for the permission or using access key to create the connection. +> Using Managed Identity requires you have the permission to [Microsoft Entra role assignment](../active-directory/managed-identities-azure-resources/howto-assign-access-portal.md). Without this permission, creating a connection will fail. You can ask your subscription owner to grant you this permission or use an access key to create the connection. -Use the Azure CLI [az webapp connection](/cli/azure/webapp/connection) command to create a service connection to a Blob Storage with a System-assigned Managed Identity, providing the following information: +Use the Azure CLI [az webapp connection](/cli/azure/webapp/connection) command to create a service connection to a Blob Storage with a system-assigned Managed Identity, providing the following information: -- **Source compute service resource group name:** the resource group name of the App Service.-- **App Service name:** the name of your App Service that connects to the target service.-- **Target service resource group name:** the resource group name of the Blob Storage.-- **Storage account name:** the account name of your Blob Storage.+- The name of the resource group that contains the App Service +- The name of the App Service +- The name of the resource group that contains the storage account +- The name of the storage account ```azurecli-az webapp connection create storage-blob --system-identity +az webapp connection create storage-blob ``` > [!NOTE]-> If you don't have a Blob Storage, you can run `az webapp connection create storage-blob --new --system-identity` to provision a new one and directly get connected to your app service. +> If you don't have a Blob Storage, you can run `az webapp connection create storage-blob --new --system-identity` to provision a new Blob Storage resource and directly connected it to your App Service instance. ## View connections -Use the Azure CLI [az webapp connection](/cli/azure/webapp/connection) command to list connections to your App Service, providing the following information: +Run the Azure CLI [az webapp connection](/cli/azure/webapp/connection) command to list connections to your App Service, providing the following information: -- **Source compute service resource group name:** the resource group name of the App Service.-- **App Service name:** the name of your App Service that connects to the target service.+- The name of the resource group that contains the App Service +- The name of the App Service ```azurecli az webapp connection list -g "<your-app-service-resource-group>" -n "<your-app-service-name>" --output table az webapp connection list -g "<your-app-service-resource-group>" -n "<your-app-s ## Next steps -Follow the tutorials listed below to start building your own application with Service Connector. +Follow the tutorials below to start building your own application with Service Connector. > [!div class="nextstepaction"] > [Tutorial: WebApp + Storage with Azure CLI](./tutorial-csharp-webapp-storage-cli.md) |
service-connector | Tutorial Java Spring Confluent Kafka | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/service-connector/tutorial-java-spring-confluent-kafka.md | Learn how to access Apache Kafka on Confluent Cloud for a Spring Boot applicatio > * Build and deploy the Spring Boot app > * Connect Apache Kafka on Confluent Cloud to Azure Spring Apps using Service Connector -## Set up your initial environment +## Prerequisites -1. Have an Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio). -2. Install Java 8 or 11. -3. Install the <a href="/cli/azure/install-azure-cli" target="_blank">Azure CLI</a> 2.18.0 or higher, with which you run commands in any shell to provision and configure Azure resources. +* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/). ++* Java 8 or a more recent version with long-term support (LTS) 1. + ## Clone or download the sample app Learn how to access Apache Kafka on Confluent Cloud for a Spring Boot applicatio git clone https://github.com/Azure-Samples/serviceconnector-springcloud-confluent-springboot/ ``` -1. Navigate into that folder: +1. Navigate into the following folder: ```Bash cd serviceconnector-springcloud-confluent-springboot Create an instance of Apache Kafka for Confluent Cloud by following [this guidan :::image type="content" source="media/tutorial-java-spring-confluent-kafka/confluent-cloud-env.png" alt-text="Cloud environment of Apache Kafka on Confluent Cloud" lightbox="media/tutorial-java-spring-confluent-kafka/confluent-cloud-env.png"::: -1. Create a Kafka cluster with the following information +1. Create a Kafka cluster with the following information: * Cluster type: Standard * Region/zones: eastus(Virginia), Single Zone * Cluster name: `cluster_1` or any other name. -1. In **Cluster overview** -> **Cluster settings**, get the Kafka **bootstrap server url** and take note it down. +1. In **Cluster overview** -> **Cluster settings**, note the Kafka **Bootstrap server** URL. :::image type="content" source="media/tutorial-java-spring-confluent-kafka/confluent-cluster-setting.png" alt-text="Cluster settings of Apache Kafka on Confluent Cloud" lightbox="media/tutorial-java-spring-confluent-kafka/confluent-cluster-setting.png"::: Create an instance of Apache Kafka for Confluent Cloud by following [this guidan ### Create an Azure Spring Apps instance -Create an instance of Azure Spring Apps by following [the Azure Spring Apps quickstart](../spring-apps/quickstart.md) in Java. Make sure your Azure Spring Apps instance is created in [the region that has Service Connector support](concept-region-support.md). +Create an instance of Azure Spring Apps by following [the Azure Spring Apps quickstart](../spring-apps/quickstart.md) in Java. Make sure your Azure Spring Apps instance is created in [a region that has Service Connector support](concept-region-support.md). ## Build and deploy the app Create an instance of Azure Spring Apps by following [the Azure Spring Apps quic az account set --subscription <Name or ID of your subscription> ``` -1. Build the project using gradle +1. Build the project using gradle. ```Bash ./gradlew build Create an instance of Azure Spring Apps by following [the Azure Spring Apps quic az spring-cloud app create -n hellospring -s <service-instance-name> -g <your-resource-group-name> --assign-endpoint true ``` -## Create service connection using Service Connector +## Create a service connection using Service Connector #### [CLI](#tab/Azure-CLI) az spring-cloud connection create confluent-cloud -g <your-spring-cloud-resource ``` Replace the following placeholder texts with your own data:+ * Replace *`<your-resource-group-name>`* with the resource group name that you created for your Apps Spring Apps instance.-* Replace *`<kafka-bootstrap-server-url>`* with your kafka bootstrap server url (the value should be like `pkc-xxxx.eastus.azure.confluent.cloud:9092`) +* Replace *`<kafka-bootstrap-server-url>`* with your Kafka bootstrap server URL. For example: `pkc-xxxx.eastus.azure.confluent.cloud:9092`. * Replace *`<cluster-api-key>`* and *`<cluster-api-secret>`* with your cluster API key and secret.-* Replace *`<kafka-schema-registry-endpoint>`* with your kafka Schema Registry endpoint (the value should be like `https://psrc-xxxx.westus2.azure.confluent.cloud`) +* Replace *`<kafka-schema-registry-endpoint>`* with your Kafka Schema Registry endpoint. For example: `https://psrc-xxxx.westus2.azure.confluent.cloud`. * Replace *`<registry-api-key>`* and *`<registry-api-secret>`* with your kafka Schema Registry API key and secret. > [!NOTE]-> If you see the error message "The subscription is not registered to use Microsoft.ServiceLinker", please run `az provider register -n Microsoft.ServiceLinker` to register the Service Connector resource provider and run the connection command again. +> If you see the error message "The subscription is not registered to use Microsoft.ServiceLinker", please run `az provider register -n Microsoft.ServiceLinker` to register the Service Connector resource provider and run the connection command again. #### [Portal](#tab/Azure-portal) |
storage | Anonymous Read Access Prevent | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/anonymous-read-access-prevent.md | The **Microsoft.Storage/storageAccounts/listkeys/action** itself grants data acc ### Set the storage account's AllowBlobPublicAccess property to False -To disallow anonymous access for a storage account, set the account's **AllowBlobPublicAccess** property to **False**. This property is available for all storage accounts that are created with the Azure Resource Manager deployment model. For more information, see [Storage account overview](../common/storage-account-overview.md). +To disallow anonymous access for a storage account, set the account's **AllowBlobPublicAccess** property to **False**. > [!IMPORTANT] > Disallowing anonymous access for a storage account overrides the access settings for all containers in that storage account. When anonymous access is disallowed for the storage account, any future anonymous requests to that account will fail. Before changing this setting, be sure to understand the impact on client applications that may be accessing data in your storage account anonymously by following the steps outlined in [Detect anonymous requests from client applications](#detect-anonymous-requests-from-client-applications). |
storage | Secure File Transfer Protocol Host Keys | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/secure-file-transfer-protocol-host-keys.md | When you connect to Blob Storage by using an SFTP client, you might be prompted > [!div class="mx-tdBreakAll"] > | Region | Host key type | Expiration | SHA 256 fingerprint <sup>1</sup> | Public key | > ||||||-> | Australia Central | ecdsa-sha2-nistp256 | 12/31/2023 | `m2HCt3ESvMLlVBMwuo9jsQd9hJzPc/fe0WOJcoqO3RA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElXRuNJbnDPWZF84vNtTjt4I/842dWBPvPi2fkgOV//2e/Y9gh0koVVAYp6MotNodg4L9MS7IfV9nnFSKaJW3o=` | -> | Australia Central | ecdsa-sha2-nistp256 | 12/31/2025 | `5Vot7f2reXMzE6IR9GKiDCOz/bNf3lA0qYnBQzRgObo=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLs9yqrEGdGvgdSWkAK5YkyazMWi30X+E6J/CiGpJwbuczVJwT/cwh+mxnE7DMTwhEo57jL7/wi/WT8CPfPpD4I=` | -> | Australia Central | ecdsa-sha2-nistp384 | 12/31/2023 | `uoYLwsgkLp4D5diAulDKlLb7C5nT4gMCyf9MFvjr7qg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBARO/VI5TyirrsNZZkI2IBS0TelywsJKj71zjBGB8+mmki+mmdtooSTPgH0zmmyWb/z3iJG+BnEEv/58zIvJ+cXsVoRChzN+ewvsqdfzfCqVrzwyro52x5ymB08yBwDYig==` | -> | Australia Central | ecdsa-sha2-nistp384 | 12/31/2025 | `adZj2DQSv+LtvnORWfJdnUJhVy/Tjck1AWxOwF5q4hU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKVV77ZE9HdETqzwJ+w71BdzF5+8T+LX6ZYvEpNkts6aNurkpH5jfl89Lb0GVeOxIfw6pi3TCiYiXysImBKTsMPQYJ+7jWgLMJEgKG6iDdo3Ust0iolueehHci2iMxPwEg==` | -> | Australia Central | rsa-sha2-256 | 12/31/2023 | `q2pDjwwgUuAMU3irDl2D+sbH8wQpPB5LHBOFFzwM9Sk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOrNklxmyreRYe7N72ylBCensxxPTBWX/CfbdbGfEbcGRtMGHReeojkvf4iJ7mDMZRzecgYxZ9o2bwTH9UImNkuZTsFNH6APuJ075WyxoDgdBX1UAQ3eE6BrCNI0BcwLakU9lq0rNhmxMpt/quBXxxWbRieKR9liTOg5CGSqoUPo7TpwaZQBltJCEf7rN5wGUlHV49iuiJIasSldYT6F1c3vS4bJb2sdIvVnKVLq+yTMzaPzWn34BD+KHx/pkB+s7/vQtdMfBBEdgEdPVvMPsyXtIKhx4Q79LnfZT19RDY8KW1mJrbPo67oEcjJYTXSZTKysjCUNmNNrnXvp6sHd` | -> | Australia Central | rsa-sha2-256 | 12/31/2025 | `u2Lg2ZWkF2yQcm/gYtuy1pTIyY4zIhy4VRwZe2sJZYQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNKRFZfxWPzqUEPzS7ywkynUs3ZQuhmFOaPqgORDqDf/+OYRswOcNwu1LqH7Ait5ntwFu99AyleKGkdKvkEHDHfKI3dJIczV5OpxZ4m9hFuDa0pSwlyUSVQc+jDTbtrUSFtkAZDsmfbXR3UBikrwJmA+9IF5UWewTxqvZ894r1rSbLkaZpObu5Cq9MW15On/Aa4lpR4mtVtSLt/ww/qGXy0wQDgzItjQlU+VrhjTd7PrL7NVpSmGIQioFqJqNP4mp8aUU9jceAOCa4nJkfEJ3oQRYTs2M0wxTNdo1XR1NPju6vlU0fKBq9G+hssOSNPZFc2Mnz7ECnVgjASKn9B1hJ` | -> | Australia Central | rsa-sha2-512 | 12/31/2023 | `+tdLVAC4I+7DhQn9JguFBPu0/Hdt5Ru2zjuOOat+Opw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCnd0ETMwpU8w7uwWu1AWDv6COIwLKMmxXu+/1rR429cNXuPrBkMldUfI7NKVaiwnu1kLPuJsgUDkvs/fc7lxx2l5i6mYBWJOXcWzAfXSBfB1a+1SK+2tDPYT3j4/W/KRW74DFPokWTINre22UVc+8sbzkmdtX/FzZdVcqI4+xJSjwdsp2hbzcsVWkxWhrFzKmBU40m5E/YwKQwAcbkzmX6AN5O8s66TQs2uPkRuTItDWI3ShW7QzW05jb6W8TeYdkouZ5PY0Yz/h3/oysFzo4VaUc0y3JP98KRWNXPiBrmvphpKnU1TQrjvVkYEsiCBHMOUnNVHdR1oIHd2zPRneK5` | -> | Australia Central | rsa-sha2-512 | 12/31/2025 | `oOWjGbOjG/o5T4MRYnl2JmIWDQor5ScEXhbbNBsN07Q=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC4/SgLtX9IiVa6W6cqMTozxCEnv5OcjT9aohtlhd9ho4h4OI/m+vDXdxeSUcJE1vMK/mIpzqs402Gm4PB1Z667t6mhpj6ISPIp2WhPdbnBo1vqagMUWM3tHJjp4XlOyQW/dteQtqV32m5iBfCjEzCJt7aw93uWrMosB5q0j1mS0EdCFBWzLtaPPyaQnQ6Pm7KX/ZICzhEadU2tYC4alALfFvqn1HDUY+gyzE0/W3S+4+o9ds1uzG165c8hluYInsgTFAbHjVDAvy/5lG93tkNDh1qQu1m2bYnIoXzFg3ZYHrcvewbrHCPOH4/6TVItibspePHqM+cbRTuLd3oVzgh1` | -> | Australia Central 2 | ecdsa-sha2-nistp256 | 12/31/2023 | `m7Go9P1bwcPHAcZzRSXdwYroDIdZzt0jhxkJW42YGKY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHp76felOL7GAHcJoW6vcCS83jkeR6RdFCwUk0Jf6v7SFoqYNZfTaryy2n0vwG1W1dAyHvOjB1+gzTZOkHN/cAI=` | -> | Australia Central 2 | ecdsa-sha2-nistp256 | 12/31/2025 | `ljng4w6TbLQ8Gx6ZRiD3/IpPELeGqMF0LIPVWKPGwpE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOUs2ledPbnskBJiCxyvDDZ2UXJ0FX0A0orlg0thjLfu+wTyDzhkMENTwBFQcxbHUiF2si2EaGH24/vGbTIu4u0=` | -> | Australia Central 2 | ecdsa-sha2-nistp384 | 12/31/2023 | `9Jc39OueTg3pQcq8KJgzsmPlVXxILG24Euw27on7SkY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEduOE61sSP2BozvJ6QLtRDZ7j0TenX7PjcpPVtYIQuKQ+h3qakXFwFnj8N3m8+LpTXYO41mgX7N02Rl12QvD7lDpUgHUChaNpUcMcSpm5qvguLyG6XZg2BDNd6pyx+fpw==` | -> | Australia Central 2 | ecdsa-sha2-nistp384 | 12/31/2025 | `jm715CgIcCpPm/Lbc05DQGY/ruz1OqdM5jZa1I63W34=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLSDA7juMVxMlQQghLVwdkg87U1kE9P4ssrwt8k9Pts2vVSlG/iUYeCOBibjFljDnWkZXNiUzz008fAdNCfcjuwXbKwBXU/shP+Of11rCfTTu2hCE8KLU/Q3uKQyiGB3cQ==` | -> | Australia Central 2 | rsa-sha2-256 | 12/31/2023 | `sqVq1zdzD3OiAbnDjs70/why2c3UZOPMTuk5sXeOu4Y=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNZVZ5RVnGa0fYSn+Nx3tnt526fmMf+VufOBOy5/hEnqV6mPKXMiDijx2gFhKY4nyy957jYUwcqp1XasweWX6ISuhfg4QWcygW0HgmVdlSDezobPDueuP0WdhVsG3vXGbEYnrZOUR5kQHagX/wWf6Diy1J5Cn2ojIKGuSuGY/9bu3bnZzKt08fj+gQCEd1GxpPoBUfjF/73MM57IRhdmv919rsGD5nsyZCBmqFoKlLH/gKYZ4B3hylqf/6gER7OeZmG2S/U/fRAN0hVK7RkHNf2CFoCmuxXS6r87BznT5vF3nmd7tsf0akaxLjfWRbKLMWWyZkzU4/jijpbDDuu1x` | -> | Australia Central 2 | rsa-sha2-256 | 12/31/2025 | `Rtw7IkxA4khKCdOQRMby9qILYVL9Vjc2Mq0mEk1bZCs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDD9nOyOSgLGF2U3gtmh+5K4JLna7i0nySgGrhsmSvM7ZMP0csSpNGqgfluu1QPYgCQdYWZ249zF8VyOecMvZeWPevsnKGk31W19v5uw0XFZehN2otbeDYhrIH3qGoYckGZ53UWNpwjCS5tn9AnGzifk91mufUxahHCMvOYW/yXziOUZG6aIRmJXwTNO+6boe4r3E7jNhi7fNmoaxb6C6CfgzzOXEnXxOGOH5gbvxDo0w2kCIsN3HlR8FPXZEDVsxMpRfl+8WLVUk1ReJY8D3UiRF74f0QtzZofgW0dErbu1yS4+m8Pd76P9Dk7X+warYVWPOJB6fiaUuJGMNztNZxF` | -> | Australia Central 2 | rsa-sha2-512 | 12/31/2023 | `p6vLHCTBcKOkqz7eiVCT6pLuIg7h4Jp41lvL/WOQLWM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDcqD2zICW1RLKweRXMG9wtOGxA5unQO/nd9yslfOIo54Ef0dlhAXGFPmCd3Yj60Gt/CIpqguzKLGm4D3nf19KjXE8V59cD7/lN6mVrFrm+6CU44JAzKN9ERUelxhSQKi/dsDR773wt4jsAt4SLBRrs19RC2fkYnxZgC/LzNZKXXY3FFb06uwheJjGOHyeQJbGpaV3hlelhOSV1UF2JAB8v6d8+9+S+b666EcpQ70JtxtA8h1s30hqhTKgYdRYMPfz7lqKXvact2NBXlqYRPod5cLW7lYBb2LzqTk1D44d8cwDknX2pYQJpgeFwJhB6SO9mF/Ot+jk+jV/CxUI55DPd` | -> | Australia Central 2 | rsa-sha2-512 | 12/31/2025 | `jDCUSB/oiZWdbT9D0ut2YeWp4Tc9B2sRkLckc89GyOQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCxq8t20rSdPNg8/wq9IHPFWonfXAbJgiRtnBfsdXGq42Mecyx8CMm9i+TUbKdNq9JjEay4V7R6A41tpCDiAhKF8Lm0LbLU+xMti2VGudCBoxhLw2Zwhw0LDP4JO+S9gzh6eWeEkLZqQH8EyxQg0RghwumAyEFl3xkeAsM1lDMuKqVPPluc9x1j3vGU3C1UpUBNFSYs4BtgcqFRwnMS2P4bYXkT7HJFuXTIZDIcxMAAv9mF5nHw8xyzHcug88OW1cnqW0HLBDFpjE2FCAuStu5qIydSDf8+4WlgcaSfYHe4WM31fDMYARCm68qVhriMBvlByhlgJPjhP3kkNiCsxm35` | -> | Australia East | ecdsa-sha2-nistp256 | 12/31/2023 | `s8NdoxI0mdWchKMMt/oYtnlFNAD8RUDa1a4lO8aPMpQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBKG2nz5SnoR5KVYAnBMdt8be1HNIOkiZ5UrHxm4pZpLG3LCuzLEXyWlhTm8rynuM/8rATVB5FZqrDCIrnn8pkw=` | -> | Australia East | ecdsa-sha2-nistp256 | 12/31/2025 | `qLI4Er+3h7wEuAuMSWffpVJnckWm9egyz7ciWi4+GqI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ5v4o12sOOmXEW0s7nd6hjm7s2R6psCu+J3XYYV90Kan31EIqQvLOVR+/ScRzR2ZWrglvHbZ0p3BIS9b+Qmuco=` | -> | Australia East | ecdsa-sha2-nistp384 | 12/31/2023 | `YmeF1kX0R0W/ssqzKCkjoSLh3CciQvtV7iacYpRU2xc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFJi5nieNPCIxkYS7HKMH2fQgONSy2kGkViQucVhWrTJCEQMVz5peL2JZJFjf2a6zaB2olPaBNEkeuJRHxGyW0luTII9ZXXUoiGQH9l05B41mweVtG6pljHfuKQ4HzoUJA==` | -> | Australia East | ecdsa-sha2-nistp384 | 12/31/2025 | `eHy1DetHa/RbyledxIW22WT8Da2fqrnO9QVvzA+1AlI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBPKT9YkKOum0fA9ys/jDM6EKMs3WZj4FEsizY+lCF15RNRP27pTeUeksBeiBVJLJNxpDkxealP4kKTDAN2rO5KMcIjrfcaNpBfnhgg5u0E8tPjZgKTsFiWW4bRCKQ4MBaQ==` | -> | Australia East | rsa-sha2-256 | 12/31/2023 | `MrPZLU8llsG+SzgBN8eH702H4zuynyYgqqQLQmWGDEs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDsRwHZ+DKINZZNP0GO6l7mFIIgTRnJy7ikg07h54iuk+KStoB2Cwppj+ulPs0NiR2RgAsP5nchWRZQysjsfYDui8wha6JEXKvWPlQ90rEYEs96gpUcbVQesgfH8ILXK06Kn1xY/4CWAHEc5U++66e+pHQulkkFyDXTsRYHsjTk574OiUI1` | -> | Australia East | rsa-sha2-256 | 12/31/2025 | `O4+QFg7TgHTwoZ1asStdM+7ASB0kZ7Hr2BrC3pmTwZc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDLZNGWVC23V6iawz7XwcbwH7OcxNCl5mMKrQQPQLBqsf6uWMcIA66tV+Gwy7mOVztGEa7qb29MUdjKeIXD1je1THq/usWe8XaXCvIH1YueWx21ANCuo9YGrpRQLHTIu01SBeiFMsS4ZdMcTn1R2wEwxRR9awZ5Z24/iScJE/38M7WO9LtttwpOcFE1E6BGbdAbBtvpB55/1pRhLV4InwKULagNHkys6vqZ0TawgU1Xnfmvd2VfXREDkVqEcYKt6o1fEyD2ietUOqU0WOsNDIgXq87xDfY/D9i+3RD/mwHM6OzOCTF9lJIjJxCNAqohnP9A6VyKyWO7vtFvhN774d6V` | -> | Australia East | rsa-sha2-512 | 12/31/2023 | `jkDaVBMh+d9CUJq0QtH5LNwCIpc9DuWxetgJsE5vgNc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDFHirQKaYqkcecqdutyMQr1eFwIaIM/h302KjROiocgb4iywMAJkBLXmhJn+sSbagM5tzIk4K4k5LRjAizEIhC26sc2aa7spyvDu7+HMqDmNQ+nRgBgvO7kpxVRcK45ZjFsgZ6+mq9jK/eRnA8wgG3LnM+3zWaNLhWlrcCM0Pdy87Cswev/CEFZu6o6E6PgpBGw0MiPVY8CbdhFoTkT8Nt6tx9VhMTpcA2yzkd3LT7JGdC2I6MvRpuyZH1q+VhW9bC4eUVoVuIHJ81hH0vzzhIci2DKsikz2P4pJT0osg5YE/o9hVJs+4CG5n1MZN/l11K8lVb9Ns7oXYsvVdtR2Jp` | -> | Australia East | rsa-sha2-512 | 12/31/2025 | `f5+TI5gN7KXS/ofLDLeS+6d7rzChq8SrZMKr3+ylPFQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCrhphicX/V87bso8jPZG016Hez0oNP7CvJXDlEZRIkuJlX0wRorD0u7iyyJSXbFZsSl20H6idsNae0ljy/MUfBfb6nV4LXdV8SRSY2QExrd6sMiMgESpfTaXIM8YI/2B9Kyrx6AJBTuNMQACvq8VoBziNGoWhhCO4Mj5fwhDB6vNF3A0Of3qvh/mmMBpY/B/Ud4SwaoGxrP6vwvoB1S7RLQSDdjR1aeGwtWrxOnx1ReD3TsV3FYoj1Ot3LLySkPYF8eDVrnz54U/XJocta+bWdpgyxne4cNULHAyxtuTdvNo3eoZszUdZ8h52dEckhva1ud2eAMvq4xDbaBSIfW0Hp` | -> | Australia Southeast | ecdsa-sha2-nistp256 | 12/31/2023 | `4xc49pnNg4t/tr91pdtbZLDkqzQVCguwyUc16ACuYTc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCdswzJ+/Bw5ia/wRMaa0llZOjlz67MyZXkq7Ye38XMSHbS4k/GwM0AzdX+qFEwR00lxZCmpHH28SS+RyCdIzO0=` | -> | Australia Southeast | ecdsa-sha2-nistp256 | 12/31/2025 | `ieme9KpUiNa0zSTmW/zlYeiyq3yu4GwD28n3Le+Fwpc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFbcds+lsX2tixQjy47ZumhpAIvp0ojjVEOTnyKgMRYBbT6AOyjrk5ECbK5s1W79bTtZQQt4xmnfUXUkm0JvB9I=` | -> | Australia Southeast | ecdsa-sha2-nistp384 | 12/31/2023 | `DEyjMyyAYkegwLtMBROR/8STr1kNoQzEV+EZbAMhb1s=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJRZx6caZTXnbTW/zRzKfoKC4LGzvD5fnr2p8yGWxDq27CjUEMxkctWcT6XS3AstF2MLMTOFp/UkkSr8eP0vXI8g99YDeFGXtoBiFSIgYF2Aiu/kpfEu3feiIUl3SVzxKw==` | -> | Australia Southeast | ecdsa-sha2-nistp384 | 12/31/2025 | `YinhhlbjexJimlqKzOetdTlg+oP7sDVf3pjBZcUMZlU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKvI6seG26Vpmcc2WksGHHKnp4JSeDVJ3UvN3j4QoLrBGzRe1qx6IAMQuygggVCU54cGxkiPzci+NV6fl3Nw6uXMdyR2AP76yWbsYvk1nUnhsG83oVjucz9WsXjsl/dDNg==` | -> | Australia Southeast | rsa-sha2-256 | 12/31/2023 | `YafIMxux7NtoKCrjQ2eDxaoRKHBzpanatwsYbRhrDKQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC7omLu37G00gLoGvrPOJXpRcI5GTszUSldKjrARq0WeJIXEdekaSTz5qv2kSN/JaBDJiO9E4AJFI9q5AvchdmMVs4I59EIJ0bsR9lK+9eRP4071EEc8pb3u/EPFaZQ8plKkvINJrdK6p0R2FhlFxa7wrRlKybenF1v7aU3Vw79RQYYXaZifiNrIQFB8XQy3QQj2DcWoEEOjbOgZir9XzPBvmeR8LLEWPTLYangYd3TsQtybDpP6acpOKaGYDEyXiA8Lxv8O276LUBny6katPrNvfGZScxn6vbTEZyog+By8vyXMWKEbC1Qc/ecBBk5obFzbUnq3RP1VXLJspo99cex` | -> | Australia Southeast | rsa-sha2-256 | 12/31/2025 | `xmdRGjdB8ODcmg68eG+/dplKKKfOSEAXtXAAXYaQxsk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCzYBSvVIo2FgllCfeH6xerVZf8jxxYsZiTcRvojdlB8b0/n2/BISx43EtAmFudQ3dJ3Phc+U81CSgfr3Y9dWbfXsbpF5G41hVrGjpmR7u8ZYx/u3B2t+ymMatNytsNpHiUqKf1TR55jQqjhIctbbn9poyb43H6MLsxsLxvmFN21jwp1N3uHuBJ4fHJraa+QOIfcdGw6hSCuSAXdlbUVVXiF8U+MB28wiXuKsv7TFPHsNOyslre2P0MxQt5E8w78bpx8DGor1yvvFo4qNcmXqrc3cZfmfEB8sMCRGqgWisieu+bAOtCkK8mMjopArQBYjuOLms0qpIKwG8m0jttQCuN` | -> | Australia Southeast | rsa-sha2-512 | 12/31/2023 | `FpFCo9sNUkdnD1kOSkWDIfnasYhExvRr1pJlE631QrA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDmuW2VZAhR6IoIOr32WnLlsr/rt3y4bPFpFcNhXaLifCenkflj9BufX3lk5aEXadcemfKlUJJdwBTvTt1j4+X3P2ecCZX1/GSsRKSTuiivuOgkPxk3UlfggkgN9flE9EdUxHi/jN/OQ9CjGtHxxk72NJSMNAjvIe0Ixs7TfqqyEytYAcirYcSGcc0r70juiiWozflXlt+bS7mXvkxpqMjjIivX+wTAizzzJRaC6WcRbjQAkL2GP6UCFfBI1o9NBfXbz+qvs1KTmNA0ugRQ7g6MdiNOePHrvoF1JgTlCxEjy+/IqPiC8nNQUVCW6/gcATQoDQn0n9Lwm1ekycS35xEh` | -> | Australia Southeast | rsa-sha2-512 | 12/31/2025 | `aJTfDB4bKb7ZXnNHf/rQpqn60uHNsDdaqrvsTqIK0wI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCfeIyKblF1xo44RVh/bFm1DYxI9l26h+tT5P7qBqZztZ2yT3tLUkru6dKbkT8epNhTP4e0NDZl/WlIsleCmzCRfHnFYit+riYnskJBP4wcBDkDmQLBQiKcPhMwwCXsijWisHsc0PrdfSwOAhGllsJTy7FsKfYyCRaeLEq8AszNSwfgjMlLxytTEyKNMRZhTq6udY+8u2OJZaOveiKCyw/PRD64kR6DONcHMc+y157UaDIfx6nZtQ4O8T0akM+s5J3xnhUOQH2J48+QBN8l4y/cX65quyW7zqN8pxR2N8CK498p6eWan94visO/evOhnlLPAMR1V+cd0soVxyKt5Qlp` | -> | Brazil South | ecdsa-sha2-nistp256 | 12/31/2023 | `rbOdmodk5Aq+nxHt04TN7g6WyuwbW5o+sDbj86l6jp8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNFqueXBigofrM5Kp2eA4wd4XxHcwcNgNFWGgEd0EoNdKWt9NroU47bN43f79Y5vPiSa4prKW1ccMBl40nNN4S4=` | -> | Brazil South | ecdsa-sha2-nistp256 | 12/31/2025 | `hKqaUmDSKTLOZ4e558z5EBbcsLClt6uZ9Gl5dNQD8X8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPoLBRafaKd+jqxNF+AygWL/E8CA7Bc398nruOHSyXLQEDRPvNbNzVEXeK4BbhuQxPZWZV8gtWcYcJjSGCRUX3g=` | -> | Brazil South | ecdsa-sha2-nistp384 | 12/31/2023 | `cenQeg58JZ+Dvu3AC7P7lC/Jq7V3+YPaS37/BBn3OlQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBHBhfnlfXV9/m6ZgOoqmSgX3VPnRdTOraBhMv8v7lEN1lWwyBpiWepu52KS0jR1RhttfXB+n+p6i2+9djJ1zT7fHq4sNn/d/3k2J6IjJlymZ32GwPvDk+fGefupUtabvRQ==` | -> | Brazil South | ecdsa-sha2-nistp384 | 12/31/2025 | `cMW9MxGhPxMZQj34L0PTuEcPUVds74cuC0rJ/nBv1hQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDb+/ZDeuja6wcxVJVSNMWylUTItczguOMOsqyVdhJp2A3AevWHCo7edA+7Hl8fHouzdGsamlxDOwv3/fvL/a3DLtNyr9q7/sEaEr5wll79PhKLgq4VqZzm91VXN3y9DJw==` | -> | Brazil South | rsa-sha2-256 | 12/31/2023 | `qNzxx1kid41tZGcmbbyZrzlCIPJ9TFa20pUqvRbcjro=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC04g5K8emsS4NpL6jCT3wlpi6Msb5ax6QGlefO3IKp3wDKWAEqN+PvqBdrNp1PsitTKeyRSCLofq9k2wzeAMzV2n3UVqmUpNf9Q0Yd8SuXPhKG6VhqG2hL5+ztrlVTMI2Ak18SLaAEA1x7y9Z1lkEYGvCzJQaAw5EG8kd7XHGaI9nSCJ7RFOdJQF/40gq8z6E+bWW9Xs55JpWQ0i44i/ZvQUEiv5nyAa7D86y23wk1pTIFkRT99Kwdua0GtyUlcgCRDDTOzsCTn4qTo/MAF1Uq/ol4G0ZxwKnAEkazSZ1c+zEmh6GJNwT64nWBZ+pt5Rp3ugW+iDc/mIlXtxEV2k7V` | -> | Brazil South | rsa-sha2-256 | 12/31/2025 | `XGzPXMnOOBOE6DKAtYZDL0J/p33FDBqYvtoI8d8iMo4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDQkgaV5fCbgfaq099rXhqysOfNdFgVqMpNPbaMVyuTrO3zu6TQ3qPUylUaihFK2EBtiIaTlnfqCg3lmdydojez4cJnRV1o9i72LnFTJm1bMVNYA5RtNrJUIZQ0dpCjlJHmsQnjTCC2nfaamR0vqA3u6/KTp8rMMA1eKkvPRWlcXo/7l+ZdPinrfpzZ1KL1F8RYv7wRzrEdFi+u1gmzw5a3X6R6W45r9R/nvj3xiEDr9D7NUAztCJZcIX6GPmInGNNA66q81cRmO3aaJj2LaYeXd9BLblvXcupaZYcV9//tLF3WL0JGu635O29JerlH8VHP7Q09PFQfSfRXR1KHQs49` | -> | Brazil South | rsa-sha2-512 | 12/31/2023 | `KAmGT8A7nRdxxQD7gulgmGTJvRhRdWPVDdagGCDmJug=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC6W0FiaS21Dze6Sr6CTB8rLBu1T1Zej+11m7Kt283PSkQNYmjDDPUx0wSgylHoElTnFcXG+eFMznnjxDqkH+GnYBmlpW3nxxdTYD/MrdP4dX9ibPCFjDupIDJ4thv+9xWCw/0RpGc1NlUx2YmenDVMFJtYqjB1IDa2UUEeUHeQa1qmiBs1tbBQdlws1MCFnfldliB5H+cO4xnbAUjOlaa01k7GKqPf0H75+R83VcIcFw8hSuCvgMT+86H6jRRfqiIzE7WGbQBTPQs0rGcvxcGR3oGOmtB2UmOD232XTEk+sG3q2RxtPKWTz8wz1Tt2c1BOxmtuXTtzXnigZjB2t8y5` | -> | Brazil South | rsa-sha2-512 | 12/31/2025 | `c/BRQKWsx7emZMCDznUYFq4QgjqN3xY7oBdDXLbEFu4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCqu2gYqpE6pzLaaxbuN92SqpXcekRolPVC5BMFplaBVTfmyyw/SfaRbVQRAzXjjALjAxIrnPCAXOU1Za6FOwww6cUuex8F/5gIFIqPrQAKOqsOr6jj1cgS1BzvZyz8cbpL7Ovxf/hzmFl+SKoeDsPaLG6WcfitE13K9aPh0JacOSakTnPR82UpqWil3Dt24/gBUeKCUMTETaFK0N` | -> | Brazil Southeast | ecdsa-sha2-nistp256 | 12/31/2023 | `dhADLmzQOE0mPcctS3wV+x2AUlv1GviguDQgSbGn/qs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPYuseeJN3CvtyPSKOz5FSu7PoNul+o6/LB62/MW9CUW+3AmqtVANVox1XQ8eX/YhL0a5+brjmveZPQS6M09YyQ=` | -> | Brazil Southeast | ecdsa-sha2-nistp256 | 12/31/2025 | `waYY8zhE779/EFR8KCFsFx1by1jhT73Q4qfjLtfAZmU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHzDBumEcvBf0+y8zqSKlknaasOFOOPL+b8RSVycYmkR3CGsqb7QVRZGzhZnYOogynbbKlWtrGRiMMQNXp+FgeY=` | -> | Brazil Southeast | ecdsa-sha2-nistp384 | 12/31/2023 | `mjFHELtgAJkPTWO4dc7pzVVnJ6WLfAXGvXN1Wq2+NPs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIwFI6bRmgPe0tN7Qwc03PMrlpBn+wBChcuofyWlKVd/Ec6t2dxHr/0ev0dqyKS2nbK7CAOQxSrV1NVYnYZKql/eC2sPqI1oxz7DzUtRnNKrXcH714ViN3RIY3DZA6rJOw==` | -> | Brazil Southeast | ecdsa-sha2-nistp384 | 12/31/2025 | `LAPvDR8i5PsVJPSiMYN0pSNFz1axBwiYl2rNaOPzB2o=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJ2ZemQNN0FTdJXTb/zbuN3FzRD0oTtP5cLvNoNc6FZ2cTwJRZOtMwOZYuSxEC1FQk6Hw+jWq+ZGz1nmu12ohCeuVZbKo6hvdzOS0WEzTJ0wjVPDG30a8iBV8yTZtw3Kkg==` | -> | Brazil Southeast | rsa-sha2-256 | 12/31/2023 | `D+S7uHDWy0VPrRg9mlaK70PBPghBRCR1ru/KEsKpcjA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCz86hzEBpBBVJqClTRb7dNolds/LShOM4jucPRawZrlKGEpeKv70Khk8BdI4697fORKavxjWK0O9tQpAJHtVGSv3Ajwb9MB7ERKncBVx/xfdiedrJNmF0G+p97XlCiwkAqePT/9IFaMy1OFqwl6LF7p7I0iBKZX0UgePwdiHtJnK0foTfsASNY4AEVcXHEuaulLFJKUjrr6ootblEbPBnC6IxTPj9oD+Nm0rtlCeD5JtCRFgKUj3LWybEog/AnnMNQDQ+vMPbsCnfsW/J/HQc+ebx3NtcumL+PIxqJw2Pk6mRpDdL+vs2nw/PtnPkdJ7DjIQYLypBSi3AFIONSlO15` | -> | Brazil Southeast | rsa-sha2-256 | 12/31/2025 | `TatDYCAIu5TTBVlcv3TcZgBQft07KeMzSxxXIAeMpQc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9U3Bn/r8jYrJC+D0OVC8dK7+K1HVIaVqomWsXZv92iZC5xEuhnf9vQb0Qz+0vfWQn78G7pJ9O+HkEmx0TjSdHvA0rcXUDHoutJxry+OzDWPAoLnogkCs5EvqyQW8NAqZr69gYHLSx5aCV/ys7og7rmXD/mEylqfGc5BfEXDq+zfLVJZXtPta5D6/ZMH5YjggjHLNy1J0nw15/UMjt5KvhyIJS3jt3uYQymwvZBnNU33ZMPRm2lfpP+GGwDRBHv+/pA8ZaG1f5OHxJ2teEUXcQzL4jhWiIwAeeWlfD2JF1tZ2IlI1ei92Rtv0WyyZ64bqSW4E/eRew7p8slwMKzJJ` | -> | Brazil Southeast | rsa-sha2-512 | 12/31/2023 | `C+p2eAPf5uec0yG+aeoVAaLOAAf0p8gbBNss3xfawPQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDV3WmETlQwzfuYoOsPAqfB9Z2gxsNecbpuwIBYwitLYKmJnT9Q3SNSgqnBiI1TKWyEweerdQaPnEvz9TeynGqSmLyGT0JJXQXFQCjTCgRHP4WD0Q+V7HWHnWYQ5c2e8tKEVA1jWt57dcrFlrGKEsywuMeEX21V13qQxK2acXVRWJPWgQCVwtiNpToc/cILOqL5XXKnSA81Ex7iRqw8QRAGdIozkryisucy+cStdJX6q+YUE5L62ENV8qMwJdwUGywEpKhXRg5VQKN0ciFqvyT/3cZQVF+NkUFGPnOi0bk4JzHxWxmQNTIwE7bmPsuniw5njD3ota/IPUHV2og190Xx` | -> | Brazil Southeast | rsa-sha2-512 | 12/31/2025 | `QcySGI6X4F0GEHlkGj1MobZV+GGmy95/wYEYjyw0ORc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDwoCo/GZb1f/CnfvCBBuMODKxyPCmYM0wBafuKKKRrH+Jl1Ek0Qfgkuaa4GUYO+klyqxV5t+J6zVECEHQ6on6AXUJRO2/+zg2oYjLGSMQVvzE2pRj5+l2zOuZtu0p60MIYf49AZS7MDGRDBZBxcPxiNiUdKMD6D5h5zsMcNe28/CkRDdvOrORO8XPCKgNKFcGjSORKpRCuSn6NYQ6hx7lBuXnO6n5KfCjLH7+kRBx44kSBnHF7fEMhdzTh0tOdGJfRAl+YAK6T7m4FxwrJa1RaLyCKQXlK32y6h14WDRu2sHzfsJhTPuywJLvJvJ/ZzXtPKu/GGR+zR1RQiABc6krN` | -> | Canada Central | ecdsa-sha2-nistp256 | 12/31/2023 | `HhbpllbdxrinWvNsk/OvkowI9nWd9ZRVXXkQmwn2cq4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBuyYEUpBjzEnYljSwksmHMxl5uoErbC30R8wstMIDLexpjSpdUxty1u2nDE3WY7m4W/doyXVSBYiHUUYhdNFjg=` | -> | Canada Central | ecdsa-sha2-nistp256 | 12/31/2025 | `7QJ5hJsY84IxPMXFyL1NzG5OVNUEndWru1jNBxP26fI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAGEx7ZWe5opSy1zUn4PNfmAvWmTVRRTq2bwoQ5Dibfsr1byd7IIkhD5+0P5ybtq1dEdxh9oK2IjFSQWzj9jFPY=` | -> | Canada Central | ecdsa-sha2-nistp384 | 12/31/2023 | `EjEadkKaEgaNfdwXtzlqanUbDigzsdzcZJeTzJfQXP0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBORAcpaBXKmSUyCLbAOzghHvH8NKzk0khR0QGHdru0kiFiE16uz9j07aV9AiQQ3PRyRZzsf+dnheD7zuEZAewRiWc54Vg8v8QVi9VUkOHCeSNaYxzaDTcMsKP/A7lR2AOQ==` | -> | Canada Central | ecdsa-sha2-nistp384 | 12/31/2025 | `xqbUD0NAFshX0Cbq6XbxHOMB+9vSaQXCmv/mlHdUuiw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBmGFDJBLNDi3UWwk8IMuJQXK/927uHoYVK/wLH7zI7pvtmgb9/FdXa7rix8QVTsfk8uK8wxxqyIYYApUslOtUzkpkXwW9gx7d37wiZmTjEbsvVeHq+gD7PHmXTpLS8VPQ==` | -> | Canada Central | rsa-sha2-256 | 12/31/2023 | `KOYkeGvx4egH9DTGgxiONDMvSlkEkoU8cXWnynOEQRE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC7jhZvp5GMrYyA2gYjbQXTC/QoSeDeluBUpji6ndy52KuqBNXelmHIsaEBc69MbixqfoopaFyJshdu7X8maxcRSsdDcnhbCgUO/MnJ+am6yb33v/25qtLToqzJRXb5y86o9/WtyA9DXbJMwwzQFqxIsa1gB` | -> | Canada Central | rsa-sha2-256 | 12/31/2025 | `sjyXW72mkYFHJsn3kOW9jTj4eigLiltCg7gBzUC50F8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSiEoTgcdpkDMTugT+lzCFwFIiwYocqCLxjr01TOHG4X1ieqOphVa0+ccHT5ptNZAc1Wj6Rtxl4XYeyW2Hsssd0fKY/S9z9tqbFf/j8M36/D3h+pns0e3qWZ9BQstKQryRgvVhok5Je9mPjv27nJD4kSzJcK8+APYMNwESXbLSeZ1llvvYgdrWmJ/aZhoNEVXfjMfwC0SgnhTO47977mBtxJXz6i0ApDa3Lc2xvIdMMsufjiqeLyQrjwFsMB09N43PanFKw/QL4xWaUygAlV5yEuMdKn4tY/yLETUiEliaIkNW2hoYFDLj+TeVtjgX2ToVSYJ+xik9XDimFmRW7I1` | -> | Canada Central | rsa-sha2-512 | 12/31/2023 | `tdixmLr++BVpFMpiWyVkr5iAXM4TDmj3jp5EC0x8mrw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNMZwL0AuF2Uyn4NIK+XdaHuon2jEBwUFSNAXo4JP7WDfmewISzMWqqi1btip/7VwZbxiz98C4NUEcsPNweaw3VdpYiXXXc7NN45cC32uM8yFeV6TqizoerHf+8Hm8avWQOfBv17kvGihob2vx8wZo4HkZg9KacQGvyuUyfUKa9LJI9BnpI2Wo3RPue4kbaV3JKmzxl8sF9i6OTT8Adj6+H7SkluITm105NX32uKBMjipEeMwDSQvkWGwlh2oZwJpL+Tvi2G0hQ/Q/FCQS5MAW9MCwnp0SSPWZaLiA9EDnzFrugFoundyBa0vRjNGZoj+X4+8MVG2fYgOzDED1JSPB` | -> | Canada Central | rsa-sha2-512 | 12/31/2025 | `z8Uq32MaJlqeL8bFNdJU55tq+gj6D9gwzQG1Cai1IHg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDs7iqGJ3oYF9ptVmzR5yQodggMFn7zAIu7XlZNqJk/BR3bQ/gG/ogtGg+893aQCcT8/6joGu7SUgFKJeS8L/N9fg+h0SCdq5Iu/p0kbURvtcR4+qyeH6WIaagAPNaPYf7p33QCzFvu0Izia5nleOfpnvTgGN0eVrDYmP4TemVHK/LJs3GB7U3YAztK9mDJtGjTjNnHYsxwlNvfZBr9eVNr1ebN/YvN9e9qSFAPdQnQa4bzEa2PeHYWVAvLjzPIHM3m0K+PxeWINSlZrLn2/RcjGV8F0jdUj3fGEohF9Ui4IPIDtP1WGx48Iw20DB5lERiOcWT2Ps9RPzC2gIY0OUl1` | -> | Canada East | ecdsa-sha2-nistp256 | 12/31/2023 | `YPqDobCavdQ/zGV7FuR/gzYqgUIzWePgERDTQjYEE0M=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKlfnJ9/rlO5/YGeGle1K6I6Ctan4Z3cKpGE3W9BPe1ZcSfkXq47u/f6F/nR7WgrC6+NwJHaMkhiBGadEWbuA3Q=` | -> | Canada East | ecdsa-sha2-nistp256 | 12/31/2025 | `ppta3xQWBvWxjkRy0CyFY6a+qB3TrFI1qoCnXnSk3cY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIb5mteX+Vk00D8pPmjYuYBqC9g1xdmN8e3apdsXBucC8qXx9qug7veSex0/NzkTu00kIVVtvW+4LFOvhbat5Y=` | -> | Canada East | ecdsa-sha2-nistp384 | 12/31/2023 | `Y6FK9rWscBkyKN7mgPAEj0jKFXrv4mGNzoaZ9ttc4io=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDS8gYaqmJ8eEjmDF2ET7d2d6WAO7SgBQdTvqt6cUEjp7I11AYATKVN4Isz1hx8qBCWGIjA42X1/jNzk3YR7Bv/hgXO7PgAfDZ41AcT4+cJd0WrAWnxv0xgOvgLKL/8GYQ==` | -> | Canada East | ecdsa-sha2-nistp384 | 12/31/2025 | `RQXlsP8rowi9ndsJe+3zOl87/O2OOpjXA/rasqLQOns=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBO3mWu+SY6u27HQuJq154HCTrGxVsy9axbwTdVXFvgV1h1uhpIdgAZDL55bDe7ZPmB0BPirPas/vUQyG8aGDNAZJn1iinq/umZegYb0BCDthR5bPi7SPb3h7Qf6FN4dXoA==` | -> | Canada East | rsa-sha2-256 | 12/31/2023 | `SRhd9gnvJS630A8VtCYMqc4djz5R8EiG7spwAUCYSJk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD2nSByIh/NC3ZHsjK3zt7mspcUUXcq9Y/jc9QQsfHXQetOH/fBalf17d5odCwQSyNY5Mm+RWTt+Aae5t8kGm0f+sKVO/4HcBIihNlAnXkf1ah5NoeJ+R0eFxRs6Uz/cJILD4wuJnyDptRk1GFhpAphvBi0fLEnvn6lGJbrfOxuHJSXhjJcxDCbmcTlcWoU1l+1SaYfOzkVBcqelYIimspCmIznMdE2D9vNar77FVaNlx4J9Ew+HQRPSLG1zAh5ae1806B6CHG1+4puuTUFxJR1AO+BuT6fqy1p0V77CrhkBTHs8DNqw9ZYI27fjyTrSW4SixyfcH16DAegeHO+d2YZ` | -> | Canada East | rsa-sha2-256 | 12/31/2025 | `Xu6BiQYqbw7D0gTh+OZaARgIVYWTFlkIC+VNpuBOPF0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDCTQXQ0rFbmzK66YlBM5nA+413ZBtj5aWZBh9w1pPjmLRwuDtM+PgW6LSbWzC9TR0OkH0oinW4ARGTmECWs4oi5EZSwC9t45GUF3jYbsGfEzfOC51elTmYEA00IjAXVuBMQQ8/dZehuBXsGh6frtVpDus6f4lmfWLyrGGGo5gjrwzmQOw8lWXfMGohzM04qtqu2M18wNb17JraqrDQr6q7Nbpt/dRrjWmqpkOwCVALH27BiHPypCy7poCRyH1s5eakM20AC99Dl7XTDCGfaySPVIt0MdZDL59BHkyY55zjGaalQTxVXIISLg4kkdVMZ8iCvjFp39Ejy9j3oroQMSD1` | -> | Canada East | rsa-sha2-512 | 12/31/2023 | `60yzcSSOHlubdGkuNPWMXB9j21HqIkIzGdJUv0J57iY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDDmA4meGZwkdDzrgA9jAgcrlglZro0+IVzkLDCo791vsjJ29bTM6UbXVYFoKEkYliXSueL0q92W91IaFH/NhlOdW81Dbjs3jE+CuE4OX5pMisIMKx45QDcYCx3MJxqZrIOkDdS+m8JLs6XwM07LxiTX+6bH5vSwuGwvqg5gpnYfUpN0U5o7Wq7H7UplyUN8vsiDvTux3glXBLAI3ugjn6FC/YVPwMOq7Luwry3kxwEMx4Fnewe6hAlz47lbBHW6l/qmzzu4wfhJC20GqPzMJHD3kjHEGFBHpcmRbyijUUIyd7QBrnfS4J0xPVLftGJsrOOUP7Oq8AAru66/00We501` | -> | Canada East | rsa-sha2-512 | 12/31/2025 | `9WgdJJpcIgUfdOMQ0R9UCtYejScPaEk1/6mr0P/pirA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD2M/EM3gDr5tFjQlc/Fe+cyJhu3c/oVT7HnpHVLHLeSMaT6QM9j6XX4kfH9Vwsv6FaOFjDBDTWTWF/UY1KrJJl3beUwNLeEIDs8TY8x/lPd6cjAVNanGmrqPgeErIfTxOS1cmAV6AamTJKgrRLJkpoqZcEZ1+1ZF+SoRTAyPG3BP8L8V9VQa8mnN6Wn+vPbTc1vxyx4jXLWyPmPjFXnOJW3l/gJUTEstDoDA1V85OAwVg9TTkfweT7DhnbrM5OjpG6VaTfFTivAwK+SLhyzKtLHoiMf9Ps1ufRVZJGj7NnLQrYALdOVVNRlRkYXxiwTeHIHYHDeZnorZwj3PJd8Tll` | -> | Central India | ecdsa-sha2-nistp256 | 12/31/2023 | `zBKGtf770MPVvxgqLl/4pJinGPJDlvh/mM963AwH6rs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBjHx8+PF0VBspl6l9Xa3BGyJwSx2eDX0qTDnhrdayzHMWsHGX3vz0wr7oMeBVdQ26dOckExa6iPrEDSt8foV1M=` | -> | Central India | ecdsa-sha2-nistp256 | 12/31/2025 | `rHRhvRfgmqyom1omCeSUGYj7WGA4YjMeFl+UqwAlaC0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDdtXYbiF9jmvUF2CCOoI5KbFNXpSvzLDN0onfcToVHqOg5UOiDng3KLU/CfPBKrnkpJSYwuAXMHkz6ZndjsZEU=` | -> | Central India | ecdsa-sha2-nistp384 | 12/31/2023 | `PzKXWvO/DR/KnUElcVWIwSdabp6ZJqce37DJZzNl3Sk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJwEy1f+GYN4rxhlCAkXGgqAU1S7ssI4JPEJs8z1mcs8dDAAVy1cqdsir9yZ9RSZzOz/BOIubZsG137G2+po0Pz0FfJ0jZVGzlx1UHXu7OMuKQ7d2+1TkPpBYFy6PiCa3w==` | -> | Central India | ecdsa-sha2-nistp384 | 12/31/2025 | `r3wp9j9FCMQUljrxkegRavGW8rHGYWLrdnjhEvD+qX8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNtvF355mm7qAbl0aMHb8mDOj/4ZOw4DDyW5JXCW/+JTKMuRDY1IcYUx4BHV3F8C4nnFKvO5pPmUMmutQlPbnO7GLTGPbkkbTE97ukOnaE8zygggv2IL8o8ly+IScngaQg==` | -> | Central India | rsa-sha2-256 | 12/31/2023 | `OcX6wPaofbb+UG/lLYr30CPhntKUXyTW7PUAhC6iDN0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDWuKbOJR8ZZqhE3k2HMBWO99rNWoHwUa+PVWPQHyCELyLR19hfrygNL9uugMQKTvPYPWx8VM6PrQBrvioifktc/HMNRsoOxlBifQETfRgBseXcIWorNlslfFhBnSn6ZGn8q4XICGgZ1hWUj9z1PUmcM2LZDjJS33LLzd23uIdLePizAliJAzlPyea8JNpCVjfmwnNwtuxXc48uAUXlmX+e0ZXRwuEGble8c1PbrWWTWU4xhWNJ+MInyvIGv9s6cGN7+fxAFaUAJS0wNEa3poCnhyNxrckvaqiI3WhPQ8Hefy2DpXTY03mdxCz8PZPcLWdQU3H5nmuAc/pypnc0Avax` | -> | Central India | rsa-sha2-256 | 12/31/2025 | `i5Zac3+f2G320lSm0K8y+6viEGtsl6qCYMMpgVTcy64=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCjAJLsxbTma6wk7woZqkdhYdXNMI1HBklRHXXlgMdsu7wIOwlyzKAGRjFp5xG/FvWoGlJOUjd2xAg5zUS7CKRP9CHoKPfj+0M+LJUXKFabcIP3ibg2IWKiIVc3B+C76YUwz9J6vHrjinlVH7fJ3DU/71RcFwNTVS+MlWC+Z7rhZ3p/V7BGRXIA77lBvs4iXiXTmoIC4JqnscJqR/53zaCY0WbdDlaM1jfG1bxTGRSoJIoYoJwIled6fNKFdWscodjgT893mx19c6blfnVbohCWvvhXqmARoeoMFLqEhGitZgyEtW6Nrww+KnQsHt//6slBhkXYCF4t32Jan/Od4coJ` | -> | Central India | rsa-sha2-512 | 12/31/2023 | `HSgc5u8s+QILdyBq6wGJkxRcK5nxj81gxvpkR5bcH6k=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDSO/R/yw8q33yLkSHOw0Bi2WKDWQPrll8skh3hdRUB6wtw9dvtQFEV3suvFJsTVvAbnGBe2Fjgi69X0zkIygxg74XuQsx7GZO6gyaKDwljyanFoCzer+OzFSpDcVJ0zOfhY99uHeYT6k4leb2ngABqjiqieDHMZ9JQX12KOK3cAks/oytrNUo9krGb1Nyv5BYu4dWXHmuFgtigDd043khaARfdWkg88lKgb6G9k+vQTGKphLnFMqhada/aP8GsaA2Dq5d/LH5P5CTU7MRPA8TuuyLOtbv8FtQ2TyaAXhYCplCQELtto1yXZ79WVjQE/uKuX8xK5M2rfOH+H5ck/Rxl` | -> | Central India | rsa-sha2-512 | 12/31/2025 | `ayU+zBGAtHWl//+qIGkX+J2V9HmjLkrFIuouPXpHn3I=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCw2Cg206KXydbvcCXQnMUmF1cJX3duWHQ4tkToq9ne2C28+rb7tPNznxR1tyXEG/in6U7W24QvkwcRiq8yPOjgTOlDUVXyVp5g/JZyElVZkSh22/cOHjwpJyNvqXAW3/8Gy4umrbB+hZhloZVINswKn4H476z7y/bAqZ5xzpEjIoXUkGz3KJvFa6zbAyh4cK9P0BosnXT9CPQ6KEgUmW37HI2GbBfSgg1Oh+hTEWYVMUHQ6lRA+rGVtVo7dtF/Lcq+M2xw9` | -> | Central US | ecdsa-sha2-nistp256 | 12/31/2023 | `qN1Fm+zcCQ4xEkNTarKiQduCd9S+Aq3vH8BlfCaqL74=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN6KpNy9XBIlV6jsqyRDSxPO2niTAEesFjIScsq8q36bZpKTXOLV4MjML0rOTD4VLm0mPGCwhY5riLZ743fowWA=` | -> | Central US | ecdsa-sha2-nistp256 | 12/31/2025 | `qauInQWUECwYnaX7TZX3fiUK8Ik6JvqcHPiGZ3t2USE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNK4jYX7nbriJOOrDSuKDqRIplMn2QXJc1WjTu/nJWVP3Ajq+Q1GhtuFTnVGqTaqhrVnlqwr7z4aPTwb9SKcO3k=` | -> | Central US | ecdsa-sha2-nistp384 | 12/31/2023 | `9no3/m09BEugyFxhaChilKiwyOaykwghTlV+dWfPT6c=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBCiEYrlw9pskKzDp/6HsA2g0uMXNxJKrO5n16cHwXS1lVlgYMK3mmQdA+CjzMdJflvVw7sZO2caApr+sxI3rMmGWCt5gNvBaU6E9oUN8kdcNDvsfFavCb3vguOgtgbvHTg==` | -> | Central US | ecdsa-sha2-nistp384 | 12/31/2025 | `ZEDS1pjRAIEjCgX2QiX+rHtanf5xtfkfoa9bSqt7+PU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDsC/6PC62ViNxNREq5R7gDOijn6iff8JN0tAskmv/GnzOLePqF/h7XFllfUb8/cBO7912wagjKgl/o7t4oGCs2u4qIW5XkJROAM+lNgjBOb8B2GgxUGHThzbd0z70I2kg==` | -> | Central US | rsa-sha2-256 | 12/31/2023 | `GOPn34T1cCkLHO0xjLwmkEphxKKBQIjIf9QE1OAk3lU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC9oA4N2MxbHjcdSrOlJOdIPjTB2LpQUMwJJj+aI2KEALYDGWWJnv0E14XjY1/M35jk8z0hX4MHGE/MEocSsTVdFRdWdW9CKTWT6eICpg9frTj6wfkB/Dxz/BAYb/YXq5OMrFlkFJUG8FMp9N80W6UWichcltmSrCpRi5N3ZGpVXEYhJF+I0mCH7Yheoq2KzIG2iWU/EJT5fui4t51wD8CQ1NWG8/THnNr0gjCr3AtB+ZPAl/6N7i2vO3FlZEHUj6BHoQ4dhIGjGCkgFDNU6RpdifqMJRihP9fSMOq4qksch1TE5sOnp0sOaP/RQvChb4oXB8Pru+j45RxPzIvzzOZZ` | -> | Central US | rsa-sha2-256 | 12/31/2025 | `JfKCn0CJEScjYafW9PpANzQdTnOw/EdN3gJhbMI8gKs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCmhK7qQ1FcvmISoyHhnfTIiH+IelL9xqZaoojvmy0EVhra95YptGOMkTn0CDWICXmVynAE0nBd4MTkztJbp/m+FWyGzKRn/aA4AfAztQSngo0pJm/lFqRCEbVlqpVaYzuG7ev1OL3FFzJnVo5jYMUqfo8VsAC44JTLrDvCq/FLhAqUxfzzluqy5T9GqxvsnV4ghAN9iHpKF3evm0eZHgeqmmgNbNbUGJ5xcR2c1UJ/kuKL5gfiJaVQhBY9Ps7Hj4AmXfUkcKboPbfssmvrhsWnrHUFZV7zs2FHGpZJ+OYwKCnRkNhIcdfgA7qUhnFU6wR8Y/T0Cc1bPLmhqMQ++wsJ` | -> | Central US | rsa-sha2-512 | 12/31/2023 | `VLhZbZjHzoNRMyRSa3GYvk2rgacjmldxQ2YNzvsMpZA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDPnuJixcZd6gAIifABQ377Mn0ZootRmdJs1J3R8/u7mbdfmpX2ItI0VfgMh4BzGEdgCqewx4BjADhfXRurfimuP8P9PLRq89AHX2V+IfeizLZkrnrxKiijjGEz640gORzzwIp2X+bmnBABWzEZjSNOeE3CKVr4ONvH80bYGFFqR4+arOelDqWEgxktM1QBlId7xR7efmtEGAuAhFbZVaqjBNsbqyiR/hlkMQfmWn1bjGSoenUoPojc7UAp9+Xf6ujkhCihRV/O4A69tVvp5E0Qv5MJ1Qj3kzAYbHQcIQ2l47MQq1wdZYxkYBHmH5leAjHgQbbccPalOLSbLRYjF169` | -> | Central US | rsa-sha2-512 | 12/31/2025 | `32PYrgj4NuDRkmx8YFYsHltumXVt1latrxD0JFIA7/s=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDC93zGJh5WJUWl1b7kX89hUDhla14XyiWH5aSiBY39rm2spPCh9kaZZJ20wkLNkUoqKsc8UpD+c7rWlUWKsNlNVhJgTCuvH6CRpZD/BP1qZK0W9NHGDl2VwFdFiVUj0Q4RtI5KzZhY28zo5avq/9FHKEEq+eQxNGz/G9JXmm+R/HjfIF/wfk1MbtISvveCRMyv/6VDCWTlfy5Th25keC+HunvslAfHr+Z1EJp16pOjKWWmKzXyBAOuTPrp8nSjJA9PPBObxzkinBiLsVK7edL3Zej2HPdbqUb959dQtFRqmrG4MKhFcQ8yqBxR1NUoJSwt7sCI4DlBnBjhmJ7By6YV` | -> | East Asia | ecdsa-sha2-nistp256 | 12/31/2023 | `/iq1i88fRFHFBw4DBtZUX7GRbT5dQq4g7KfUi5346co=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCvI7Dc7W3K919GK2VHZZkzJhTM+n2tX3mxq4EAI7l8p0HO0UHSmucHdQhpKApTIBR0j9O/idZ/Ew6Yr4nusBwE=` | -> | East Asia | ecdsa-sha2-nistp256 | 12/31/2025 | `xwUJoTMUBmM81ZmYjjfxfgSE6Yks2woMI2hetcEfU4k=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNlFiBRJEgLR9csCbx7kXJ0G+bPbK0bW09CumJQtdTRVYWKxpMejRY5fY8prqtsQTJ7o5ec2O1Ym4nvjLo2okfA=` | -> | East Asia | ecdsa-sha2-nistp384 | 12/31/2023 | `KssXSE1WC6Oca0dS2CNySgObkbVshqRGE2JcaNsUvpA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNEYGYGolx8LNs5TVJRF/yoxOCal3a4C0fw1Wlj1BxzUsDtxaQAxSfzQhZG+lFCF7RVQyiUwKjCxmWoZbSb19aE7AnRx9UOVmrbTt2PMD3dx8VmPj1K8rsPOSq+XX4KGdQ==` | -> | East Asia | ecdsa-sha2-nistp384 | 12/31/2025 | `gSiSTfoGmkLGgcJ132d+URA3oQ2p/a3pnctN7BC+PJ4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIbUwjm0IuyZV7515jFCyrIsM8KfyBEhT2ZuCASOnMlETbopf/IbFhU/aXkmvUVp81KbcoXQqAiYolDvcnC28HlsXLlYbEQNXVMMNBDJbVAAQv9Odx0+Wn23XHv1bZO6pQ==` | -> | East Asia | rsa-sha2-256 | 12/31/2023 | `XYuEB+zABdpXRklca8RCoWy4hZp9wAxjk50MD9w6UjE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNKlaGhRiHdomU5uGvkcEjFQ0mhmNnWXsHAUNoGUhH6BU8LmsgWS61QOKHf1d3qQ0C9bPaRWMpemAa3DKGGqbgIdRrI2Yd9op+tqM+3hrZ8cBvBCgqKgaj4ZitoFnYm+iwwuReOz+x0I2/NmWUxuQlbiHTzcu8TVIln/5sj+n9PbwXC8Zk6vsCt6aon/P7hESHBJ4yf2E+Io30m+vaPNzxQGmwHjmBrZXzX8gAjGi6p823v5zdL4mq3tT5aPPsFQcfjkSMRDGq6yFSMMEA7i2dfczBQmTIJkYihdS8LBE0Ir5islJbaoPQxeXIrF+EgYgla505kJEogrLprcTGCY/t` | -> | East Asia | rsa-sha2-256 | 12/31/2025 | `Av3JGShpQfhXUp9gKKTqBSVyHZw/+EuGP4Crz9hw1UY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC6MlC6jYSV8yPsEVEi3F15kFdLhcZL5s0LgkoNcNjWL/fEem4i2agaThOJRDI4BEHIsjlQvERxN1UPkQz20LJ208gSfE+VMHg/CbDqWZy2KLWDWF32+/1QizFVfsUv2KEMOce8FohMfqUOfEwrCpGAjvHM+0Fhb2XylELXSHzPntxEop3ZVRv+1HyGIPRF5H5i+FuO4XaWc8COZo6FTnXSeXt/f4nwztPo8pNV2/q3IQWDbQxyhfvmQj6p8ZJyvLZLHd33ouFSvGzYBZwFLzud0l+TMK8nbS1eI24D2GQwhZbdxo/W/X3qkDse2SM4+5VoFRn9w5i96fQ9NALuXX9l` | -> | East Asia | rsa-sha2-512 | 12/31/2023 | `FUYhL0FaN8Zkj/M0/VJnm8jPL+2WxMsHrrc/G+xo5QM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC7x8s74EH+il+k99G2aLl1ip5cfGfO/WUd3foiwwq+qT/95xdtstPYmOP77VBQ4G6EnauP2dY6RHKzSM2qUdmBWiYaK0aaI/2lCAaPxco12Te5Htf7igWyAHYz7W99I2CfJCEUm1Soa0v/57gLtvUg/HOqTgFX44W+PEOstMhqGoU9bSpw2IKlos9ZP87C6IQB5xPQQ1HlnIQRIzluJoFCuT7YHXFWU+F4ZOwq5+uofNH3tLlCy7D4JlxLQ0hkqq3IhF4y5xXJyuWaBYF2H8OGjOL4QN+r9osrP7iithf1Q0EZwuPYqcT1QeIhgqI7OIYEKwqMfMIMNxZwnzKgnDC1` | -> | East Asia | rsa-sha2-512 | 12/31/2025 | `R1a8tq1zGulHLnMhM6C4Ee4Db7s8hjYPeD/ofFLUAvk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCtcwGvbsP+jxy7gsdsXCX2ZAMLsTNE02dWWyFpJPd94BHS8QyU0PLG6iJdNKhhqjeqYVTDOlgSHW405/dl0WGEm7yTmHDR/F3/f/JzxIHNQbSbUJqsyNbWrYb2KMJ2+VEkgrvvkvOIrWafNEnv6gAlj86qNz+WU+ZnDIX48GOrZAKBxmEnv3SzSH/GdnmEcXuOMQlQIxe0JGEl576DHp5yByfzwFcSuwurm+VheWmP4xFihl0fhmeOuRxLO186ERXrqeyzufiRU03jRz4v/pEoh10/TX6A2YHC/kbtGe0KyEkz1l` | -> | East US | ecdsa-sha2-nistp256 | 12/31/2023 | `ixDeCdmQOB9ROqdJiVdXyFVsRqLmJJUb2M4shrWj8gI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNrdcVT12fftnDcjYL8K3zLX3bdMwYLjNu2ZJ1kUZwpVHSjNc+1KWB2CGHca+cMLuPSao4TxjIX0drn9/o+GHMQ=` | -> | East US | ecdsa-sha2-nistp256 | 12/31/2025 | `eMxQHe6f1/jYEKvKWMYQ28EUYrSF5e/km5Nw9mNY9Lc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGqgdtuQlZCFnVoC07xb1yCqS/6ncURKIwHuxgLGjrlXuGqgOwTu0AkfNIXtpe6JHcufVUO77r+KFYFblDfHDrU=` | -> | East US | ecdsa-sha2-nistp384 | 12/31/2023 | `DPTC6EIORrsxzpGt6IZzAN67nlZUXzg5ANQ3QGz987Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEP3CUvPVWNVnFuojR43KRxTQt1xiClbgDzqN/s9F5luivP+Gh0QrK5UHf6diEju4ZQ9k2O10MEDs6c46g4fT56rY8CQkeBsaaBq8WYLRhSQsFZ6SZuw14oFNodniAO33g==` | -> | East US | ecdsa-sha2-nistp384 | 12/31/2025 | `eZl4tJ/efkL0Z5yDapDrvQ6QbEfGWUeHhk4wtIQ0cd4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNPqgUMYmU95Jbd5LP9dBw1leS7Truvk/szkErBIrDH3eJT3AsEQG80Zbd/DysTwx/yRtUg1cmAhgh6GyCIKu842RaWRxeMOHAyOla9FLEEQ9kQdp6ugJed8JGVGi9mVAw==` | -> | East US | rsa-sha2-256 | 12/31/2023 | `F6pNN5Py68/1hVRGEoCwpY5H7vWhXZM/4L442lY4ydE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAiUB94zwLf0e/++OeiAjE0X7Od2nuqyLyAqpOb7nfQUAOWyqgRL04yaan6R2Ir2YtI0FRwA6yRETUBf2+NuVhIONgLNsgPw3RakL1BUqAEzZAyF4sOjWnYE5/s/1KmYOE052SefzMciqjgkBV2+YrPW1CLivNhL4d1vuQh05kADLgHJiAVD6BqSM7Z6VoLhW+hfP4JklyQAojCF6ejXW7ZGWdqQGKLCUhdaOPSRAxjOmr9gZxJ69OvdJT2Cy6KO1YQt2gY2GbPs+4uAeNrz40swffjut4zn1NILImpHi8PTM+wcGYzbW4Nn7t5lhvT9kmX9BkSYXLVTlI9p1neT9t` | -> | East US | rsa-sha2-256 | 12/31/2025 | `ZuntI4L/vzc9NZ1djZKixk7/b/LBTS/QMTewKLlyTtE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCfGNZ6SmAifUduo3pwcbgv/7tDxxluqhIupm2kliXQjfgvQslVHxeBeYwmPk/bxoSRGybLnrIUUtYuxqIeVpWNi2VaFCn0gtcRlJdI8IhKP3d+fq8sw9/FfUQCh6pxvx+BczQSmsIPLGCiMknnSS5ffCtvk3rEYvOpH1T2tmJO6YDqsC1lcJbZPSI5kQttJXw++1xk/67/1KWHYyFTVlOXD4ikfvS7wTjIBbW+jVu2vFPzj+287Zo8oub2nN1HbUNOS1NdlhT1lv4Yg8c8eXyjmHTDanrR0ekjGkxGrnj5mv/GWC1kSzHwStOjip6fXaKFpBgV4iP2uLICLpeHWd7t` | -> | East US | rsa-sha2-512 | 12/31/2023 | `MIpoRIiCtEKI23MN+S2bLqm5GKClzgmRpMnh90DaHx8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Ut7Rq7Vak26F29czig5auq334N9mNaJmdtWoT32uDzWjZNw/N8uxXQS51oSeD7c0oXWIMBklH0AS8JR1xvMUGVnv5aRXwubicQ6z4poG5RSudYDA3BjMs61LZUKZH/DRj7qR/KUBMNieT1X+0DbopZkO9etxXdKx+VqJaK3fRC5Zflxj5Z9Stfx/XlaBXptDdqnInHZAUbZxnNziPYrBOuXYl5/Cd6W4lR7dBsMCbjINSIShvrhPpVfd3qOv/xPpU172nqkOx2VsV4mrfqqg62ZdcenLJDYsiXd/AVNUAL+dvzmj1/3/yVtFwadA2l83Em6CgGpqUmvK6brY3bPh` | -> | East US | rsa-sha2-512 | 12/31/2025 | `VhbsPBUzLUym31p7u74czET3oer59WtFIIgfxFs5ppg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCxCnn/udlkksnGAo7oaReFeIadPCUA+edUXEf4Y/4sUafDdwYmxvm7ryS6DbpbDHDB53Z0iePiKjCuBDe75X7/qulFBx6XIWc9Y6orRaqCj1De7IEHuATyMXBcnY9XZyRvqupLX80nvWcwD4Iiep2DRt4uqP8aLrww3gUv88Oqozy52psmR0RR6p/f63CcuI5G/agD5QzjSKwNmkInelc64pfNJjgOnwOPESf7M9p+GV6xjoS0l9nHMyjz3vh5GXpfUuGtffrpjd8S53jtftloBqdGDT8FBKyP8eWhYj4m2Nb60VqgDUru2L6rkWriJ41wJ60yzy/3TyuJOswnTlal` | -> | East US 2 | ecdsa-sha2-nistp256 | 12/31/2023 | `bouiC5HdtURUU19RJbym8R94fbMOTw/bUxFUkoAByoI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJshJI18IECu6neLrash/Q622MAXO07C+hbIOiVPC6M/ZIJM8HyYvQEh4DKI1CMEaeAIs/HA905QKeU/syvt7QI=` | -> | East US 2 | ecdsa-sha2-nistp256 | 12/31/2025 | `yrYziYjpobvWek9eYu+D8L4hctcCq0VStKtzhB4aUck=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHVF9WzUs5VQm/gWREot7hIKhthQichwFg7TK0bk2itpGZTHZbih1Jq9yZbkWZ+aZdH3wP8DxKJB1W3zFAk3l6E=` | -> | East US 2 | ecdsa-sha2-nistp384 | 12/31/2023 | `vWnPlGaQOY4LFj9XSQ2qN/NMF92+UOfKPjGNSPA2bOg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBByJNAblwxCNVqedg5FcdbdwiuzTMVEWj/uF3uzI8wp890Xv2M4H+aMTpeItxgQsuiQCptgITsO+XCf2dBTHOGWpd90QtvcznzHyy/FEWVAKWs9brvyaNVe82c4TOFqYRg==` | -> | East US 2 | ecdsa-sha2-nistp384 | 12/31/2025 | `CAtRIpdqubfEKm6LDgMHmf70ID4gd6C/eBQ3WVIEdvA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBHynQxaZBSfmU3Irizom4OrhSxqjLn3v3aGqOob2wlqsvbyNQTwuLBvSjJUPLngsuUlQqfrDBTJknPD3VSc9XzNz3QuEcq8/7DfvKxikI4ZiVy1ET/uawH+zox1Y6LokFw==` | -> | East US 2 | rsa-sha2-256 | 12/31/2023 | `K+QQglmdpev3bvEKUgBTiOGMxwTlbD7gaYnLZhPfe1c=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOA2Aj1tIG/TUXoVFHOltyW8qnCOtm2gq2NFTdfyDFw3/C4jk2HHQf2smDX54g8ixcLuSX3bRDtKRJItUhrKFY6A0AfN1+r46kkJJdFjzdcgi7C3M0BehH7HlHZ7Fv2u01VdROiXocHpNOVeLFKyt516ooe6b6bxrdc480RrgopPYpf6etJUm8d4WrDtGXB3ctip8p6Z2Z/ORfK77jTeKO4uzaHLM0W7G5X+nZJWn3axaf4H092rDAIH1tjEuWIhEivhkG9stUSeI3h6zw7q9FsJTGo0mIMZ9BwgE+Q2WLZtE2uMpwQ0mOqEPDnm0uJ5GiSmQLVyaV6E5SqhTfvVZ1` | -> | East US 2 | rsa-sha2-256 | 12/31/2025 | `RZPLfTsRLm+N/RPnXwxR1IFIu9Cv2tPnA9sMYdaOVVo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCyiiKvJPcYD0JV+RSjmTSbsNlJbwtkJAhWlwsM4ENc2HyPVLtIWraA4QPSIo9Mrj4otUS8HXX/NMyCWpMScvZ5igCDcxMGATJo3GZTflAvzX6xomIPiSx+hVBOVUDlxWxoeebv8zqBBK9ZNDUMzZFlqI98X9SmgWGgSAWQLuBl7SamCoc86QlCMRguPEOmOs66tUlKzYL9IhWtKWCfCHYxO9GFQKkW2aVxdWXby8RDhRhtRvZKmU55701Cak9G7iVrdpzw/4jDodJzogjMUpU6dyAFJfDJoeaADnvCuem6LrNrLH/Dw5slOrluwtb7c+vBbPdYBRzh5r9w/gTEscsd` | -> | East US 2 | rsa-sha2-512 | 12/31/2023 | `UKT1qPRfpm+yzpRMukKpBCRFnOd257uSxGizI7fPLTw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC/HCjYc4tMVNKmbEDT0HXVhyYkyzufrad8pvGb3bW1qGnpM1ZT3qauJrKizJFIuT3cPu43slhwR/Ryy79x6fLTKXNNucHHEpwT/yzf5H6L14N+i0rB/KWvila2enB2lTDVkUW50Fo+k5U/JPTn8vdLPkYJbtx9s0s3RMwaRrRBkW6+36Xrh0h7rxV5LfY/EI1331f+1bgNM7xD59D3U76OafZMh5VfSbCisvDWyIPebXkOMF/eL8ATlaOfab0TAC8lriCkLQolR+El9ARZ69CJtKg4gBB3IY766Ag3+rry1/J97kr4X3aVrDxMps1Pq+Q8TCOf4zFDPf2JwZhUpDPp` | -> | East US 2 | rsa-sha2-512 | 12/31/2025 | `ZGPvMmPh7ifSqyxf1Tzbl7yT3oWby5SH5lUghRXwCKs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC/5VjuQpUIDk49mHD6UR4hPUrphDmpDxsWXNI70myr1ExXFPn7U2oTsLU2PXjsPwCt1PnJlNiVp9IsSF99FWyKAfdE13RjuWUckNl+ibYWEGK7JkxXFbWcZtGxUXPa4TopP3mDrOD3ag03uaTBHqJeHjVenLM0yy4uM7uQrrMc+sglGThJ7UNytz7jqS2ZGZ9OSxOFizw9aMc4sIVyqhcjouglrdv0Pp5s1kZ2uHHCf6q9Y67SuumgZ1BNSreSuINhmJsibIWhIaJxh3Z8Yaia6gt8rgVufFI2Xs7ift2QiJLMT4S8Z6stvRKv6sP0bad3jnlQ0nMFKmgOvbR+hBKN` | -> | East US 2 EUAP | ecdsa-sha2-nistp256 | 12/31/2023 | `X+c1NIpAJGvWU31UJ3Vd2Os4J7bCfgvyZGh35b2oSBQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK+U6CE6con74cCntkFAm6gxbzGxm9RgjboKuLcwBiFanNs/uYywMCpj+1PMYXVx/nMM4vFbAjEOA20fJeoQtN8=` | -> | East US 2 EUAP | ecdsa-sha2-nistp256 | 12/31/2025 | `V21Ku/gEEacUyR8VuG5WjVOgBfWdPVPD1KsgCpk8eqI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPd+eEm6eCdZCbpaVGZPvYmetmpOnrDsemOkj9KMmVimESN2k6I0sKNUhwntMTXGx0nPNeKWG3g/ETzKF3VsYn8=` | -> | East US 2 EUAP | ecdsa-sha2-nistp384 | 12/31/2023 | `Q3zIFfOI1UfCrMq6Eh7nP1/VIvgPn3QluTBkyZ2lfCw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDWRjO+e8kZpalcdg7HblZ4I3q9yzURY5VXGjvs5+XFuvxyq4CoAIPskCsgtDLjB5u6NqYeFMPzlvo406XeugO4qAui+zUMoQDY8prNjTGk5t7JVc4wYeAWbBJ2WUFyMrQ==` | -> | East US 2 EUAP | ecdsa-sha2-nistp384 | 12/31/2025 | `Yv87+z8s9fDkiluM3ZkbsgENLGe48ITr+fnuwoG2+kg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAYVtgfJ36apFiv6gIxBa/q4n08flTyA0W0cGTsN0ot59nbl6pPCrRCfSByRtzgRY+id9ZOeuZTvN8VpPsZWOSfUOwxE0/GC2c9kS0F4SrFzTALaMY6pY3/GhMrQelAmFw==` | -> | East US 2 EUAP | rsa-sha2-256 | 12/31/2023 | `dkP64W5LSbRoRlv2MV02TwH5wFPbV6D3R3nyTGivVfk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC3PqLDKkkqUXrZSAbiEZsI6T1jYRh5cp+F5ktPCw7aXq6E9Vn2e6Ngu+vr+nNrwwtHqPzcZhxuu9ej2vAKTfp2FcExvy3fKKEhJKq0fJX8dc/aBNAGihKqxTKUI7AX5XsjhtIf0uuhig506g9ZssyaDWXuQ/3gvTDn923R9Hz5BdqQEH9RSHKW+intO8H4CgbhgwfuVZ0mD4ioJKCwfdhakJ2cKMDfgi/FS6QQqeh1wI+uPoS7DjW8Zurd7fhXEfJQFyuy5yZ7CZc7qV381kyo/hV1az6u3W4mrFlGPlNHhp9TmGFBij5QISC6yfmyFS4ZKMbt6n8xFZTJODiU2mT1` | -> | East US 2 EUAP | rsa-sha2-256 | 12/31/2025 | `0b0IILN+fMMAZ7CZePfSVdFj14ppjACcIl4yi3hT/Rc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDE45HQiHTS8Vxs6ktkHVrDoWFYnDzTOFzVF9IE0EZp/NMVIqRSnveYyFcgWtg7AfG648DiPsEar3lHmcGKT5OxGJ7KGP6Z8Nd1HxWC75j59GDadLfkuJyFLnWuSQIyiLV9nsDgl2e/BQ4owhHZhlSUCBlsWkECBaACptS5AvWG5CQN6AQnR2L0CEEjPPUSPh6YibqHCITsCAAduH1N8S2B+xj+OqPLpEqbIUpF6aEHggMrb9/CKBsaRzN9LXXIyJJ2Rovg54bkTUDhQO80JnGzCWQvqT1JX4KSQcr0KzkzoOoPLwuQ6w0FxP3UD+zPLYi2V8MNlW3Xp86bNHoUDfhR` | -> | East US 2 EUAP | rsa-sha2-512 | 12/31/2023 | `M39Ofv6366yGPdeFZ0/2B7Ui6JZeBUoTpxmFPkwIo4c=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC+1NvYoRon15Tr2wwSNGmL+uRi7GoVKwBsKFVhbRHI/w8oa3kndnXWI4rRRyfOS7KVlwFgtb/WolWzBdKOGVe6IaUHBU8TjOx2nKUhUvL605O0aNuaGylACJpponYxy7Kazftm2rV/WfxCcV7TmOGV1159mbbILCXdEWbHXZkA3qWe4JPGCT+XoEzrsXdPUDsXuUkSGVp0wWFI2Sr13KvygrwFdv4jxH1IkzJ5uk6Sxn0iVE+efqUOmBftQdVetleVdgR9qszQxxye0P2/FuXr0S+LUrwX4+lsWo3TSxXAUHxDd8jZoyYZFjAsVYGdp0NDQ+Y6yOx5L9bR6whSvKE1` | -> | East US 2 EUAP | rsa-sha2-512 | 12/31/2025 | `pv4MPlF/uF1/1qg6vUoCGCTrXyxwTvTJykicv0IIeZA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDu64NcnMdsh2vvxfC/2PtYXRYk5IoGB1PSXkrbqov5VllVbJAF9du9V4ccHoLVppux2W1jDlFQ7E+TdOT/hnwmnQurUTAvW355LPG0MtUFPcVCEfEPbxKuv7pxCPKZAWUpMX1aLbmEjt3CX157dtKMhmOkyExLRWu4Ua65LrqpGlKovg8Pzuxc/k6Bznxmj++G3XbHv82F3UXDsXJvUOxmF6DiuDuRWBUIwLGBNJOw2/ddyan34qK2fPBUP+lPSrucinG4b+X7aJHFhTt1E6h9XBs8fYp/9SIZ6c6ftQ/ZbET66NRSS7H7D72tSFJI5lhrKCeoKU/e0GAplSEiPNLR` | -> | France Central | ecdsa-sha2-nistp256 | 12/31/2023 | `N61PH8SVCAXOq7Z7eIV4mRnotafmNoPrpc+TaLxtPX4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK3UBFa/Ke9y3aLs1q1b8gh/tXiS7lpOTzUiDFpXdbq00/V9Ag+v2z5MIaicFdum9Ih4fls1Mg07Ert16bi5M8E=` | -> | France Central | ecdsa-sha2-nistp256 | 12/31/2025 | `p7eHtX2lbIqu06mDFezjRBf7SxlHokVOC+MdcpdO2bM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKtYOFWJFlknTvpl2XpxYMrkb0ULCF+ZfwVxwDXUY3zIMANy0hmbyZ73x15EwDP3DobilK149W570x3+TAdwE7o=` | -> | France Central | ecdsa-sha2-nistp384 | 12/31/2023 | `/CkQnHA57ehNeC9ZHkTyvVr8yVyl/P1dau2AwCg579k=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBG/x6qX+DRtmxOoMZwe7d7ZckHyeLkBWxB7SNH6Wnw2tXvtNekI9d9LGl1DaSmiZLJnawtX+MPj64S31v8AhZcVle9OPVIvH5im3IcoPSKQ6TIfZ26e2WegwJxuc1CjZZg==` | -> | France Central | ecdsa-sha2-nistp384 | 12/31/2025 | `kbK8Ld5FYOfa+r1PnKooDglmdzLVGBQWNqnMoYOMdGk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBF8e5s445PAyVF3kgnPP6XoBlCUW+I6HCcQcC+xRti9OTciBAQReKX9c39J15Xoa6iSWuQ0ru9ER5UzXS+bjzhXBKXOmgAcR3/XEJMonjS2++XMldlGhgt1c4hEW3QQGVQ==` | -> | France Central | rsa-sha2-256 | 12/31/2023 | `zYLnY1rtM2sgP5vwYCtaU8v2isldoWWcR8eMmQSQ9KQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDCmdsufvzqydsoecjXzxxL9AqnnRNCjlIRPRGohdspT9AfApKA9ZmoJUPY8461hD9qzsd7ps8RSIOkbGzgNfDUU9+ekEZLnhvrc7sSS9bikWyKmGtjDdr3PrPSZ/4zePAlYwDzRqtlWa/GKzXQrnP/h9SU4/3pj21gyUssOu2Mpr6zdPk59lO/n/w2JRTVVmkRghCmEVaWV25qmIEslWmbgI3WB5ysKfXZp79YRuByVZHZpuoQSBbU0s7Kjh3VRX8+ZoUnBuq7HKnIPwt+YzSxHx7ePHR+Ny4EEwU7NFzyfVYiUZflBK+Sf8e1cHnwADjv/qu/nhSinf3JcyQDG1lN` | -> | France Central | rsa-sha2-256 | 12/31/2025 | `j6w0LC+jzdLP0PmukCCModkIXidTNnprrKSTOmTCtQg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCmTBRuLwUDIMWtwgvsmwymYlCEg3N/uO6OpXnLQe59W7zZ1FeMN5uifWGvykHyJnkg15MZyQOsWkzhE3ERijY+iuzAVz8gcYjTlXmKNr3nIqJpC1W8/2OH43zdsxss6qTi0IpOY4ZWKH9Y/tP5ebpT6nzF7n7ETqkvnuFmKtvZgYkbxV8IS65DsRVhaN4FOAR3lVdYyKgkPkxGOaucfR+KOstE48YU8270ivyu2P1cCy2WYXa9ensw8e0VKOyLjPaiK/hFpLreEFBAM37eFeHJui5qha0EWR7byDzo+DXpaKJTd/aIXxBn/alhMoqBYt6A2CeAYEjTEZcQ4tssJ7Ft` | -> | France Central | rsa-sha2-512 | 12/31/2023 | `ixum/Dragma5DAMBzA/c5/MY02FjUBD/gI8+XQDzJvc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDjTJ9EvMFWicBCcmYF0zO2GaWZJXLc7F5QrvFv6Nm/6pV72YrRmSdiY9znZowNK0NvwnucKjjQj0RkJOlwVEnsq7OVS+RqGA35vN6u6c0iGl4q2Jp+XLRm8nazC1B5uLVurVzYCH0SOl1vkkeXTqMOAZQlhj9e7RiFibDdv8toxU3Fl87KtexFYeSm3kHBVBJHoo5sD2CdeCv5/+nw9/vRQVhFKy2DyLaxtS+l2b0QXUqh6Op7KzjaMr3hd168yCaqRjtm8Jtth/Nzp+519H7tT0c0M+pdAeB7CQ9PAUqieXZJK+IvycM5gfi0TnmSoGRG8TPMGHMFQlcmr3K1eZ8h` | -> | France Central | rsa-sha2-512 | 12/31/2025 | `DbtqsAbpqaqaGigg2nSDFt0QvDIwOHh/xiu95Dm+Bu0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCmPUn9acrOhsAEukuCiq8WIJkEOJ/iOvaEvTzp4+UsqljpAgIYsUcPwkBQ3nd+nIcYDEEtzHt7/eHdYa5zETNXcz/EGQevQ2PXbwPB8dEN5L5whCqbwpmPDdLufunlwfV6g1Gkb+WmzNM88fYBObr6rf1xMtZy3mUFak4LH3umPmmMqhFnY9Efu8kP1MQYyZSLUNm0Zr3U8Werv+IJ8Ta2SBSpsoMZLCvuSbk4/o60J9n6XOpxNTitxoWea9lcjEO1TLqeU1G6MN7MpqDxVl21IuSeRS/b+62jYoCUtHxfjvT7Ha7lynJqZp9AzgGMSIS/RUbgToWUXUVbewdSMZN1` | -> | France South | ecdsa-sha2-nistp256 | 12/31/2023 | `LHWlPtDIQAHBlMkOagvMJUO0Wr41aGgM+B/zjsDXCl0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHdj2SxQdvNbizz8DPcRSZHLyw5dOtQbzNgjedSmFwOqiRuZ2Vzu88m2v5achBwIj9gp0Ga14T7YMGyAm04OOA0=` | -> | France South | ecdsa-sha2-nistp256 | 12/31/2025 | `+qtS9kC6bH8V11bQ1q9Zp9cr/gxuBNLenatWKZxOKEY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJS89KMD/L7ufMFlk+LJYWLUc6aHEv/QL3q8xUiqiHHy//Nh2wFyX8GYX0BnFQ3ayR5g6ImuL41up3ndHTWVHgc=` | -> | France South | ecdsa-sha2-nistp384 | 12/31/2023 | `btqtCD/hJWVahHWz/qftHV3B+ezJPY1I3JEI/WpgOuQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBB2rbgGSTtFMciVSpWMvmGGTu8p1vGYfS2nlm+5pAM85A4Em1mYlgHfVZx+SdG5FSYcsX4vTWt4Yw2OnDmxV3W0ycrKBs4Bx3ASX4rx3oZezVafHsUUV0ErM+LmdmKfH8g==` | -> | France South | ecdsa-sha2-nistp384 | 12/31/2025 | `wrbZPGvf6DwF56hIpZqZ90YJli1bTCMg9RgDC1VJtQ8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLkQCx9DbWnJKUN+D6Kw4IaX3bZX6+ggzWFOn+MTf5GI+9musoQOo9s3bpWkl10QJ3H3lwQTbXuYoV7e2m8ZeHwA7P6Ou/ta4TDV02L5lYErcXAbRh2ZtlhLPfHj4ZI65g==` | -> | France South | rsa-sha2-256 | 12/31/2023 | `aywTR4RYJBQrwWsiALXc1lDDHpJ34jIEnq3DQhYny0g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDELY4UcRAMkJpEBZT40Oh5TIxI6o6Enmlv+KxWkkcyFcNJlFtaF2Hl+afWlysrg+lB5Un4XpveWY64pl7a/dSju7aPfujcXowELIPqFSoWW7xQ+jkfJdyI0daa0l2h2oNCPqWnx8+04Vx5kcb2GktlNG4RMLx7Q6COJgQ3pGHtyfZ5fnmrWNBsuv4mvsXp0u1KGWX6s2LZtO+BpKE6DegSNLMVapAZ0ju8pagqtm6aeWEtqmkAvsI0U31qhL25FQX4DzjIbGzXd6I25AJcSXcpnwQefsaOwO/ztvIKeIf3i/h2rXdigXV1wyhvIdKm1uWwj6ph4XvOiHMZhsRUe02B` | -> | France South | rsa-sha2-256 | 12/31/2025 | `FIwqrEbTl1XZIJ66T077NRnLmaQ0d8975yZvTmnjfco=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDN9ZUTUNi9mbqb2UVvOr/DtMiGx70OVWpoYa9jQ5hGklnqo4vy+Yoq3RFhNjHcI7u2jHG3hxvbl` | -> | France South | rsa-sha2-512 | 12/31/2023 | `+y5oZsLMVG6kfdlHltp475WoKuqhFbTZnvY0KvLyOpA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDmsS9WimMMG95CMXFZiStR/peQU1VA6dklMbGmYwLqpxLNxxsaQuQi6NpyU6/TS8C3CX0832v1uutW38IfQGrQfcTGdAz+GjKverzaSXqZGgTMh/JSj06rxreSKvRjYae596aPdxX5P+9YVuTEeTMSdzeklpxaElPfOoZ7Ba5A2iCnB/5l/piHiN8qlXBPmfGLdZrTUFtgRkE4Ie4zaoWo19611XgUDMDX4N4be/qilb95cUBE73ceXwdVKJ3QVQinZgbwWFUq0fMlyd8ZNb9XN6bwXH7K6cLS6HYGgG6uJhkYSAqpAZK2pOFn3MCh8gw2BkM/Rg+1ahqPNAzGPVz9` | -> | France South | rsa-sha2-512 | 12/31/2025 | `aYRboL5Mv0zr/aVeHgcc7NNL4uns0maI42L1dpJtEec=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDyPA0QlBL1HJuH6OlXJfJb9I5vZ3JIw9faZQaRs2PPuOJga53gfXGP04CFeRPcKcXF0lGeqEPOlRwYsZmZzla1+0BhSzuF5kVhMLAG4RCOJeBaQjvqZjud/NSGAoxdg5eB9KaSUTa7BREmErLBpdHQoLtDpD2/bTTKnOU+0tKR7xYlDZ9erHhMCCNYDOrNrTuN4eYldl11UJqUQbdXCXkaMzGVU6r2UmCuS9Iwcv5XywNa1Tz+ff7AjmkKBBwVF0SEvoYMnUIQdDWE/cZEIh21Skha6lXnzb6ll6ZufnXJNwu3i6Sg5tZZBDuB4Y7c2cRzJUqPpn8NrvOO53vdjAn5` | -> | Germany North | ecdsa-sha2-nistp256 | 12/31/2023 | `F4o8Z9llB5SRp0faYFwKMQtNw/+JYFKZdNoIuO7XUU0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMoIo/OXMP7W5a5QRDAVBo+9YQg4YBrl3J7xM91PUGUiALDE1Iw8Uq4e1gLiSNA6A46om5yY/6oGj4iqEk8Ar8Y=` | -> | Germany North | ecdsa-sha2-nistp256 | 12/31/2025 | `odPSs4vy9uet5z7+51SloNw0Ne6wtB3NkRVLjB8r1QM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBYiTtKvQ4VmbpcOL1hyuKJ/oaQc1OIL/OwkG1Gfud9jo47RIvSdykw/xecSuOTpOdTMQMd2gkifTfm8r3ZWLNU=` | -> | Germany North | ecdsa-sha2-nistp384 | 12/31/2023 | `BgW5e9lciYG1oIxolnVUcpdh3JpN/eQxfOyeyuZ6ZjI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJ69kH0urhCdcMMaqpID2m+u8MECowtNlYjYXoSUn6oEhj7VPxvCRZi5R02vHrtrTJslsrbpgYHXz+/jSLplKpccQGJFaZso9WWgEJH1k7tJOuOv0NIjoBTv7fY5IxeAvQ==` | -> | Germany North | ecdsa-sha2-nistp384 | 12/31/2025 | `9mA6c1xpgusDregeaAx1ih62qFnx0N2STx6xnfRjMZs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIDOLp9njrEr4Ophu5Kr0wkUc+IZ/H0GOka9FHmVXALpHTuaquw3ZmRiiG/YjiqCBt6/CQFFvkPwsU1yBpLTKBKF15o+xa1d3wetb67W37UthzwrtIYiN8Z7mZmJT/R7rg==` | -> | Germany North | rsa-sha2-256 | 12/31/2023 | `ppHnlruDLR73KzW/m7yc3dHQ0JvxzuC1QKJWHPom9KU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNNjCcDxjL3ess1QQEkb9n5bPYpxXpekd32ZX4oTcXXFDOu+tz/jpA8JZL8lOBAcBQ5n+mZF0Pot1o+B1JxQOHHiEZdcdKtLtPWrI2OQyxZnvo7sCBeSk+r/j3mjqpvq3+KpwoTZKpYF/oNRXVHU4VFs+MzvqWd6vgLXsDwtJrriojtkrWy0bTa4NjjN/+olsITxDmR0TGAu+epCJptdpKjTcgcn25QuIKy37/zVW8BJ5QsZmIRwvlCYxj11UOAoDcbapJcnzJYpOmQTNpdzkazjViX17DZW17Jmfhc6Dk3H+TEseilkbq1ZjsUyGBBxklWHid7+BgKVXOoIgG6+0x` | -> | Germany North | rsa-sha2-256 | 12/31/2025 | `IUZdXfD1QRH4EQ9QaPlKrPd9/2TTJpPBQfBl4HUhn0g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDIsaKq/gZdm+3+01ASAn7/TBEUkLGD54KRUjdVTcMwM+9i0s30YIC/ikNqoawIeWO7/DbU2DeL4cAarYR83X2QY51JCRVHQ1+jZ533EYcxRgqs5c1sDmIacfvzoingaRL4ZFwLJNkSY0zHfLnxVwm02qPexwTAmcHGqhYdO87uPjwni/sjL5SFnQV4hssBuEd0OFVzcNfkavkWXgLqT9yi8m/bsBVcS/L4slZkLpmgRI8PTdGoIwQGp3mUf81RFZpTm8l0SWQiNIN65a5rRY1nw4DhSlGSoiel0FRm0po7O6qG6MvRnkjj58zKUj0G+Ka19O5rj3/aCgRrT1+LBVLd` | -> | Germany North | rsa-sha2-512 | 12/31/2023 | `m/OFTRHkc3HxfhCKk1+jY1rPJrT9t4FYtQ/Wmo3MOUE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDkN3CN1VITaHy/CduQaZIkuKSC/+oX19sYntRdgCblJlIzUBmiGlhmnKXyhA29lwWWAYxSbUu0jEJUZfQ6xdQ4uALOb815DLNZtVrxqSm4SjvP5anNa7zRyCFfo4V8M4i6ji6NB+u+PwH5DOhxKLu6/Ml9pF8hWyfLRft8cg4wORLLhwGt2+agizq7N7vF2nmLBojmS0MMmpH5ON/NFshYIDNKPEeK9ehpaARf4fuXm440Zqzy/FfpptSspJIhbY2zsg4qGQgYGZyuRxkLzYgtD/uKW5ieFwXPn+tvVeVzezZTmGMoDlkPX18HSsuNaRkdnwpX8yk1/uoBCsuOFSph` | -> | Germany North | rsa-sha2-512 | 12/31/2025 | `KG2CjBBKyCg7Iur1Qt+7y33ELYfF0M6/uHbuuoAJ2YU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDQj4T+NzUUmIKF+N1tKsA44u+Bjsx4nIzwhAJPdq7YzbvtDyVD/Lkm7fCIsVMLcKzRCuIVM/5g+aer4LvfuHtR8jqtZNJvFAbwsBSOat18mzWS+KpB0G9iW8QQlXcCnXKgatUYhAoXabHQDF7Qbv5Ap/ImMyt4Y5wN8OnuSOBU3nPKnDYxt/kfxNoY5F8wVigcT399QwBUnr9l6+cuXJ3janPBfuf9/o1SPvBj4ePg7JoZ8EXM7q8ruRRXv52NmKytFJgntnJvH8nRq0Hz3D3IchXAHhhp1VlmphwVo79f4LWbZtb0dkcDDE9ZjqIX2ozt4jrd8/JiTL4/l8iy13yN` | -> | Germany Westcentral | ecdsa-sha2-nistp256 | 12/31/2023 | `Ce+h+7thT5tt75ypIkWZ6+JnmQMZEl1N7Tt3Ldalb64=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBmVDE0INhtrKI83oB4r8eU1tXq7bRbzrtIhZdkgiy3lrsvNTEzsEExtWae2uy8zFHdkpyTbBlcUYCZEtNr9w3U=` | -> | Germany Westcentral | ecdsa-sha2-nistp256 | 12/31/2025 | `xWozWbLHPncCcUxRb2j/u4l1LDno211Ajbqs0InLmdM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA8dcmahsTDwh9DKlrRp8FeSfkH9Y8RGKtqPrpog4plwRUJPcC8DUzSeZfYEvsgOTPfhvTIrj/jW+VZRjCQ9OPM=` | -> | Germany Westcentral | ecdsa-sha2-nistp384 | 12/31/2023 | `hhQQi2iRjSX5d9c+4714hAFvTA3c63+TGknhuQi7Tss=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDlFF3ceA17ZFERfvijHkPI2Na1wuti9/AOY5E/bDvZfP08kkmYTb9Ma6omhB0dHR6e1CmRJfKmFXfTd81iVWPa7yXCxbS8yG+uNKCuHxuNv8hFhNM84h2727BSBHBBHBA==` | -> | Germany Westcentral | ecdsa-sha2-nistp384 | 12/31/2025 | `xmc+FeL+8s6nBwqEwp5guKLSHYOaWzYvTslXXxUJzfU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNeYkR7pPXK9/7tOyoKEymkz4nGROeqyZN9hWAO/R+0GhTp202EGapq76jCfMx7hv4ZbtLXYjJSSkc+vgVNjCy7ZUy3DAa9j/yv94659nPpRnvJbOcW0F1QzXDS3luhD8w==` | -> | Germany Westcentral | rsa-sha2-256 | 12/31/2023 | `0SKtGye+E9pp4QLtWNLLiPSx+qKvDLNjrqHwYcDjyZ8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDsbkjxK9IJP8K98j+4/wGJQVdkO/x0Msf89wpjd/3O4VIbmZuQ/Ilfo6OClSMVxah6biDdt3ErqeyszSaDH9n3qnaLxSd5f+317oVpBlgr2FRoxBEgzLvR/a2ZracH14zWLiEmCePp/5dgseeN7TqPtFGalvGewHEol6y0C6rkiSBzuWwFK+FzXgjOFvme7M6RYbUS9/MF7cbQbq696jyetw2G5lzEdPpXuOxJdf0GqYWpgU7XNVm+XsMXn66lp87cijNBYkX7FnXyn4XhlG4Q6KlsJ/BcM3BMk+WxT+equ7R7sU/oMQ0ti/QNahd5E/5S/hDWxg6ZI1zN8WTzypid` | -> | Germany Westcentral | rsa-sha2-256 | 12/31/2025 | `e4CL5Qok5VjcACFdiDXM39iG1fo44+YgnnMi3vEx2Yg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC/A1RmHi6Y4m61EAVN7piQKZVs0qvGc2bRd1rhm0ZyRpqYVuxYnHQplw+f2KVlUnceZJq2fd7X0riW8zjY7AU3Xltb7w2j2IRI26Zut/sIm3oFhhYO6mrceqRxTD4pJk9WwjQulrD4TUL8OB34t9Y4Y3Uqd2YPllBiWca3vQS5QWDN78xqZqYpOxqtGExJ87YvJjs0v0sqhsnfOioXhuuD1V6dFIgGG480lhqOX1WUTzF8kU1yOqanbCY4cyZht2++eBQ6OtF7k3fMLjJWxXSwhg5Qlzr0ickpi9mcDYEi6um0hHvI8J3U2vquT+9nMnln2BN7+q5v3TB1O41+QCxJ` | -> | Germany Westcentral | rsa-sha2-512 | 12/31/2023 | `9OYO7Hn5p+JJeGGVsTSanmHK3rm+iC6KKhLEWRPD9ro=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCwrSTqa0GD36iymT4ZxSMz3mf5iMIHk6APQ2snhR5FUvacnqTOHt3xhMF+UwYmGLbQtmr4HdXIKd7Dgn5EzHcfaYFbaLJs2aDngfv7Pd6TyLW3TtSgJ6K+mC1MDI/vHzGvRxizuxwdN0uMXv5kflQvnEtWlsKAHW/H7Ypk4R8s+Kl2AIVEKdy+PYwzRd2ojqqNs+4T2tPP5Y6pnJpzTlcHkIIIf7V0Bk/bFG2B7r73DG2cSUlnJz8QW9pLXIn7268YDOR/5nozSXj7DinVDBlE5oeZh4qkdMHO1FSWynj/isUCm5qBn76WNa6sAeMBS3dYiJHUgmKMc+ZHgpu6sqgd` | -> | Germany Westcentral | rsa-sha2-512 | 12/31/2025 | `sDXbCz8K9IsknWgFHjlZHmhB9ecW65qVdaXNK9Wd/lc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCYVSqdP8Q4I0uY0sNh8BXoB8bDmP5YKH3cfcssdgnB+hSyjVcEkCXWzs2uS36sKPmPSwcIj1jsE2W+r8YNdP8jid82PZYzufWf9WeVMM+vCT91m7Xkugla/pKsLzeua8ZmbBAqIIac7RsPDmNxhcvjNS+NCSzG/dr4y2YIpQ/nXM4w8e/MUqyJDaf8uMkE5/GFUN6l86miqUF4PQzvZlaxcsaB17TMa7y/01tLuHDlBzmnwBss4+5ZJut7qH5w9o2U+n06m6NB0wFpDEfXwPdREICDCBzyMtMeJ7i7Wraop3q2d1YRsjZNIskbbEIIwS/awHi9+6+tkZGOXbgqC6bB` | -> | Japan East | ecdsa-sha2-nistp256 | 12/31/2023 | `IFt/j4bH2Jc0UvhUUADfcy3TvesQO+vhVdY4KPBeZY8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKVq+uiJXmIlYS367Ir9AFq/mL3iliLgUNIWqdLSh7XV+R8UJUz1jpcT1F6sJlCdGovM3R5xW/PrTQOr3DmikyI=` | -> | Japan East | ecdsa-sha2-nistp256 | 12/31/2025 | `hNki347+AC3wa6Yp1qgRfxFQGku65fd3VM13B675RCA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJBYLB2TtVhVnWaLtOUts6Txhtle6v0ws60hXE3NvjFf+vHYh0yhDorQhiMHY6uDjXwS3TUOXQTcjLsBh7Ln9t0=` | -> | Japan East | ecdsa-sha2-nistp384 | 12/31/2023 | `9XLsxg1xqDtoZOsvWZ/m74I8HwdOw9dx7rqbYGZokqA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFh7i1cfUoXeyAgXs+LxFGo7NwrO2vjDwCmONLuPMnwPT+Ujt7xelTlAW72G3aPeG2eoLgr6zkE48VguyhzSSQKy7fSpLkJCKt9s0DZg2w0+Bqs44XuB43ao6ZnxbMelJQ==` | -> | Japan East | ecdsa-sha2-nistp384 | 12/31/2025 | `kQPmkwILyGO/5ejgfg+0D1WeI4Ax+e1UZ31+jKqxclg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGVsoOV31Dv/BYpp8cW+sReXE4nK84wSOhNmK6MmQyTgCSh5msHcnnPBQP0RpptaKUm+qtZSLPXJTEU7AteUm4UllN00YL2uOsgVWC3+oidsq4Tc6jRKp9shY4ivzCb+Cw==` | -> | Japan East | rsa-sha2-256 | 12/31/2023 | `P3w0fZQMpmRcFBtnIQH2R88eWc+fYudlPy7fT5NaQbY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCZucqkz4UicI20DdIyMMeuFs+xUxMytNp7QaqufmA2SgUOoM387jesl27rwvadT6PlJmzFIBCSnFzjWe5xYy3GE59hv4Q3Fp3HMr5twlvAdYc5Ns5BEBEKiU0m88VPIXgsXfoWbF0wzhChx8duxHgG4Cm+F8SOsEw/yvl+Z/d42U9YzliQ1AafNj4siFVcAkoytxKZZgIqIL4VUI322uc93K5OBi9lgBqciFnvLMiVjxTWS/wXtVEjORFqbuTAu/gM4FuKHqKzD1o39hvBenyZF2BjIAfkiE6iYqROd75KaVfZlBSOOIIgrkdhvyj9IfaZFYs3HkLc7XgawYe6JVPR` | -> | Japan East | rsa-sha2-256 | 12/31/2025 | `4NqHhLFmWOkUDU093AFLCRYxx1gp/wIIQQErFkfQuoE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDR8dvjRiVZYNYEemBmSWFdspEs5IwiZ7WB04o4XX8cgnvt0pb9tGxI+KypqcXnocBSZtSTC6dQ+kLVKJJ0AcL7WmCMk98biFj+E87/LQuEU2UifdYygwWqK+9oWtY4drFIPcU8GWWqxf/vhXUAwHf1mFiuEpbO4MHWGZfJTdbU2zlBt1nOj9mftl4s1SeoTzd3ndpja1wnK/wmPTDNbE77eSf6Y52W3p16BjdL76A/7IjZPufPbimNLzyKAkSlXiaZApHMxsb3+RmL9V93c2yGnbZAd27zT8UlDxXM1tIG1/TiKKQvU9ER5l0JU+YKRIMatr5rTOjeGO4ROrGap+El` | -> | Japan East | rsa-sha2-512 | 12/31/2023 | `4adNtgbPGYD+r/yLQZfuSpkirI9zD5ase01a+G7ppDw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCjHai98wsFv0iy+RPFPxcSv8fvTs3hN/YnuPxesS21tUtf0j5t8BTZiicFg6MLOQJxT4jv5AfwEwlfTqvSj3db6lZaUf/7qs/X9aN1gSoQNnUvALgnQDYGjNYO8frhR7S0/D/WggQo2YKMAeNLRScT7Pg/MJaOI12UhoUloCXbTAP1c85hYx0TGKlGWpFjfen/2fwYEKR1vuqaQxj+amRatnG+k18KWsqvHKze8I2D19cn5fp2VkqXzh6zQ1s5AMc5B9qIF48NIec9FAemb9pXzOoYBDFna0qNT4dfeWOQK6tM/Ll10jafaw2P32dGBF8MQKXB2sxtcC0nU4EEtS5d` | -> | Japan East | rsa-sha2-512 | 12/31/2025 | `Y4mVSJoE0kk6/kJ91yxyavlrDpMcB4pbRjk6yn/foHM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQClNQuyH42xrN5BODWQLLTmQZHQsQOqtAJtZ3sq6H/O1WgeFjCYAO0vxtTrtZlD6KO6NIssxZuspomQAcEkJ2mhc0dgtXNLlK2MLdqUElbb9knZR2+2K0+K9uehznRHCPiTxv9q3Dy3IzIb8zA0Ol4kIzo3Px+AkjfQLaLURLM+M5ZnL2CAiYQUrxBIxqO5mCwyLEWrJikwcI87WrkiZ8uorrXbE/ocMuCggTxuuuUUGuGWreHeNd7Cz6AAcdqz50cY7Yd5mm/9nnvpRdYmNjI/so6l9SzXqg6y7+tjEu2IEA4CyPKTg+qIm1tujFjbYs/JlTaOX0VP5fBs4qnED70B` | -> | Japan West | ecdsa-sha2-nistp256 | 12/31/2023 | `VYWgC6A4ol1B7MolIeKuF2zhhgdzQAoGBj5WgnQj9XE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFLIuhTo1et/bNvYUj+sanWnQEqiqs9ArKANIWG19F9Db6HVMtX8Y4i7qX6eFxXhZL17YB2cEpReNSEjs+DcEw4=` | -> | Japan West | ecdsa-sha2-nistp256 | 12/31/2025 | `ybrCO0nkrCspDE3iuezYA12jWmjgD72XcLDIlK3ejZY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNb8liGv9bPJAXwukCHD43nqpax24eQDM31YjEdJ7vhnvpBS3fvtfrth4FLspqGQcnWLZuyI8oZKHLrrg5pXMOE=` | -> | Japan West | ecdsa-sha2-nistp384 | 12/31/2023 | `+gvZrOQRq3lVOUqDqgsSawKvj6v/IWraGInqvqOmC6I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBD3ZiyS1p7F1xdf6sJ3ebarzA5DbQl1HazzLUJCqnrA84U8yliLvPolUQJw4aYORIb5pMgijsN3v9l0spRYwjGHxbJZY/V6tmcaGbNPekJWzgXA1DY35EbFYJTkxh/Yezw==` | -> | Japan West | ecdsa-sha2-nistp384 | 12/31/2025 | `nC2vSR9tS0m6VM8HmfAYIGKLHHATc35MFKtFmqT3JPg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNY0L4vz17bEi6V5ww9oL2YVtJ2yov/xGhKXN7UCiGE+iivz0gkcsCmCgNjE/GjpJ6ClwvOTnKJihnq6n+NDVoshsFO+LfoorwdVMhszhH/fbIV4x09vrNZWl8twA8L5Iw==` | -> | Japan West | rsa-sha2-256 | 12/31/2023 | `DRVsSje7BbYlVJCfXqLzIzncbVU4/ETFGzdxFwocl8E=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDl/rlTgQpomq4FmJKSR2fjgAklV818RcjR/e/C1VUJVpbntJoWUlBhKYDFPTVQaHXDTK5HyJU5APsdy6CJo8ia32qc2E/573LDNk4dgFFrh+KFRiD+ULt3IH15i1DieVw61MAVOvzh+DmTJHPLaTufXoQ62YACm3yC1st1kXv4bawfXs0ssmeqrBcCOQvMvW/DexnnGXO6QXYTcjUktNrO2h2dd355n5FP4fcsBEdGmfT79HYPM6ZoqkItRZEO6Nel65KxtenAwQub8SK3iJgFyJwd3zIH4OCHp3z4tcGXw5yNAX15dJMSnls0zvzhx0f4ThwfgB4t1g9jVb47Ig7B` | -> | Japan West | rsa-sha2-256 | 12/31/2025 | `P1paDhO48HuP5smazNHhse4IOsvNbsXkiX0wCYy7FAE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC8we/tpjgMEjmd+iyVNJWErV69vABxcnEflMamhvyidR4XO1E0xVbCUzLkeMk0h2f6ICXCk6NRpY8A6lPp37QGYY+7gZqyNKXgOO5OBGVyTb1bzafP2q38lEi7LSkcA1fYXRfSlrGFktCFkCa5dpKzWxr3F8jvQPIukWUuvAVVbQpamL93jmlIIewNcqrom6oGgU8ehKPcnhONY84DNMJs0b3krksPOC1lk36QptpZtUCUA112X+XU62f7O+99PKrjVMGzjzrQkjs8dOyVUNc7LACafo9uslxZW8wsaKibuERWunDdXlC4S8pDlfwmXaoJMWlOZXJnUv1uwgc8SaJF` | -> | Japan West | rsa-sha2-512 | 12/31/2023 | `yLl9t2jlkrTVWAxsZ59Wbpq+ZCnwHfdMW8foUmMvGwI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC9zrpnjY7c0dHpE1BMv+sUp+hmvkBl3zPW/uCInYM5SgtViSQqn/DowySeq+2qMEnOpHGZ8DnEjq55PmHEumkYGWUUAs38xVGdvRZk6yU7TxGU42GBz0fT/sdungPHLQ2WvqTZYOFqBeulRaWsSBgovrOnQEa2bNTejK9m353/dmAtKHfu68zVT+XYADrT3PY5KZ1tpKJA0ZO9/ScUvXEAYs20WSYRZBcNDoSC9xz4K8hv9/6w3O3k0LyBKMFM5ZW8WVDfpZx1X0GBCypqS+RNZuVvx81h3nxVAZSx80CygYcV4UHml7wtnWDYEIBSyVRsJWVNGBlQrQ4voNdoTrk5` | -> | Japan West | rsa-sha2-512 | 12/31/2025 | `RWw7+FvEvquzP8KS0w1UrHkrNhmm9OKP12MujEWgpAU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDO3u8afk9VvwkvpebBX5yDl992D7SPS+4Pt5NreLgHY2UBvMEyx79PS9vuQXEE1Iv1dh3adbY15V50ZDEILbRe8DaIPNXRHVj0QK2AOIO3h8MJrsuGQk9c2p8LiJx+lCMzYf0xgD7gbffEwUfUG2d0qBcuomgfBzuX7i1kEJetliwOS79Df2OfeLlFfvPUMO5mSVkd2AF38jyl6aOqDu17yofQxDTHhUdaSpniT+tbc6IJin6WDZFHMipb6FQLmiQcJSbAxaQUzf1/XAbndz6qES5wThm+pg73nYhB6ynPqX5VOVOP/t0ZVkkv9rcQ94c7omY6hSrNhUXWq/VouJLt` | -> | Jio India Central | ecdsa-sha2-nistp256 | 12/31/2023 | `zAZ0A1pk0Xz8Vr/DEf8ztPaLCivXxfajlKMtWqAEzgU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDow29ds+BRDNTZNW70CEoxUjLiUF+IHgaDRaO+dAWwxL13d+MqTIYY4I0D7vgVvh0OegmYLXIWpCdR8LvVT7zA=` | -> | Jio India Central | ecdsa-sha2-nistp256 | 12/31/2025 | `F4I61T+soC7yfrE9ZUPLtRb2ZoQozdboHwP23xQ+Y5g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJFSwEH2udhlvtUayxa++ajapReFdnuqtAzPVZtQa/LDt3Je5J3JW5GUqIUdO3GFAFXss32UAxYOC1teT5B1gew=` | -> | Jio India Central | ecdsa-sha2-nistp384 | 12/31/2023 | `OTG7jxUSj+XrdL28JpYAhsfr6tfO7vtnfzWCxkC/jmQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJ/Bb3/3u/UIcYGRLSl7YvOObb43LO5Ksi0ewWJU+MPsPWZr7OTTPs76TdwXMvD8+QuY8U9JxgQQrNmvbpabmbGENkllEgjGlev5P2mHy/IZZAUQhAeeCinCRvTsiOOoLw==` | -> | Jio India Central | ecdsa-sha2-nistp384 | 12/31/2025 | `HkXwB0/d+gziTWHE9tmdTeXqPOlGU5moOy24VZW/1R4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMjje4Bvw0jMsOUEhkD6mhzaeQILgDpjjkoV/16gqMd+VaMVdMP4fDyBR7cfbTo2N+lZDmdIrbdHfLlKGrNOYoQlSBL/ANBQfpnfyzEX+Z9Bsz5jE7CyXML7SQAVm3YYhg==` | -> | Jio India Central | rsa-sha2-256 | 12/31/2023 | `DmNCjG1VJxWWmrXw5USD0pAnJAbEAVonkUtzRFKEEFI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC/x6T0nye3elqPzK8IF+Q70bLn2zg4MVJpK3P6YurtsRH8cv5+NEHyP0LWdeQWqKa9ivQRIQb8mHS+9KDMxOnzZraUeaaJLcXI0YV512kqzdevsEbH6BSmy8HhZHcRyXqH0PjxLcWJ5Wn9+caNhiVC40Oks7yrrZpAVbddzD9y/eJfguMVWiu1c8iZpYORss1QYo7JqVvEB6pLY03NXWM+xti1RSs+C6IEblQkPvnT3ELni9T1eZOACi12KGZHVLU9n27Nyg/fPjRheYSkw/lkkKDG0zvIQ7jr/k8SCHGcvtDYwRlFErFdGYBlIE888le2oDNNoKjJuhzN6S7ddpzp` | -> | Jio India Central | rsa-sha2-256 | 12/31/2025 | `fZEtfkvGAXf7QhIJWDZB37fRATEkjjebgGDdXZvJTr0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDRGylVPtL0MgUInVkEgS8017YRvo/59b9+Of1weYoOz9ICLlRSuk32X/r8tXnhmWPsai2H/DoLxMTzS/PlvQGJ8jO/46DmL3r8uwkgPR73J/KFMSkg8GDYAWjMRrDs4ezkB+RVgW9iO9R6o6Abqj6yXrhlZ1YRMXCHXrkuI8tDefh8TmV2quxNAn3HM+Q11WqUh9BS7hXcY2J+RUn0R` | -> | Jio India Central | rsa-sha2-512 | 12/31/2023 | `m2P7vnysl2adTz/0P6ebSR7Xx8AubkYkex6cmD9C0ys=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDQHFDt8zTk+Hqh912v0U8CVTgAPUb8Kmuec+2orydM/InG+/zSuqQHsCZaD2mhEg8kevU8k2veF5z2sbko5TR/cghGg5dXlzz4YaKiNdNyKIGm2MdynXJofAtiktGhcB6ummctHqATfGSgkLJHtLvstzTVbVK1zgxXcB8hA52c2EPB1cN1TkAKEyiYNX7fKFe1EEPCxdx3fC/UyApKdD+D432HCW/g8Syj/n7asdB8EQqcoCT3ajh2wG2Qq0ZxjVbbrFImlr0VoTqLImJ4kZ9d2G7Rq2jqrlfESLAxKVDaqj+SjyWpzb3MHFSnwJZybCKXyTt+7BXpKeeGAcHpTs3F` | -> | Jio India Central | rsa-sha2-512 | 12/31/2025 | `TqQRg3js6McwK8pLUIzXtCuCCoDkHFmOJkF0P5Qy2T0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC5gg7SwMc7NaBDbEk5LSHZnfE7mx1qOhs8G5G53lC7A7q8vUF4RzWP0BE9mhKb/Wbx3G5PwgXGqE4yP2J2ohNYRudzB7LJyGNaDSWRkx9n0tyfaza3FuUrUKUTu8UKrMJzsQYhR6/3bNZjFkDTMbrhFmKU9k8/9MmpfAKNt74rAHH9PBVyhXvsFEm84J4wDdfi46gzLksV5XKYEuEz7GpTK4QhdXAYUOq8OOvWiDa2pP/dEiE6DfpPYEMrKtFG58D6hhamXDxo5PK8V1R8NFPQ3VgWZuVhYYwnslDq8a/QhRq3Q8HPUSxRKrwCQ9zs7HZxAtofpE1HTHOD11rcZJG5` | -> | Jio India West | ecdsa-sha2-nistp256 | 12/31/2023 | `mBx6CZ+6DseVrwsKfkNPh9NdrVLgwhHT4DEq9cYfZrg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPXqhYQKwmkGb8qRq52ulEkXrNVjzVU4sGEuRFn4xXK8xanasbEea3iMOTihzMDflMwgTDmVGoTKtDXy8tQ+Y8k=` | -> | Jio India West | ecdsa-sha2-nistp256 | 12/31/2025 | `LKIwML4VmHO7WCRtLKz315NKhUsf3pn9q8UggCsT2ls=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLv40BCM762yvf6z/gbySSUjxvswA3Y4L4kDEENRBu4L/xju3kmN4BiuRVkCVioL4Z3qDRt97wSK4uyMi8E18wY=` | -> | Jio India West | ecdsa-sha2-nistp384 | 12/31/2023 | `lwQX9Yfn7uDz/8gXpG4sZcWLCAoXIpkpSYlgh8NpK1E=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLKY2+wwHIzFOfiKFKFHyfiqjUrscm0qwYTAirNPE1GI6OwAjconeX072ecY3/1G0dE7kAUaWbCKWSO3DqM4r6O+AewzxJoey85zMexW23g2lXFH7HkYn9rldURoUdk31A==` | -> | Jio India West | ecdsa-sha2-nistp384 | 12/31/2025 | `Oh8tm94RmBr3De3CtRgSNYFdCk4GuDu2YEupO+rXV+g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAAfMbIXcSz+/3ZUPhsmjFrdNZJRH5vV3zzAE/O/LEbTA8zZcOD04fhbyEmohk0z6qPQE0tVCp/Xi84gC0LMK7AuaFH4kJmuzh8tC2CbRlpBV0TWK5oVjRjBeLGj2gocTg==` | -> | Jio India West | rsa-sha2-256 | 12/31/2023 | `hcy1XbIniEZloraGrvecJCvlw6zZhTOrzgMJag5b5DA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOBU9e1Ae68+ScLUA5O1gaZ3eq0EGqBIEqL3+QuN8LYpF3Bi/+m43kgjhgiOx5imPK6peHHaaT/nEBQFJKFtWyn8q2kspcDy1xvJfG8Jaks1GQG33djOItiHlKjRWMcyWFvisFE2vVkp3uO0xG4nMDLM2rFazkax+6XA5cf2iW2SfL6Trs4v1waakU/jQLA7vsrx14S+wGEdVINTSPeh5DHqkLzTa3m2tpXVcUA4CG8uQZM8E/3/y0BuIW0Ahl/P6dx35W1Al7gnaTqmx7+idcc/YVe0auorZWWdyclf1sjnAw6U8uMhWmQ0dZgDehDtshlHyx84vvJ1JOJs0+6S2l` | -> | Jio India West | rsa-sha2-256 | 12/31/2025 | `ZD5Vw+3ipQeZYOwHpwIrfJIDBfZcTpydzeq7HSNrmxw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDRX7fdrzYX7M8CRXXZG44+MRP30m42vmzSf0xwugiR05ECtD+rI1VNH4VwhviQ75st+lIU5DzkNzxInZiof0/MgfaOnjzjpHfVV+CERbmbawaMglAz4c5LA9k76TDemRl/367h3PizXW7zVyNj4MKoJLzn+FEq77f9Zeo6TnVW/ZDifsTSyAYfwgJKxRJCHoDi0XZVWpuuLJcV5k28tH4OTBWUE0+lPCuu3e2bPzNKXhm+XzFjShMWUv16pErxBFmkCaGSVpDbeW+I1nIkjQ02dsvrDxyYGOZEbd4cWJX2wgYSD+jt3oiEXCqG2VyX9uVRHCslXu2ezTDUIiCFLs01` | -> | Jio India West | rsa-sha2-512 | 12/31/2023 | `LPctDLIz/vqg4POMOPqI1yD9EE9sNS1gxY6cJoX+gEY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOH+IZFFfJN4lpFFpvp5x1lRzuOxLXs0WfpcCIACMOhCor2tkaa/MHlmPIbAqgZgth5NZIWpYkPAv7GpzPBOwTp3Bg5lUM7MXSayO/5+eJjMhB5PUCJ0We8Kfgf/U+vbaMIg9R8gJKutXrANd3sAWXMwWqKUw+ZX/AC7h58w04gb1s+lNOQbfhpqkw8+mrOj2eKH8zHYUJQBUYEyDHqirj565r7HhBtEZImn/ioJS+nYT5Zl/SNtW/ehhUsARG9p6O4wSy20Ysdk7b9Ur2YL0RyFa6QhWQeKktKPVFQuMMLRkYX7dv35uAKq8YN833lLjGESYNdCzYmGTJXk5KYZ8B` | -> | Jio India West | rsa-sha2-512 | 12/31/2025 | `M/GmNpPBZHx9Gi6prlLDV5NZbknqFvdLPBt3WhGroH4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCaPoHixXf5KMFCIJx5ZIDymatZcqqC+YLz2DpXwvBFiHt2QYQA6w3ZkZNpimjtWJUPyXBLUABMMrnD5WbWfIgYZ/bIsZhsnzMJmcXejD+vOkCoI3iBh2SzlUJodpSj6ahX/9JmWqU8mRB1zITB7XWdvkyjAC3TS2ps6G7wcXHumk9MbuktrbPYNKHj8CBjrFfAEggG2IJ1YTHHmBqV3Gl7+JqFSH5VO+PFnvNSRb0ATurp4GLsOB7syr2hy0sdFG4lLcYSlIAbYgVvT4x2LEpq6HFxxPOCluSgu93Slg9ZBW/z47PSwdGMGkwENyy0Xdltae+OzTxZ4zoimSitRWOp` | -> | Korea Central | ecdsa-sha2-nistp256 | 12/31/2023 | `XjVSEyGlBtkONdvdw11tA0X1nKpw5nlCvN/0vXEy1Gc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPYiomaLB3ROxZvdfqiilpZ+2XJiPDeIIv4/fnQRZxnCBCFrUm7ATB6bMBSUTd00WfMhnOGj4hKRGFjkE+7SPy4=` | -> | Korea Central | ecdsa-sha2-nistp256 | 12/31/2025 | `9HlPpVNUWFMksQe7WrfMKiglruSK/KtPlEV4QgXBv2Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJF52Xf+DqG3cFdeTGRWzhKAd7wRrgOGs6++7K4spCmABa2thto/U1pZdyxZkq48+nk0U717raE4mgN5GkJpWxc=` | -> | Korea Central | ecdsa-sha2-nistp384 | 12/31/2023 | `p/jQTk9VsbsKZYk09opQVQi3HzvJ/GOKjALEMYmCRHw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBN3NA7U4ZC576ibkC/ACWl6/jHvQixx+C6i2gUeYxp7Tq6k4YLn7Gr1GNr+XIitT6Jy5lNgTkTqmuLTOp7Bx9rGIw9Or37EGf7keUM42Urtd+9xF1dyVKbBw0pIuUSSy+w==` | -> | Korea Central | ecdsa-sha2-nistp384 | 12/31/2025 | `vy9cmbZQT0EgwifI+RHoQnGbV3tAjUIFP1Bl8zyZxIU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBTAnIdrs0h9CFZhTOEXmo89VTCOtNl0kxnXGazFpBKAmtPu6TAvdEBlKA3xjppM74h2e7Jv/tnr/SsZJK98BOKrFCPwZC+oFNoZ1SdRYOuoqp9BoXVPS8pAcisS2eFTCQ==` | -> | Korea Central | rsa-sha2-256 | 12/31/2023 | `Ek+yOmuAfsZhTF4w7ToRcWdOevgZPYXCxLiM10q44oA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCyUTae7QtAd3lmH+4lKJNEBNWnPUB+PELE9f4us5GxP8rGYRar1v3ZGXiP2gzPF1km1cGNrPvBChlwFMjW+O5HavIFYugVIe8NzfI7S3t+kgTylXegSo1cWen18MAZe6Q5vxqqFzfs+ZChWEa/P37lTXVkLVOYCe5NJUPm8Zvip7DHB2vk25Fk3HMHG9M50KNj1Hp4etPI7yiLNLNCh5V410mf3xhZChMUrH6PMl/A+sVv68ulcVeIZ68eMuQktxz1ULohBdSExZGmknVrwfF/fLTKWxHlVBjB3yDlLIJO3nTFKaQ4RzPa/0If+FcbY+hIdzSjIAK6W3fRlbVuWHYR` | -> | Korea Central | rsa-sha2-256 | 12/31/2025 | `BWHK5p4dmTUH0NU99TJm/stulp/+yWT26EWaNYddwv0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCfRvjPUGmZEi/70Vl12uUsbpaPd0Rdh8vElRKFpp06Uy3tcYpUdfwHQC5djjBEuniiK6V3BkyZb6/LPwCrxbrwzuUcG7aP929DeSYoe86N5X6vTpU8tyffkotTDxhzXuu5WA11252rgtt3GIOYLOGHR1Itpcl+P4OZ4ELnMrsCXZcewD9YphNEVgi7Ez9yi4rdsulXTk7qdlTj07pOMO+CpTx9H9MHhw0v9JSy2LBxU9bmNFU+megWA9jTnLqSdO+xiLBmlbwEbrPBDuZybbM4Idz+DB45os+NsIbpFTB9XKZ/eP2ijtUoGagytX3yp1DDcdGDg+beOyI3gzxOvR7B` | -> | Korea Central | rsa-sha2-512 | 12/31/2023 | `KAji7Q8E2lT3+lSe7h74L6rfPnLEfGVzYZ/xyM96//0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDxZYb5eIWhBmWSwNU6G9FFDRgqlZjYYorMSXJ4swHm4YYHKGZTf4JOE5d87MNtkVgKe2942TQxA1t2TaENlmNejeVG5QZ4to+nVnwsFov2iqAYChoI6GlhpwzyPsO0RkqLB8mvhoKMel1sNGfmxjxYVFt4OSPHDzNIU4XjGfW24YURx/xRkLU1M9zBNADDx+41EMNRT7aBXrKW9MzsxkfCM3bYwjdBbI2Yi2nUqARm+e/sBPLTqVfjuMFvosacYc43MqepFSQoZE5snwYxkLJzltAbxNUysJs277isnGgezh9p5T2MCxtCERU0lvp7M52hd1p75QEtNrdadfDprzT9` | -> | Korea Central | rsa-sha2-512 | 12/31/2025 | `Lwixdb3Fx5yvcsFkjBMeAVLFTj4ihngqAUvMDKWLrx4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hp87cOOR8dC6B3tjUJIzLu6Ti4LB3jLep921EnhrXjEYwXWsWrEIyacsmoVxfbXJ2NZynzpInaKk2XiK1mQg2raLggao9yJ86NLQKZYQD8s8+74bO6gMoMgsGRRoPSRXv2iis/t5KEpKWAC+fC1qIQnwKOGscIgo5AWMDaWA98RoL+4HnRcQIzNvWwN14lebZ0H39Ijs/D6rMWIWibSXE3OWaJ7200lQ1+oVRmWT+mOo+QtQ0EVOKsFlynEkxgIysqEieED4dT8nE+bnAUrrOFGXjd0WpuHDaaEqldfHkmBX8FGLIei/1+KeVqIiKkeys/vbdyhjpQu5A2pdeDm1` | -> | Korea South | ecdsa-sha2-nistp256 | 12/31/2023 | `XM5xNHAWcYsC5WxEMUMIFCoNJU/g90kjk/rfLdqK7aw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHTHpO85vgsI6/SEJWgEhP5VDTikLrNrSi6myIqoJvRx6x8+doTPkH87L/bOe/pTU/rCgkuPi1kXTC7iUTSzZYk=` | -> | Korea South | ecdsa-sha2-nistp256 | 12/31/2025 | `fOxnPL6yD3NfoubIfYyPCT1/LShV6zOSx/2+swvo5Gc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAKFsE2xKTl5AhlcV7RaVykUTRz5zLNgQomLPNyQoAKrT4sEVUz36e5apDqquC0Xs83Jg3d2by4UQVmYEcSB7f8=` | -> | Korea South | ecdsa-sha2-nistp384 | 12/31/2023 | `6T8uMI9gcG3HtjYUYqNNxi99ksghHvsDitIYpdQ4BL4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAgPPIDWZqvB/kuIguFnmCws7F4vzb6QG7pqSG/L9E1VfhlJBeKfngQwyUJxzS2tCSwXlto/1/W302g0HQSIzCtsR4vSbx827Hu2pGMGECPJmNrN3g82P8M0zz7y3dSJPA==` | -> | Korea South | ecdsa-sha2-nistp384 | 12/31/2025 | `WMARPBxgBRgT+w+qU1USQ7AJv0vVsqUkJl1uDqQ5sAQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBC+3iJNzYWq6KSjd72sIJYQfeoSxF70re24Ps2SLcDLXiK2sZ0qsDSrjG7Yk2qVXYKydLQbUZuokhfQyV5zKYjcNQ5VHIblwd+10GlvZeqyCZibOuoUsMNxhMx1eAlo8KA==` | -> | Korea South | rsa-sha2-256 | 12/31/2023 | `J1W5chMr9yRceU2fqpywvhEQLG7jC6avayPoqUDQTXHtB2oTlQy2rQB` | -> | Korea South | rsa-sha2-256 | 12/31/2025 | `sxw9cyrpek3T3ZcO0+ghUoNn+M9dZD72br4F1GXV3iQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD5wHnNSXU7mmafdb4eSavGZiwaYIweYtGrLSj6IYxDafpk4+RwX9Grr7gG3yAG7wh/t9AzTt7Aj7mh5H2vNkJIkfS8efZgaW+BUJjatQAVu0pXUv0vAbIaioBvUJEeNlCYrOsSvfI+fLP+8JnZWPIkFi8jg/2cePOVFD/ZpTdq/d2b1ifOlEi2EtwkPK4U49asfwfogGpWShoRSufBiGdH5L3Sd157r2wJsUqUyO4x8CPLgT/cRR3HnQxWbGJOwalkb1Da1EX9gnHE639jTv5RPBUEbLA5JfAKWi6W7W4Wp91Se262Qva7fXeJv7lB1aPignIaI7XiZJYMITUAY2wh` | -> | Korea South | rsa-sha2-512 | 12/31/2023 | `sHzKpDvhndbXaRAfJUskmpCCB3HgPbsDFI/9HFrSi3U=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCfGUmJIogHgbhxjEunkOALMjG77m+jgZqujO3MwTIQxQNd/mDeNDQaWDBVb2FJrw15TD3uvkctztGn2ear3lLOfPFt0NjYAaZ8u5g9JYCtdZUTo5CETQFU/sfbu2P2RJ/vIucMMg8HuuuIMO059+etsDZ5dZHu9cySfwbz/XtGA0jDaTlWG0ZDT+evOE0KmFABjgMFWyPnupzmSEXAjzlD/muGeeUhtXUB8F6HVUCXLz7ffzgYiYj+1OB0eZlG/cF8+aW7MOpnWvfpBxwm16soSE1gmZnXhPrz/KXlqPmEhgIhq7Cwk54r3rgfg/wCqFw+1JcbNOv5d4levu/aA7pt` | -> | Korea South | rsa-sha2-512 | 12/31/2025 | `HKrQz+1svxtsfHSYoPt+DK7xN7zI8tCGKqcohLpKiFE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDXjEE9ikBQMHmepDgS7yNbQ7BUEHR/KB5xMUH3+bdmx/YctR0M1cVGKpRDlc6ME4F30cNDayAEwP3kgEUYD8nD8grJhIBg16zb3J3AJF1FaKBjdCG52Az+pbwywnanl+mG+vvvVS4m1gNc/f+blb3hNkgtE2Tk45jlHiPAD671Tj+E5HVZDYoiDaudk8IazT9JqUIKXMcw2HMG8YOwcap21gKedTQoBKGCfgYjrKapbwj8AXbR+TxZ/2fu2YtLk4MYsRxYK2BlgF3GqJKcrCT3FI2fW/1fnP8OI8XKd` | -> | North Central US | ecdsa-sha2-nistp256 | 12/31/2023 | `6xMRs7dmIdi3vUOgNnOf6xOTbF9RlGk6Pj7lLk6z/bM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJw1dXTy1YqYLJhAo1tB+F5NNaimQwDI+vfEDG4KXIFfS83mUFqr9VO9o+zgL3+0vTrlWQQTsP/hLHrjhHd9If8=` | -> | North Central US | ecdsa-sha2-nistp256 | 12/31/2025 | `s/ZY4uDhgUqq1e5mJuKJqnB2tWKrmCSxsDFUdI53crs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIIsskPKndr1JuwN+hz/5EY3EvGrDSbz8kQq+vlzYTm26jiS0Uw7OFBRhaZLMM4Cnh6qT7xQ5aNwnzuVFVCYitc=` | -> | North Central US | ecdsa-sha2-nistp384 | 12/31/2023 | `0cJkHHeTNQpl7ewPTZwug5+/hfebiH6Yxl2rOTtYZQo=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBG8aqja46A9Q5PmhPzhxcklcJGp+CiC3MCjVR6Qdl9oQGMywOHfe+kCD72YBKnA6KNudZdx7pUUB/ZahvI5vwt4bi593adUMTY1/RlTRjplz6c2fSfwSO/0Ia4+0mxQyjw==` | -> | North Central US | ecdsa-sha2-nistp384 | 12/31/2025 | `2vN+aOTY7FunWJ9DjrDCDWYxsr9Wme8hJ5w+Qx54624=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFcdbWr5Q3sOjz3ymMuUEN5W4FV8aYJxf/TeHm1nq2r3S79dX/QyQs2mDUGgkHlZW7oWB6rrDGXDkNI9ur0wMh1gKBS0JgkjzH/B3knAKiPNv8rPtxpI8aMY7RJy/pAGiw==` | -> | North Central US | rsa-sha2-256 | 12/31/2023 | `9AV5CnZNkf9nd6WO6WGNu7x6c4FdlxyC0k6w6wRO0cs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDJTv+aoDs1ngYi5OPrRl1R6hz+ko4D35hS0pgPTAjx/VbktVC9WGIlZMRjIyerfalN6niJkyUqYMzE4OoR9Z2NZCtHN+mJ7rc88WKg7RlXmQJUYtuAVV3BhNEFniufXC7rB/hPfAJSl+ogfZoPW4MeP/2V2g+jAKvGyjaixqMczjC2IVAA1WHB5zr/JqP2p2B6JiNNqNrsFWwrTScbQg0OzR4zcLcaICJWqLo3fWPo5ErNIPsWlLLY6peO0lgzOPrIZe4lRRdNc1D//63EajPgHzvWeT30fkl8fT/gd7WTyGjnDe4TK3MEEBl3CW8GB71I4NYlH4QBx13Ra20IxMlN` | -> | North Central US | rsa-sha2-256 | 12/31/2025 | `AT+uuHy3KWpXQX1o6xvepKloVxWW/hHclRucH3CQ8IU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC1etuSzvJZ1idzgvO4r8kZ0XqGM+AzonnYHMs3CyG9+IuBG4JPRq1cRvj3MkHLt+5V+RXp10c3TSyxit62awNjlWW1e6/v3R1IMjqBh85+biHDIJ7TtaNl8zBOvdzS7jVMXxcOI/2QySEFwZq0Kp19S6HBxVXNYDi0Imccxl6SpU/dLqJcJQpmJjGfOQamO0fVU5kEzNvTy6j1ivLQtdjwnbhJCzohplqMHVm2mzCr9Tl4YPHp2VRdrtH7vLpml/uu27sL9lZKzQMXDc6kQsDoORukblfu2CDhO3x+UL6+5fcbG4gYilt96JJy8JqIUc1FteR+BPpKHuUzM2LmLHb5` | -> | North Central US | rsa-sha2-512 | 12/31/2023 | `R3HlMn2cnNblX4qnHxdReba31GMPphUl9+BQYSeR6+E=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDeM6MOS9Av7a5PGhYLyLmT09xETbcvdt9jgNE1rFnZho5ikzjzRH4nz60cJsUbbOxZ38+DDyZdR84EfTOYR2Fyvv08mg98AYXdKVWMyFlx08w1xI4vghjN2QQWa8cfWI02RgkxBHMlxxvkBYEyfXcV1wrKHSggqBtzpxPO94mbrqqO+2nZrPrPFkBg4xbiN8J2j+8c7d6mXJjAbSddVfwEbRs4mH8GwK8yd/PXPd1U0+f62bJRIbheWbB+NTfOnjND5XFGL9vziCTXO8AbFEz0vEZ9NmxfFTuVVxGtJBePVdCAYbifQbxe/gRTEGiaJnwDRnQHn/zzK+RUNesJuuFJ` | -> | North Central US | rsa-sha2-512 | 12/31/2025 | `KmGVFgihOp7BEJgoOQ28QGCVpivhWOUJVpoWSf1DzLY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNhjttgLAC1yCwlPWPS0Ts2kHQ7RuGvnbZ0yrCTB3URS4SeMSkrQP5H2lBqaj/ZygNeH1JPcy4rsDopP5g9S78tSVUSwwhd/TY1qw2yMQgQKBX2540h2ErLjnW1nqfUliLEGU6lxY2JEui9XfiFjS0ct2LdWzoWk/2rhDLl2CJej1j6u4gopjaLewhndd/yiIwM/tkcMmTUL4zV1X3esbDbKHCKVCOjeVK1KIB7eA6pg9HfBcIFacVUraTsn/curAgsi7Q/X5o7KVHcCGRWGyrHD2qjrPTbGOS9dIBq7hwpBGHi1estt1KiavuHNMCPvwKdhLmIYA+6raz9w4rOSwh` | -> | North Europe | ecdsa-sha2-nistp256 | 12/31/2023 | `wUF5N8VjGTnA/PYBVzQrhcrMgHuCfAYL1tu+p6s28Ms=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCh4oFTmr3wzccXcayCwvcx+EyvZ7yANMYfc3epZqEzAcDeoPV+6v58gGhYLaEVDh69fGdhiwIvMcB7yWXtqHxE=` | -> | North Europe | ecdsa-sha2-nistp256 | 12/31/2025 | `wnIXnbkmXRuxP+60TeN4mn0kplC2Lb+ohnlC9u4cZpk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFIx6kxnNFhCoIC3SdEFUFNZlQA+2Pc1gMMAy59BkCIP7PWhEF8uejxGQOfxwQO17AW0o6anFFWhyWoxTI3vpXw=` | -> | North Europe | ecdsa-sha2-nistp384 | 12/31/2023 | `w7dzF6HD42eE2dgf/G1O73dh+QaZ7OPPZqzeKIT1H68=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLgyasQj6FYeRa1jiQE4TzOGY/BcQwrWFxXNEmbyoG89ruJcmXD01hS2RzsOPaVLHfr/l71fslVrB8MQzlj3MFwgfeJdiPn7k/4owFoQolaZO7mr/vY/bqOienHN4uxLEA==` | -> | North Europe | ecdsa-sha2-nistp384 | 12/31/2025 | `7YPYAsFrQ6BRtsVcL7zXP1IClrfuqi6ruN3w9ri6UmQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFxP4POMxrfU1ca7/LmaMlJY+6gtOGUupVmFj90ZFFGxXEccxknT18phpIy1zu1n+oh0kmyqE3JKac71Jbpt0ypM615lrnC5xH9Ayxvi05nFYA/gXAbC/oAqSMGNtuaNxg==` | -> | North Europe | rsa-sha2-256 | 12/31/2023 | `vTEOsEjvg/jHYH1xIWf2rKrtENlIScpBx450ROw52UI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQChnfrsd1M0nb7mOYhWqgjpA+ChNf7Ch6Eul6wnGbs7ZLxXtXIPyEkFKlEUw4bnozSRDCfrGFY78pjx4FXrPe5/m1sCCojZX8iaxCOyj00ETj+oIgw/87Mke1pQPjyPCL29TeId16e7Wmv5XlRhop8IN6Z9baeLYxg6phTH9ilA5xwc9a1AQVoQslG0k/eTyL4gVNVOgjhz94dlPYjwcsmMFif6nq2YgQgJlIjFJ+OwMqFIzCEZIIME1Mc04tRtPlClnZN/I+Hgnxl8ysroLBJrNXGYhuRMJjJm0J1AZyFIugp/z3X1SmBIjupu1RFn/M/iB6AxziebQcsaaFEkee0l` | -> | North Europe | rsa-sha2-256 | 12/31/2025 | `ai5VaZSIlMqnIjownVEFQqW9U8woOoBGFY3hSbrdnHg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDHFi3P1ykPMMhPNqYLM5l2tTOvC7UXCY635w5SrsL+8rOFTAqNFfwhZrccGgWhuzO0LNt7khMjHgYKn6yG67HyHvL9ZXC5rTS4mDALNDyPNCMzyAI3fuDZOWlGpDTzMhfzTeZzbK5x5T9MSGDfOlsdnQt8p5hEDCAnl5oSOze5k6ZUXV62LNXLEG5+xIYr64Raz3oaOsEVfhzZws18GgdMfCf0Syiw7rqjfPnPWmJnyxzuGvIGDEyitxi5y1WyzBe/Hwko0rFCQLwSFiEEm6ZAMJzvsDWzfKvIowZV8RVw/avN3Yvz6B6VBVbX1fHpMoVqzCdsS/38WwfGbdY0HoqJ` | -> | North Europe | rsa-sha2-512 | 12/31/2023 | `c4FqTQY/IjTcovY/g7RRxOVS5oObxpiu3B0ZFvC0y+A=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCanDNwi72RmI2j6ZEhRs4/tWoeDE4HTHgKs5DRgRfkH/opK6KHM64WnVADFxAvwNws1DYT1cln3eUs6VvxUDq5mVb6SGNSz4BWGuLQ4onRxOUS/L90qUgBp4JNgQvjxBI1LX2VNmFSed34jUkkdZnLfY+lCIA/svxwzMFDw5YTp+zR0pyPhTsdHB6dST7qou+gJvyRwbrcV4BxdBnZZ7gpJxnAPIYV0oLECb9GiNOlLiDZkdsG+SpL7TPduCsOrKb/J0gtjjWHrAejXoyfxP5R054nDk+NfhIeOVhervauxZPWeLPvqdskRNiEbFBhBzi9PZSTsV4Cvh5S5bkGCfV5` | -> | North Europe | rsa-sha2-512 | 12/31/2025 | `ralX3vX5MZc4oSa+vFRXYb57sOw4Q30iZ0jx+s1LbMs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC04Y+mJojbEI6L590NFYLYcWI6Zg+WCVIFSIz2ABoawbKHmQpEh6Gz56dcw8gbv6q9zNn8CVD+i4+k9QLycMhuxoR5kRJO6iJexoasY9W5v7nGnIpp/pg6IfOsQ97nwRtD0dOL3Rg3FuPqXLA9mckhc70gp2I8FK52sfeZvJEUfjRlYzgtsZbFVpj1mLnEr18eLZTUzVAPz2ABHhXNCuBft58iue5dO28a6boR0dVBPTy0wI1hJ3CyiFZj6EQKceK4kxv2b0TQ/H8E3PGb6wh1PoOel4IZ0CiKGCovJhOOfWZX5CYjNW34okNZONYWleI3yYFQetlGTXxvdMEV61sx` | -> | Norway East | ecdsa-sha2-nistp256 | 12/31/2023 | `mE43kdFMTV2ioIOQxwwHD7z+VvI4lvLCYW8ZRDtWCxI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDWP6vJCbOhnvdmr7gPe8awR/E+Bx+c8fhjeFLRwp6/0xvhcywT9a1AFp7FdAhkVahNKuNMU1dZ0WTbOEhEGvdg=` | -> | Norway East | ecdsa-sha2-nistp256 | 12/31/2025 | `LX3xXaXt8vEj9GexgUl5FQPn6kgHgqJyqbyKUUSXI6Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNfWlwwKQz69ViXpaEe923CbQgSMjpxCn0fMQDjdGz42v8mrwBLTNYP48c4pzLm8eiWtb5IU07Au7rl+h2OFAUY=` | -> | Norway East | ecdsa-sha2-nistp384 | 12/31/2023 | `cKF2asIQufOuV0C/wau4exb9ioVTrGUJjJDWfj+fcxg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDGb8w8jVrPU1n68/hz9lblILow6YA9SPOYh5r9ClAW0VdaVvCIR/9cvQCHljOMJQbWwfQOcBXUQkO5yI4kgAN3oCTwLpFYcCNEK6RVug9Q5ULQh1MRcGCy3IcUcmvnYdg==` | -> | Norway East | ecdsa-sha2-nistp384 | 12/31/2025 | `Y1NKi875wtm5Z8fto3UZft09cvoZIE/mbEvVbxEq69o=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBP+K8187kNSjyrGOu9exSmSvVDfRQDHoe7EOpD6JLOhDnT8/UeAQqzaviiVppMF1BqVuBplzNyV6NCQPxwqVlrJsXsvNOnneJOVJf+E4oNz2I6kF5rZbzc53cWUqnD4rAA==` | -> | Norway East | rsa-sha2-256 | 12/31/2023 | `vmcel/XXoNut7YsRo79fP5WAKYhTQUOrUcwnbasj/fQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC4Y1b2Bomv8tc/JwPgW0jR5YQhF031XOk4G0l3FOdZWY31L8fLTW6rOaJdizOnWCvMwYQK39tyHe6deN9TZESobh0kVVuCWaZNI6NUR0PSHi0OfbUkuV0gm/nwtwJkH5G9QbtiJ5miNb4Ys3+467/7JkqFZmqN6vBLhL9RVInO00LPYkUGtGfTv+/hmsPDGzSAujNDCFybti4c+wMgkrIH6/uqenGfA1zW3AjBYN2bBBDZopzysLHNJYQi3nQHQSiD4Mdl7IGZtJQeC/tH9CKH5R4U4jdPN1TmvNMuaBR/Etw4+v0vrDALG1aTmWJ7kJiBXEZKoWq/vWRfLzhxd4oB` | -> | Norway East | rsa-sha2-256 | 12/31/2025 | `+Bf5PY3s9YEjAx4iGC4T2qiuJSpfc+2j9cAH0oz2K+I=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDSpVn1Tw8w4zdnknXitlR2xjrMQzazRDf1PY+jvXUQNdgHBbH0fGE/MQwDQdejngoPijoXm8F43sl0DkEqLwDBDCjiTDBa7jaIZo4xlOBCJ5zmN9/I9rOJgYsk7wF5KHXBLkOXKWh460uerxUj4i9n+NTiJzoV+3x71pE6t7j5Q9TwYA6WlOm0m8ejtmMycuzlG76y5py0EMCF/t5RCk0UPn4PMMt/m+EOARXEv5A/JxSID+tk2xSOtO30PHtQFbKvEG0M4FuawlpWm5hvCT0V9VDRm/X7EH51ivKi2Xu9Hvec2FrIaMLy8a8buC0lhosyubpe9d/lMzs7VE81SPLl` | -> | Norway East | rsa-sha2-512 | 12/31/2023 | `JZPRhXmx44tEnXp+wPvexDys1tSYq9EDkolj9k6nRCM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC11j19LeEqRzJOs8sWeNarue+bknE3vvkvSnsewApVMQH35t9kpqRGMSr6RTU2QCYDiQTCKI2vzLSTLGoizoPBiY/7lvdylDRCbeEpuFUkgvKZrapkJ6JqKOySPpFNhqCs27rdY5dJ2C7/nmTL/kvcyhXFXZT2lJaOIdRSKv/1Q3DAWQ9icNGbDokQDubF5etlkquqTV6r/ioFuh7hdKE+fJooyHa2oYTD+j5cNDKBxrJWBEidOe2HwplR4lYPggUcVtGu9aoSVIMmswztFF6+MNIdOT1kdvHewKLjkVB1hbIHl/E+uexsyMGcCg5fPy7dDIipFi1aED+6R7CnAynJ` | -> | Norway East | rsa-sha2-512 | 12/31/2025 | `+FdWhzWXTs3opklJIbLQeXAWhB8m6SWWY7+FdMzFAiM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDN0QhSmq9RG/FDQu0OhXHP0CKQfR9XRLM+4sK78l8oHGZJUIGPfNuAM4a8rixwwQiJpJHpRTnhjG+8jogdwJaBx6HJIEJCUcorWr2QAwdGq01A4aLcDkhHka9Dw2GYiDCYtJDolSW4n0ir1oWSIetAv0sjkSFMob9AK33P5shQC7OjWBSSAZoDolkIxrLOFQy4KCl5YDO+heUTOaja0ymcCKrDVzWxYaQoonIznYwdzXC1T9YIYjR5FsDp/Wn5OvPFNCe4mdKLasU+pN+kV7oGrPMULvPbOvBzGb4I0ozfShbRMt0H8nPXLXG7+LkD8YM5NTFxiaKiZpNPdThycHQZ` | -> | Norway West | ecdsa-sha2-nistp256 | 12/31/2023 | `muljUcRHpId06YvSLxboTHWmq0pUXxH6QRZHspsLZvs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOefohG21zu2JGcUvjk/qlz5sxhJcy5Vpk5Etj3cgmE/BuOTt5GR4HHpbcj/hrLxGRmAWhBV7uVMqO376pwsOBs=` | -> | Norway West | ecdsa-sha2-nistp256 | 12/31/2025 | `nI5iKgzoS960Hf8VzZ+Z+qJqlhG3We9wUsisCqEv0HE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFYTmlTdycyDk8yLL3HRZFQtk3Zs8iG/IwJJO9LgpDAlr6oxTbHHyLBJnhvAgNl03EfMGMQs5Z0Vx7fcZOL0NzM=` | -> | Norway West | ecdsa-sha2-nistp384 | 12/31/2023 | `QlzJV54Ggw1AObztQjGt/J2TQ1kTiTtJDcxxIdCtWYE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNYnNgJKaYCByLPdh21ZYEV/I4FNSZ4RWxK4bMDgNo/53HROhQmezQgoDvJFWsQiFVDXOPLXf26OeVXJ7qXAm6vS+17Z7E1iHkrqo2MqnlMTYzvBOgYNFp9GfW6lkDYfiQ==` | -> | Norway West | ecdsa-sha2-nistp384 | 12/31/2025 | `9ElS1gKYvwii1fb2GffZ1OI8ge5TQiqAda/CL7N8vgY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBN8A1zgtX4PxY0zkK7YmA4vasazPyPhXMVsXz+bINiscC37R9xePSah2A18uIT8M1s96OMhukXKxQrrcWGAGYIIOlDQ8mjb/HsXu5HZsySTfb81bw0Fq6YVD/8u35ER7Ng==` | -> | Norway West | rsa-sha2-256 | 12/31/2023 | `Ea3Vj3EfZYM25AX1IAty30AD+lhXYZsgtPGEFzNtjOk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDuxOcTdADdJHI8MFrXV00XKbKVjXpirS3ZPzzIxw0mIFxFTArJEpXJeRfb0OZzQ1IABDwoasp1u+IhnY1Uv2VQ8mYAXtC3He08+7+EXJgFU/xQ8qFfM4eioAuXpxR7M7qV/0golNT4dvvLrY4zHxbSWmVB7cYJAeIjDU8dKISWFvMYjnRuiI7RYtxh/JI5ZfImU65Vfxi26vqWm51QDyF5+FmmXLUHpMFFuW8i/g8wSE1C3Qk+NZ3YJDlHjYqasPm4QidX8rHQ1xyMX9+ouzBZArNrVfrA4/ozoKGnPhe4GFzpuwdppkP4Ciy+H6t1/de/8fo9zkNgUJWHQrxzT4Lt` | -> | Norway West | rsa-sha2-256 | 12/31/2025 | `Ok1QW8mYdmM2ydj0kSV0q32mtjj9rWNVKU09EAAl9Tw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDcv8atttWdhSTVwpV6v61hhBlf85e+Uu3Qjpm0Fa09OuUrK69pggYU6JHHv1AHlMMCapuo2ReGc66tv4dmICijxRYuejZG56uproG4rARSK2JioXB4Yq1qTr35+uXaRj+w5G8/T0zxsvE6AliGBbZDoa07+R4ZQ4PLKcZnxdueHiDoNsZQOvfEtqtksK3LpDD4JU5/mzfDkyGaKejFWQ6DnnGxpE1cEnBdae9ETHOFWbbB0sYd3vMRMsyWlQWUX2MZ4NoacwnzMl2mqX3hDIbzlitxeZqRixJitnL0rX1gPpQg9n/RfCaeynsMjKXA0pprylHLywnKzpaj9UjMeGw1` | -> | Norway West | rsa-sha2-512 | 12/31/2023 | `uHGfIB97I8y8nSAEciD7InBKzAx9ui5xQHAXIUo6gdE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDPXLVCb1kqh8gERY43bvyPcfxVOUnZyWsHkEK5+QT6D7ttThO2alZbnAPMhMGpAzJieT1IArRbCjmssWQmJrhTGXSJBsi75zmku4vN+UB712EGXm308/TvClN0wlnFwFI9RWXonDBkUN1WjZnUoQuN+JNZ7ybApHEgyaiHkJfhdrtTkfzGLHqyMnESUvnEJkexLDog88xZVNL7qJTSJlq1m32JEAEDgTuO4Wb7IIr92s6GOFXKukwY8dRldXCaJvjwfBz5MEdPknvipwTHYlxYzpcCtb9qnOliDLD2g4gm9d5nq3QBlLj/4cS1M9trkAxQQfUmuVQooXfO2Zw+fOW1` | -> | Norway West | rsa-sha2-512 | 12/31/2025 | `4OjYruCQ3UATeLz7ZDyXumfZVCvED5stvmAbVeGhYFY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC5SJKaXLtWBtOxSti/Ag6KGC5Gyc2CQMj6lMl8qEUzChtvQrE4a05HNtudc8jS4zbkINtfdZHJ6MvsrhsrKOufTnNlNBbd75lG0KciYVWVXZudFxi9PITMV12lBGRNnKXR9YDY3sQsAF9xVitP8c3qOqX0r4/99KVx0uJg3YrcVmyLQR5it/QLYYV3XHuo1wo705f3EH/uAXrs03b3Mf03XUCk5HguAwyhvB0CIAgI4CALS6mCMKosZ+KVsV50GB9lWsh/bDpAGOLzBon9g/1nilgmL79EbnYtJ1H8Ia5CIjLtkS+qSTeycLjjmGa79Wh9ysWl5ek8WghcK1u+guVR` | -> | Poland Central | ecdsa-sha2-nistp256 | 12/31/2023 | `aX1HJKXvnL8pJ1upt1OnBQT0vLbQXDrBeThar32gyEs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOTFAOA/iJnf5S+3tGqyGEpFspwR86HChkrkloJnehNvYhecP4tGhJx5Z15j9TJqHWEzpBFPIcxF+O9tStiv+oQ=` | -> | Poland Central | ecdsa-sha2-nistp384 | 12/31/2023 | `jNH6sSVNE+1NhyZzA3tzk0RaJpZoLVZHd8yjQG64DDw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFoLS+6QCyjyibWZvldjErzY9ptf+LXhyeQQDu7K+UajFsLk7xzx4vIRLsPJ+UhRyu81Lwo/pxcgoDX6uyB2M82JfQAWF+jniU7RfC/QzO5Jxbsj4mlY1kVO+R7/vdLTyQ==` | -> | Poland Central | rsa-sha2-256 | 12/31/2023 | `Ph2MhHZIZtRk76qOvea61JQGRMyxbHeYqbQYo1bDorc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCplMMhYJaBSEOXRYRvUACL1zoisjy7BRVdsKORsnqKtMimDqvl8UY304znr9Rn2DBT55EzRQIPs4V6tKwUMe4+FBm9Ef32/jxRdlJ7bM/eMRwFwmo4PxJ1pVpP8TYkpLcXXx5T+zCtphkSXUBHrZRas0OLJIw6ooj9rt60PeCvEIl9HBA8sMt8u7882KKGIZra7C1PK/0/rKub+7oRBEgXoxZxKYFmu72CJV4/4FmxQsYpqcwKaFgMnDYEzpJexL+XlGJ+GkeX8tngy38lwlwGdxi6s6w9e20TUSYtbfPJE8OBq08cHN1OhpbL3bS2Ynr5QkFwHIcwa0seSuXJCIj1` | -> | Poland Central | rsa-sha2-512 | 12/31/2023 | `aSOu8q60R2fx2C9eoCX3ReG/wKQbXzHf5XoTaEww6GQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC4c5mGbfEkwSgXnhzF4zrguh9X1aHMn1p6pTwJhCjGTQ54ZIFYgfA294RXTYJdL84Xi++qCXHeENVeTWfD9dRlz+KDCOST4JpHauGKnKUF3udsHNNItai88CpDHj8JM6YYxfUR4/BHCNJQ8BrVnvrljWaj7SYJhyUuwChZkTeycZSQPOVJRoHKAnfI+KVZGfQp6dfJx1M11Ojz6a72E6cDDeu8YBNEGiWfYARTi0FJWpy36CsA6aLjXkWTLgM4ZD7vIhLOCLholei+zR43jpZUNKRe7Ym4nSliRsrlEsYkblxsIxotpLt9Al+ftn7GBAjU4HwhC13o8K3yWw0z3daR` | -> | Qatar Central | ecdsa-sha2-nistp256 | 12/31/2023 | `QOdUXQx3Bi3ss/976Q0n+aIt/vkWjfmGH4fsgk1mBvw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJz1f9SCaXyUAatHKEr/sfY2uRJWtftsigePCckBp+l/VenEVY22vVwstmrIeu02JKz1+IfePfGQ2bWOprpodXA=` | -> | Qatar Central | ecdsa-sha2-nistp256 | 12/31/2025 | `rHB1fi4XAuQvabHUxHlsdxtBgvZur4W5h4SDCM+OaZ4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMsNj0SFCAb8D5igdFlWaeZxYvP2fthgXjb+a+Fb3AcqPIjHFQPX3iImnBW8SHguqTOTi+x08P35/LjXzUSrZEE=` | -> | Qatar Central | ecdsa-sha2-nistp384 | 12/31/2023 | `znqSno+29X1UUZV3ljgE7qSoYZtAybbH4dWNoSZIg6w=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKkIRyyU0RVr0/xTE1pce28UeVStaqyw0daAWkChabp9SQb9ONmJ5UFzZ0p3bvcy2ZWeYiJCvg63qKojPomVCwT8ZtRtgeewRMWPS6kKAJDQfzl8r05dNjwbd8Y+1BerHw==` | -> | Qatar Central | ecdsa-sha2-nistp384 | 12/31/2025 | `HZrKR8HYd2G3Oz7inTYPi26qFPFJvCZLnW13V1U+kIo=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNWGC3x/5+z0aEkRJ7IM1Q1FU360gKtERjFSDiPejwsJVTuvSMrBTFTWYJXeaBoK2rcQUmMBE9KkhlCczQYVanCZc/+qeyuXhdVAsUiTK6Fsj/A/G6Fx26bUFaJ5M+4vEg==` | -> | Qatar Central | rsa-sha2-256 | 12/31/2023 | `iHCboIvdshFEnYt/6+vvLQnjyUZQ550Pm7dkFX/Q43o=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDW+RNosbUkJxEwcZ0i22DPBTOgStdqEdaL+jRzzi8xs6n9hR2I8Mnv6PR+ujaejqAzXVmI5LLnMrQA9efsUR4F0Is5ruJgrK6f2ORiLsaYj7PgTOsoaItdjWxXHFQ7hZA1FmYLgody3Js68akvGkp8NwnW9goFq3qBrtpHRcvxFxWixeNTy4a4azVjmoN8SfZxiPa0mBT61fjpVttUrb+sJeZ3jo6Ox2ZQxc0My8kPY+8J1qNxjsoCUirHZsgsmYTM5F7lWSdszB7h2irIiMEi+cmcowhez6LJd3TcDxnElOz2Wva/wSNo0JJx/VLdZvP06hJTxIw2QsX2uwI7lyF1` | -> | Qatar Central | rsa-sha2-256 | 12/31/2025 | `+MFJZug5lX4udxKKxlBnxX6E/bRmCHgCYX+1k0V7dHU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCtibZZg1XYG6nFP57oOWo75icpoDy8b72OwuCQh2asjrrTxNDpdJPsb8euQc3/p1TrWRR0FBiDB5Dp3uuC8aQKFFc9xfnbzGu+neofM9ndCfItKpJnS7+Hn64SEAowGyZ8PpdBIj5T8ZQ9TgQozWat/JEL0zvcHe6RAfCy17LYOt0VNaEjTN4LNu5NDsuSvdoAtnViLa7sW3bvd8tFrCIAyDfRC7cqsy2ZHQvVsMmj+uRroXFB03AnF0Pg/sUtjTYTWbxj++vxeI/PirKg7yGOawdmbCHka11wBRg4ELcN2I1E+0veXWJZwLJVloAsAnFB5vD7gt5WuntFKXI0HlAp` | -> | Qatar Central | rsa-sha2-512 | 12/31/2023 | `EMxIi2rduXMod/OMKHrHRZKo9t9oYUdnw3sw8Txyaj8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDqTnxkToyGf9z/+6fXJ+DvHvKqADITDu+JqvJX2kaPSbkxEBvR1uW/jFT3DD7SL8ZS8qm8HD1MYyoiHE6yvM+K9md83GMNqBiuxIceHH7uW5mEUt25j519R7a/fQUXApt5ZXZTG5e9eUSP0W9r/HvwA+LkE66gDwamPZrF6OkBQnu3DEK1AcZNufM31lnFBlu0yzdLMFZh/L6yXRi9sh0ATf7aZeR2lgGuTuoaOUAx3F2xTt5lRNGpy8O4HV8uZKW0EsEcGYANguOEqiNEgjiw1sHIZ4XPZSYe+sXAkafVl6X07nu9CpEncrRnTcQIfZXnwbneOetDWlhZH/vk38ZJ` | -> | Qatar Central | rsa-sha2-512 | 12/31/2025 | `j1O37Xflf7LJS5OVx20MVukIxYI81OK8GkbYGVPWxEQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD09DhL3Tj9xPjsKFpO4rAE50nVFvRQ53/a6jZO0mJd/6B6lQ7EiuXnIET/M8IKTzxchfc0CDcuhdVpYQ1oUgh7ZZSPYmdrTE8ouQnJuKhUPFINiARPm97i2huVFK6DNgb23k8N9/TpUN8adrD/jJo+4rwqBF0OBYpjSlzP7j8903FZ8GNvEEZKYVG5xR+73JVzwyBaIBX2Qoj3WnKyctH+XhF80oP/NaaNPpPvtT5YJuHCjgPGodUE9GEuAPGz0PYHKTvt9gFKA7ddKqDxcPZjIxPzjiby0aYbiKuIrkYGmehF+LIZeU4cfzhTA0sx7cKC67L/+1pTTFHvVnWUGrWx` | -> | South Africa North | ecdsa-sha2-nistp256 | 12/31/2023 | `e6v7pRdZE0i1U2/VePcQLguy7d+bHXdQf3RZ4jhae+g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIEQemJxERZKre+A+MAs0T0R7++E6XanZ7uiKXZEFCyDgqjVcjk8Xvtrpk5pqo4+tMWM7DbtE0sgm1XmKhDSWFs=` | -> | South Africa North | ecdsa-sha2-nistp256 | 12/31/2025 | `x6Veo25rnI5ZSlKsrCCSCeY02mf+lAF8mutAOqmqoy8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEnfTZN+LkvW60gdn2uNROCvn1+GpFGTb9hcNha+WaweXzvxusSbpEn/R9BHb30J/LrwlBfxa5IsLXgXdprt2n8=` | -> | South Africa North | ecdsa-sha2-nistp384 | 12/31/2023 | `NmxPlXzK2GpozWY374nvAFnYUBwJ2cCs9v/VEnk0N6Q=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKgEuS9xgExVxicW0HMK4RLO5ZC6S0ZyENe5XVVJY0WKZ5IfIXEhVTkYXMnbtrYIdfrTdDuHstoWY9uu4bS8PtFDheNn3MyNfObqpoBPAh1qJdwfJgzo5e7pEoxVORUMnw==` | -> | South Africa North | ecdsa-sha2-nistp384 | 12/31/2025 | `SSsuQXpWj2Jd0k+pzB6g5Emxfms+/seJ6ONarTSgnL0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBOi9aODZI9qqXCcTq97tCNG/UEuGp1SOzq9zgGBw2dQKIjq+OGpWR5l4SGRHf1g+HYwD/I2pz4aZvGUSOPCi+wfPosbQuPdfCtg2+McgpK7m41/GzZBNYe0KClOaDClQdA==` | -> | South Africa North | rsa-sha2-256 | 12/31/2023 | `qU1qry+E/fBbRtDoO+CdKiLxxKNfGaI9gAplekDpYvk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC2UBC1KeTx8/tQIxVEBUypcu/5n3B/g0zqE7tFmPYMFYngrXqEysIzgAdpiu2+ZX/vY8AF/0UkhYec/X/rwKQL8CCVwYqa2hufbSrX/qSuUHZd/95LFB2Nh+hJ23fn3EK8Gpgo/Xkmx9YVZoaQPGPsWVWVKjU6aVpM54cd6iuDT3y9SAnqbUMqgwwz3mK7bQGFPrbUVOUwVIcYKZD9HMNZhpo8HpjllKYIt1AFy4db8lSrLyuX8Nn/U7XAlPUndUCpKsAfWw8SemyuxSHziFDHF5xo8eLU+QYxdtzirgDAgEYWv9aa0TSx5Q2Mq8XJ7POffQxKj44ocHzmMGq/wPS1` | -> | South Africa North | rsa-sha2-256 | 12/31/2025 | `8DyFjcm9czi/Sa7NNdtb112/PYMQ2HlSfKDNShkZbUA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDW5n33PoUfv3Jii4pNxQAdY1HdzeMbs0zlQUDKU+0c0QrCNHg9bnlJXW+wNVD91suKdy345m50TP+hDB5DbZACGgoAHiMHU/lBDrL1TIIVuQ13LbFx0jBL+SU1qqFwB3U/9ckNLlMe5qM4PB/eZr0tEVQhQL/melYMbyA6s4kX/NFozxiNNR+Yz5fhLjhHz6cwCGN7Zj0js2KLWbhyaKxmmdrv+YN4E0EZ6MYdZwy3iV/lrX/0OlORvOA/ImputAvxJgAxOFLQsbTuIiMm1ccHVRpzBxsslSlgss7GeRCceQl/Kgg9vnInptlD3uqlwWUfYmc6PfPcapn3diLzRVrV` | -> | South Africa North | rsa-sha2-512 | 12/31/2023 | `1/ogzd+xjh3itFg3IpAYA2pwj1o3DprEabjObSpY/DY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDLAkEygbVyp189UwvaslGRgaqcGWXaYJVq+gUB0906xkkjGoJeqSgTW5C/77vOk0zBCZM3yBgtDFZL1d6lze1QJZ6kGGPynJa5SeyydAds9G745yaFFuE53zJUyMy+y5I1ytfx003PKvk8+fHZK3rPYYr+LKm2u+9BmnuDB/0t561oFg1ZiMCPgNnDdUwkya2EtsJAifkUaBlYmzBZAFbIYyGfb898utZHyI+ix2TrMS/RHEDIchG8qSBMpOPmcpa29ADVsmAQDd5ds5D7WjirfMXwBxgJTMyuy+N9rJRgHoqDnt/GsgI2GtoPM7YSET8uYug941hAvFm5TI/dW3YR` | -> | South Africa North | rsa-sha2-512 | 12/31/2025 | `gEIAzMNxs3nDD8FVwhgZvCHxnJ7nGQqwjs0gpcA8fBI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCwaG+2gbF1WVAS14Uxhoq98wdp3U7hFbMnhdDrK4zxAMHojdiVvEj41m8EI1DcDjSRAi9/h7As7SIRQ9/bOXo6E5kiLl0kj4ao2KPtuTobAuj3IiN6iVHAtiCwIEG8I/mtAjGMLBtk3uplSJnCBRiMVduBsV3GpCJKdMkNuntbtzPCntEdpzqtOhxj3wftiaQq8aGomQjFRU6mKScqoDylnZPF19gw2f9XrUwElE4EoeE0V1izNtLmgxbDz2kwpt982fhuLUZgNIHxSU/1SVAwUX1qxH9aTFzjXc5dSFCQHsK4qnLRKNtlXmUosdwk7UjndL/nwUna8p3MuDm1gcZZ` | -> | South Africa West | ecdsa-sha2-nistp256 | 12/31/2023 | `pr1KB8apI+FNQLKkzvUXx0/waiqBGZPEXMNglKimUwA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPvbvOfXQjT+/3+jQtW3FBAnPnaypYSUhZMkTTSfd7RQMmSxsLNmDooERhVuUTa7XCTlpDNTSPdnnaa6P1a+F6A=` | -> | South Africa West | ecdsa-sha2-nistp256 | 12/31/2025 | `2EJmwCnQAIo392472FjThrwXmowmdeNnYZZZR7ttBVE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBGif4uCAd5hx/m9dqrLKCre1ns//8w2mT2i/v5dSu3m4xP9EvFq4FN3w6LlXQwov7BmJPMdZxoDByvQDT3QHO8=` | -> | South Africa West | ecdsa-sha2-nistp384 | 12/31/2023 | `A3RfMOd6dGgUlcrkXL1YRKNXIdAB8M1lF9qwmy6PjFg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNaJmo4QGmo6pbLHOXh06Rz9inntdxmuOtVxlJBO1i/ZK5les/AuaILMW7oQCxOKvZs/xI+P0MWRfrNgWSSapy5hNuTkbl8IqO4pH/lO//zdaHmVBC1kPnujDM9znJs6Rg==` | -> | South Africa West | ecdsa-sha2-nistp384 | 12/31/2025 | `4XfJaEuZWJlIfVh4fHn7UU4kOYA00wQo9HA0ngFYxic=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBK2ek0MyrQfjRM6UERylxjO47fmo91Xk++b4yQhi4BpiWe/7LtYKaz3ggX7OJp2Gjug2Yq53FGyCirfyJYiR0Pck5QNEqSUtH0kpg7E/ULd4HUoJ88zYac4eDQoE5O8fKA==` | -> | South Africa West | rsa-sha2-256 | 12/31/2023 | `aMMzaNmXR+V1NrwLmovyvKwfbKQ6aAKYiA5n8ETYQmU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDGhe98UTnljsYaeJwtP3ABvT/hZP6Mp1r5beyJ2SWpdqZSZaKC+UQlWLu6WhLxLZ+5snB+YAlC56u4qOdDHLoid6vbAR/FPIcJlvQfcFJD88nihv9sq1kUX3JXrh0ZUrl2/Zj71aNlM/RL1OnXK/Pg2E+wu4EfnQTrzlWMhR8bxlQA0jH1zmfFN/6BTwP2if29TNlQkWuW3uq3rccY1GA6n0QtlucanPNRzsBtAzsH5/oFuB5R4sD/Msw0itvWuQP4e0y+Vdov1My/rjK19xLce6AhWmmhwkn5qxHdIy158C4cWnSkQvkYzPnwsi7KT9WRH7vfr8qD9zlA5mO+IDxJ` | -> | South Africa West | rsa-sha2-256 | 12/31/2025 | `pdygRGoDnYZwMvX3uxq02X9KIgrqWHBvkltuMpknXPA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDDDjYrrvYHkbn5zHGLiEv6DuzvK/1oKoRCxPPl35kFMhNAltRyACtvXBeeqxW7KYVLDu6pMSNvqtboaMcSIGxoEfjTsdQrBaZq8GWq7E9VIqXT9wOWLRUG5NnDbH4L47dLNuKQC4s/KBhUC3cF+yQGspK2v5wWHR2FwIhbB1otLcxkj0b2ufAe8FZiPxe/HoMXq36cJ+z/wgYwrB59ZGneJfNG9PVdmk8w+kHr6gqDCPOjU+SKcMNqqJ1PEk9B5b6om7RsInV3cKv6334+s4XYxh/+O3gP2qX9Bfsa7FVRhuGF3TLFJOQjCQ5nXjbFjofqpLnR6ReBdmqrj9aavdvx` | -> | South Africa West | rsa-sha2-512 | 12/31/2023 | `Uc7QB0fT4NGyBp34GCAt8G4j1ZBXh/3Wa2YRlILu818=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCijtmaOHIcXjI07fVugz1M33+amlOEqdqtVgOlLmFRKSehPW2+6iGpAjQVwzsYOx32Hp5O07xj/PhiFsbBBqZXGHmuSIOJYa7tQSFvwclO+JW/kuoELXQLwnHxUfPyq4tYoj83GSZ5k/KRlEtbmjEwcozMQVya/7MzulAeV4nN6PDxoLjXlfGEQU2ZCGz2neeisQEM8+hZNuEH+O9O03g7CW8bwiI1Y70/bnNq95xJ5F7lRpwtJNWlx+kmUiNpfXOUPxZAUsny7z1Ka5XKEB1fDP8E/jAtrSWrRPDJew8lFpQeWukwB5tf3F3bh1SuSKaSQqKBArnSpJizWxp0brZZ` | -> | South Africa West | rsa-sha2-512 | 12/31/2025 | `ojxv106v/Bu1Vkzi1Rp1dIgH66vthYrfAVL58OuYJ2o=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDKRZJEAOvsRRtNNHtloaHBkYpowhSbkUw2ldA4gLeSwScTbWk1vxUqlq5YbTtQRNomnvbMyTvgOItH28zALeooIreQVb4WhixabgI/kr9MY0eoSpK+Tmb6jbyLdNe3GEX6CcltaOpu/9+SvYmWUcet0AtuYo/lSNofEIjd5wFKCtddwXR+4fDHwOc19eXI0Ms1n9ZRtzxSMVf3ieXVnw+JrxC9iJLnHUiWYXNB+BZzVT3xYBFNIxqWAe9RneyP4fCzSL8CmUy/EWQ191kZhBnbBdyrxMJJ9ttb74NZRatSAh+KwlwUnaRu4SzMteLwXSdtQBirnzZyba2L86K1++HF` | -> | South Central US | ecdsa-sha2-nistp256 | 12/31/2023 | `Wg9hTlPmrRH9aC9lTSf8hGFqa85AnW3jqvSXjmHAdg4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJnEz4iwyq7aaBNKiABce+CsVIUfiw9Jw3pp6pGbL6cUaJs9mEVg1RMLHgPg2I+7XV0doisYhYb/XtufxzGCe94=` | -> | South Central US | ecdsa-sha2-nistp256 | 12/31/2025 | `3tB3bjGZghIljXt6ni3ZVBm2s8OyBi1LnsN2XQdWorw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNqW4dj8VbdJuw2hL2LSgU+Z9rIc1C3xD54bzL7+R2cplFQ0CCzvXlMk0lfHU7SFT8jikgvp/yZu2S5diUxA9Rw=` | -> | South Central US | ecdsa-sha2-nistp384 | 12/31/2023 | `rgRhPelmxAix6TBDahmGqXnKjdImdI3MnDPVc6qhF2o=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKXGKbWfVe18G9gbCxFQiBGkGYM9LktSPKkRI18WRQ50qyuxVRXRDoV+iIEJyCQTpuFTPprQ6glQYeF+ztEb4MZaXpVrcs1/Og191dcEtty3UWuJBCrv/t1kezlwBWKyXg==` | -> | South Central US | ecdsa-sha2-nistp384 | 12/31/2025 | `lUCcxfmejqKtJ5F/0KNyGGPOBCTjsARC76RwhwsIXE8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBOXYAeDTv4msUprW8sdbJKfJyUamYjzqw7Y22cmO7sqr+2kHAdGu8oB+geC7gpwLA9PEdZLNJZstAOFzkw5BERULmwb0/cQenJNRLeNk1HVXVGvPTAsm1RHMr2VI1ll3Sw==` | -> | South Central US | rsa-sha2-256 | 12/31/2023 | `n7P8NrxY8pWNSaNIh8tSZxi9rXi11g3JuzWZF93Ws4g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD4PgB8PxPPpGfvrIUGSiiDFIfkRk2/u1DmhcoGoIfW+/KR8KC2JA0kY4Yj+AceGnDUiBbSPz7lcmy2eGATfCCL6fC5swgJoDoYDJiJoaKACuVA0Nk2y0OeO58kS6qVHGX/XHzx8+IkfGdlhUUttcga7RNeppT5iqSz49q9x6Ly42yrV3DIAkOgh+f9SsMMfR6dQQmvWN3HYDOtiO2DvVN+ZenViQVcsynspF3z4ysk53ZYw5YcLhZu8JFw4u0F6QJAznR6TfNqIlhSjR1ub8DiHvIwrmDNf8TgG5kPVGhIcibYPf+y0B0M8nr9OKCxZzUTlXX4Xcnx+VOQ1e1qGHvV` | -> | South Central US | rsa-sha2-256 | 12/31/2025 | `3RetSIyPW4H3vczS8LcAfdVLTnnD+MATFZx0fs9vtnI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC6LnHbAg+pkIxYoEI/UIhC3ko98md1tB/moOLAOGEuZJ90V0DLuqSmp9txhA1/wVk0mepqjsOxtCui42+1iUk7T9ugH8LIFzpqEaBfRlTtjDfmgLcib7ufFBnbIYivdwMcuJtPYJCqtnmjNyehYOHuXbHjeHAeiGGJx4B7kiocYBZELvnIiJuD5hxXcc/t0mWXOI45qGM5eF2MgDiKDkvVdnUWXzHUCUM//OfiCYDZjm3TPRroDqoEJPuyIh1ltZoM6MMqUqhxViAghyDi+N9bh60fHVwbw6W9dZNBIotAruoN06+Z+aizHFTKElIoSopVkkKjXCPVBAwWIaw2kjDd` | -> | South Central US | rsa-sha2-512 | 12/31/2023 | `B2oOtHpXzwezblrKxGcNBc3QJLQG/TiVgOjnmNorqkA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC+LJA8W3BcwITzJv6CAkx/0HBPdy3LjKPK2NQgV9mxSMw8mhz4Ere59u2vRsVFcdW6iAeGrH66VF6mJSCgUKiYnyZAfTp1O6p6DnUg4tktMQFo4BEwSz1S5SGDuRhpWvoKjzvljESf/vZBqgms7nMRWe3MGuvlUWBqB+2CnJ7bxhvGQCdBTQeoPO9EZKYKi/fPlcxBmLFGcZnRRpB6nu/Cxhhj1aHLJdjqCd+4ahtjBHeFrPxeQv9gTJ1B+EipJZu7WgPZOTI8iZaIcnCbhuGOy0iOFXeuexC9/ptHDW9UEgKVLyZ4UIPJkSLFVgW5NRujWyZ/thc5+EfHY9Db3UAl` | -> | South Central US | rsa-sha2-512 | 12/31/2025 | `cQiVt8IzioXXFsxFZUCC1dGG/i2L6+uWgTxnEXI+ya0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDESCWljL0fUj9B5Bvb6kZCqvnOll5UHe2s0Z5rk/9kIOXACIcQ83SdeP/4jqllBFW+XmEp1hlR81BXlxCGYe2mpHWSI0Y2NH8HvUwvuRPX0wsOqNa6HcA27mefmTa+UahJfKRQe/0op/ydPAZ+JbTquEbUHOpnVr2eLmWEfQBGL5HfYdB1SF1ZBgN3Sb+v7SEKR5NYNBUuhMMyV5nK/1thkATxSc9RCvZp8fy5/EXoZshbnvSQ/zH5Y2ct9LCDLuXOx1DJxvCUNX24W8jTELwLqCNigZ21pA6Y0PUSGLWpBSerrBo18AGHh/b6wchuBspYGCuoGu+Me+ZRIu8O0HRJ` | -> | South India | ecdsa-sha2-nistp256 | 12/31/2023 | `7PQhzR5S6sEFYkn2s3GxK6k8bwHgAy0000zb07YvI44=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLgZw/ouE23XQnzO8bBPSCJp/KR+N/xfuJS5QtWU/PzlNLmSYS20b65GRP6ThwZdaigMhwHOEc8twpJ7aA7LBu0=` | -> | South India | ecdsa-sha2-nistp256 | 12/31/2025 | `7jiSfTGnIW0hqUqb/FPYtnriWukXLwTtp8qzMbZBG7k=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJBiyXxWm42lrf8j1/AcTOcpTjADDrckVLQOyM2VY0TNi01Mev+bOm5C3L5MFq1RB049AbponZwkNibyhq25me8=` | -> | South India | ecdsa-sha2-nistp384 | 12/31/2023 | `sXR2nhTTNof58ne5K+Xjm9Pu8miEbKJn4Bo9NYoqQs4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLwbzUI8q9f5YTLIs6ddRTPlHdb35xrbsJeOQII/nEXhlNjzpdL9XnDJjQunQL2vg6XND1pfp3TNBJ9LF3mud442LbpwSt9B7EZD8tQ5u0+2NeNjn8JnCu6/tdvS+xoNiA==` | -> | South India | ecdsa-sha2-nistp384 | 12/31/2025 | `rAy6sokWeYmursG9QRpffxof6p7MAoaxgi5WLvlShzc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAG0ZERy7D4X3KwanylXKnaKHs6Sj1mrAYKV7bEkvApUOk0Bxa8IXr43/UEN0G6fwMc9TLKPl1Q3c7Vp+PcEpKEB8MT5vMTLZM4oQjBPcrXuaWJ/HZb3Q1yObngMtbT6uw==` | -> | South India | rsa-sha2-256 | 12/31/2023 | `5gFLJvQvQodZxKBi3DnGywpf9dliWguiMTqcgkTmtu8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDlxVnaYnmg1cK+g/PI1jB1fgQQJiX39ZmfBss3mSW3kUxP3KWhm7lHBTkrbnfhVHnGpP6GcGFy09YBQa6UiyVpD8p8APtx0j9Jp8m3yhhgqOIjup0C7crl49NqMVryOZmCLOvA7KTyTxxV37GpRI+ffqQ8LOO+anWVWVaJlVCYBMct/OVhA7ePXblcbJg5eu5JjUiWW+cPdVqAqWojNHZzzprCFEBTCvYaZtzBx4kFGiipPmJSN6yvBPEfnA7Lzr/T9iXV/XkmI1txuJRBasoQMt+4jCZG25sCCN8y4iuUJCioUELr//TWaDyTsQAR4MbRW+L/GSIM9VUY4Uc+Impp` | -> | South India | rsa-sha2-256 | 12/31/2025 | `ICVQTm1JPosrx78nPlaWgY0chlk7hIIdJddWAixH5is=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC1BCEpP8RbIYogWsgCEc7w9qkfdoTdVY+gdSYykIIL2qAw018POKZCztD5obn5Kgj3qkbWy7G9RH77Bmz6O1kgbAjReJw/r/NDRW3cb24K6dLem5aWQTTmUu9zk1W3hj7pdFOjXaju485O2G1YAyscE8Awc6mRwI9LJmm6eEBhfsFAKMEPf+TsZ/uxpqoMVk/2XP7GHe8zA2/X83F0wK8OBAW7ImjBEEx8peBY6Dh5LMD+HK//HdRKf+5MkQUGHxRfiWh0l0VItjVsD0tZ4ebyLAgzah0MtsqSj7DRb+HzIOMi/CoL7gPRixxcAPyUb/OO/301m0j0+aHahH5TN/8x` | -> | South India | rsa-sha2-512 | 12/31/2023 | `T4mrHCEHbFNAQSng//m0Viu/hXfi11JMnyA0PqAuTtg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCz9tQa7D4dyrULCLH75yKwH27AQMRNWFUqgUQQXYHR1MYegLf7JEmFn126bxgEHPRO0bNwBM9S626Gcr1R1uDI/luL6uvG0Q57k+Pmv7HNQtv12J3fAuxuhSPcppE5IE5QR94Qgd1RzGXv954TK1Z+kCXHyLA583XTQ4btOEwqUo/16tSCqaoTSdyNp17q8BrOCPaTWMqT774lSGELIDc6RaGKHRu/Qa+F5FRMswdZt5YJDEKtlKdvbyIiSfIP2GZGhWBiSW2D6xpnzSjstR3LfRfFek/ryGkDPu5c5HNaVJwc1fatP6ggAbhVCcyDgWiCCpEBICV2wnPpGfDUdbRh` | -> | South India | rsa-sha2-512 | 12/31/2025 | `ZhFwP+ZtMreoId+Hv8bje290LD9Zq3fLVLnbiIZ2gho=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDTIseic5715ZZm+KtkY2Rjre8E4jSuQKmCTwXhLB0psfOfPRMvZj+sMRdscEyMdathN0Lhte5jiHIVJFplDi0KbA/2PLNDh1kghiJLJUzaC0UHzOOiUgP394iDJhWgYMehdjGvcxE1+JDVtE63na6wKpXvl34lNBAaZ9Mk2lLbWe9iWvM8NZGP9oDqfVNc7+Sin5HfA8aksS8b0SwxdOLFox/4vTF2c9c5O0bhUKOQMYcY+OXMgYuPMpiA+A0GxwbPtFLZdmC2T5ufI2dO+EC0ixG0YXpi8jwgTauiTyf9aqVbdPmB06YQCGaMqLsQ7Qw6/M1oIVU/eckHj1L8IaKR` | -> | Southeast Asia | ecdsa-sha2-nistp256 | 12/31/2023 | `q7OsE02p9SZ6E63b+Mxri1wbI5WfkdWcIJgAP2+WTg8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEbvjkwSA0RQuT2nQf8ABKc21s/kcC/7I5431oNEwQPZQ8S18RAKktv6ti19Ju8op6NOZZ3Up9lOn3iybxHgy+s=` | -> | Southeast Asia | ecdsa-sha2-nistp256 | 12/31/2025 | `1KqLiMUAewB07jisgpX8wsiu9inheicc/vcvCamDupI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKt5joKBVS7qZwmxQfCxzVy1byjEUSGuaSGsqg/ijVOwPY1qKTe09C5c4VfLZs3c1RBNm63o6Nt8peMJaqjCzlI=` | -> | Southeast Asia | ecdsa-sha2-nistp384 | 12/31/2023 | `HpneuSwbRG7eiqHGEAkSXF0HtjvccoT3OIgeQbPDzoE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMGAMUN+0oyuXuf6rkS+eopeoISA2US3UrgAovMwoqAeYSPoHKy9n/WKczsHPy/G+FKsXM4VlMHtNhEAxYwjtueF0Sb2GRZFzngeXMfVZPVL5Twph/pT6ZJnUD8iloW0Mw==` | -> | Southeast Asia | ecdsa-sha2-nistp384 | 12/31/2025 | `R3xeWj9DkW/6Dwxv3eMyraHhhZfoeQ1TODsts2gdM3s=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJBVL9OHUHPAQLDpUZk1cY6OAvATvWr834g83bx40mEHJfxALy1f/EnT5Ihw6r1YDlY4vfUBbm+KZz3MjOiHx4CNHCZc6qRGOUxGd2vWC3yVG5xkEIt3MaxnzDAyP2I4Ig==` | -> | Southeast Asia | rsa-sha2-256 | 12/31/2023 | `f0cyRMVxUgtpsa9J6pwAMysk2MY/sybo5ioPjhy9LZk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDWPK6PAGMTdzNkwKZt+A3Dhbnete6jyLLboOXWdv/QdhvjR2pNCMhGuWUxadaiLUxzZM7IvugSLGexQlZi5aCJ06DpaVYqZk/Q8l+QUydp9TfNg/kP+0OJXCJ6XdsVggboDIfrEN8ku4nfasD4QTo2tnmqZhmbIDUr38SP16PsH2bQAi2lZKg4DfWgnSFyj5sbMSDLljBEY6JQkLGiPcbqlYEN4kjB5mudE9c/ts6Jn1fhizBwJY/pE3kOydq8dCMXYFMZ6NafPacCi7Pe5zcTKfi/daioVlSXQhWK3jNzCVENonF2xWSPH+1T5F2IOV0wb0HL2l8d02x5Bw2Su4aF` | -> | Southeast Asia | rsa-sha2-256 | 12/31/2025 | `tHnkpkRSu9sLkbs3aUQcKYFKAnxRz0b9N8byIPvFjzw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDgvpfP6qoRNZ8FOuauaSDONsbEv4PE6T6EUMZOrCq2gLL64uan9reaYD1c1i52gD1Xyva8SOq4AYMEoCpBuDyVm9PsseuNXXDBH+I1NiKyid+E9UmANYS5a4cV5Eg1fIVyEOl9qDdMLQMXyAhPr1X7ol0/XDZ/CG1fclCKje3oIwLvlKXE/ZLylyKBGr1Kf6vqKVlbIXqhZ25jZ+iMU1w8YDyV5DpZBJFFNT2hitLPj4dKqy1QXkGT6VqZ0T8+q7hwBkS1tU/Ah84ddSuIpaHb4PPQiEtrw/GCTu625QHxAgabE6kuwCuCVRR0vBGss0xFdoJqIMSeivTq/t5DnDHx` | -> | Southeast Asia | rsa-sha2-512 | 12/31/2023 | `vh8Uh40NCD3iHVh5KEcURUZrT3hictlF9pMDEoK5Rxk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCdL+E/W2RpmJiWMRg5EtMs0AE7BF2Qb5jnXXaIbwqr5/BGuUPLm43eVJJt5R0BmEJe2lYfYLAzinC9MhsxKSTHIt5u8QleyIAxI759M3DWZwFSKngjsHFRe/SvZOzc7gvtR7osdnVaXCTXY5NccLT34gDybEbjlmp+SEvSZZmXyy2wmUR3O022euBifKN0t9Tk1mkLYhbfRySQi0ZADWazjd7loM9ZHArVe8y9oDrs7QYX4eHIVRbgtsBbkR3g9zP3VWVMERFyi6cU0Dyvue8DCx9YzNsdmKjkB2dvYTMVcUkad81pbO81jpLb1wL25WPHIPHqTOLZhdn9JxLn245Z` | -> | Southeast Asia | rsa-sha2-512 | 12/31/2025 | `PORwL5d763G7hlwniaxxWV2GnWBwiwvFoCof1ko/I0k=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDBsqpGatUt090vKyIFszT/yKjAkiB7JJ7S+6iHKn/t346XsnDGawWTJGnB7HypYGN5l6SniBlo/+z643xXiM2Z+l12XThuyB3mBRMuVzhaHL2PeJre+W0Usrqm6BkhRFy9x2fbgQjjtC+axGSXR1vfdYX7wELasmM/cxCbBk2o3kogx2WKPm7WMxHPw0yIr+QvDQX2zuNrtpq7GOeih5K6bGCFauB4f8+qEy4LTJC2tJJqposHqtF91O0HO+X3Ek6N2ktkexsmyibyO7QCDUrWZfeXZkPKHyDgk0U8NXEendG8xxGmAEdLh7177iq1BICYqE7MrI1DrnXEn/6/hT4l` | -> | Sweden Central | ecdsa-sha2-nistp256 | 12/31/2023 | `6HikgYBMSL9VguDq9bmwRaVXdOIUKEQUf4hlOjfvv6I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBErZhZNNmDhMKbSUXLB1VcTmR7pXcXWAqfFpdI81OP1FeCxBtpRNpIeWMyVoP3FeO3yWcODLm/ZkK7BICFpjleo=` | -> | Sweden Central | ecdsa-sha2-nistp256 | 12/31/2025 | `xDz64cW31AuzMVItTp3uUcaBXsr1XHTyfebMvYL45AQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGA+cgwzZYKp/Y/kjwdKGWUmZN7wtzDettBJ4G1GfdVSUCvDuHbvdd2TAGOkHrKLtYH8GOzTlDxiZDr/fU2UhXE=` | -> | Sweden Central | ecdsa-sha2-nistp384 | 12/31/2023 | `apRb96GLQ3LZ3E+rt2dyr9imMFDXYbaZERiireEO6ks=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKA5kwsqDKzZWmQCjIFBBjZun3rjg62pv8BOULwvwImaPvMFuR2OipExQZIyKSbR7wS9HA4/QKVA5rLRrSGpYvOBG438/7fwVZy5rOj3GXq6X7Havr1ExRXwsw5rJ56acA==` | -> | Sweden Central | ecdsa-sha2-nistp384 | 12/31/2025 | `N2hag9eHkJ2bNWMXAVEN9i+nuQtmdXgEcnOVGBltoNI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJ5jrcbfIGsC3O38klFCtG8pdqRKfnScEZaTDZLC7QCSbxzHtr3AIiAESerQlsH9mixFZCoEUrqK4ThG5X4x72BQLqR3Y2ybVdN2Dk9y0CWbBS0nwPsqvoRo3E5TN+Wovg==` | -> | Sweden Central | rsa-sha2-256 | 12/31/2023 | `feu0rEf3KhvHGfhxEjcuFcPtIl+f0ZVzOMXyxy+f8f4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOimUzZHr0DxrjdWEPQqkrBudLW2P2dvPE9DoaXSNbehU13bxzsF6lzO65JBPh9rlNwwyt2yWtrR4XI0Qh/QSXmBntefOeH6BZVrN06aHrsd1dQBr4UFT5chCwy6Keu0ARW3fY8kO9lycTmMIeoiaYahicxyRRC8WLs0cSCH8tO0dA2aoaMxafBWqR6D5dNzu00rIcsCxvyjtN3Y8C4fw3YnNvPB/qWHdZ4aNcu7sQMRhCYVNPqX9UNGeXkbw8gHf9uL9dFu1c+P+VFIEs5bIecgT5HiGvtuXsWRdtEcM1v3mrRnNdmeWWQIqXzLrs5svipMIbnYXekhhLYHIlVo4d` | -> | Sweden Central | rsa-sha2-256 | 12/31/2025 | `bUYNGSyu33/3FP/umDeNOjMyyWTH7cS9SN+uNEZAxFM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCiMXkqHOU3fEwKm+vTmV62p/Uougg69HEZGnywRuTjvSVgPOB++q6zPinJGox20fvK0Rbh1hlXw2uXKqv6pgsa/54Cey/IDa0V68+aSdKvT29WNynFw0s4Ba52t5S/GsbwzNxV1pxrXNuv+d9874GrPiOSysPLGJGO6qMZEETzkewhgY0Vx4iSZTclJJvWozfVX+o0NL09c5iTOl6WaHptAMnaQpuuZey1DFTOzLZjYvsXrJtBuSlR2aPfUDxZXZ9IHbaG1/XoDHaK9OLujauXubVWdiPCn2JAHyRn8RHeaQBMXKEIYBjHEdEqnqu2x3x/xgLtcMHvZNtMbSUYa2gp` | -> | Sweden Central | rsa-sha2-512 | 12/31/2023 | `5fx+Ic5p/MMR6TZvjj2yrb4HMHwc1TgM4x1xQw4aD3Y=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC2nRaxWTg4KGLClTZLQ5QgPZPyQ/XYbH4prjhg1uK7m/JKlmJw5LjmIUVKnlXS38qTKpWpJZyGU/eBCa5FPQODvoAXfNncgtIQxd7j00P8aO2tho+uIxSgiTCte8sgrAyx22uIJlORJn2x1cBFBJrlgQDJOKEAs9IakMNdLvlfjJV405gk7pstF4eeIANRWC3eOTrMs0O1gCTt2rnWR5BNQJu8swj9FEWreNQ3PvUliM6Ig6u8b+4d8ryYGuzh5+E8wy/aNxlowkoCI4D/+dBnH43pSYyjhrVx966JMlrJZjDmbgtygkJI+FoEEfBoFlrpIGfisqIX41Np9ZRre4Ux` | -> | Sweden Central | rsa-sha2-512 | 12/31/2025 | `S1u9eFkDBfG+Pi6EwEuXcjHaTKFj5OS5DoDlKMQQgeA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDInv9tOMOI0vEIHPDGgVAjNc6bndxrRCtHoScAiWNdgzUZvsilkiSLyoeQxrZ43yOIazCjjdDCffsGFchCParJeHtAibjuAU9mxPzJ/Bf423TUXpZ1Ue3jzNSGIwDSGT7Zx6FzI7ogAjoksTgbV6xPBs4eNhliYVTpXic7KWrnjIWz78IB0SgXs7QugVufsp0ujOqJAnIJg8WVLidQ7SZb60AeGQZD2WFrSGNBiMVJhv99krHRQav8L1aS9mGG0qJlopbEeaJLrAmuWX8vih2HVERSnZKBHK07L033NzEqKMINKdHsx9i7jjnhbawqVnVcIkFrbt5HsAOMPV5NJnB5` | -> | Sweden South | ecdsa-sha2-nistp256 | 12/31/2023 | `8C148yiGdrJCGF6HpDzINhGkB5AAyWDqkauJClRqCZs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEREKXJT7obM0RXGFrUPmJOoEpJD8T+QT29UEt3/jZrUzVzqXLV/9+VK0xqv1suljhUoUoClBdKqx5E/Sv1kSV4=` | -> | Sweden South | ecdsa-sha2-nistp256 | 12/31/2025 | `CFONQqzubENS+SkpKNt07pdZH4SQFBpSJBzl35MxCDI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDKUwlETDPLRZFPiecD8Ik+RS3gCySkM7xk5ntfBQ3QeKJ6dXZQK3OciXfLaBcX3Nh6kaMvF/lHP2Dxo40aj9oU=` | -> | Sweden South | ecdsa-sha2-nistp384 | 12/31/2023 | `ra8+vb8aSkTBsO0KAxDrl2lN9p41BxymtRU6Seby83M=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIMby6y3wzWnzE304DjregQcSqKTsoMx2vPGk7OlBtjFKoubZlBRQH4jQrtPbJv/Hpf8f+D0JmvPe5G75yZFG1BcP5eB4aonAr0NNCw+3sCb50JVpoT4yoT787KKYf+5qg==` | -> | Sweden South | ecdsa-sha2-nistp384 | 12/31/2025 | `P63Jg3B8b/U+t8MjBWJjkeu0i9a1wB/ua4qSesCfIms=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBXXSBA7P4mqOkXjec9XDJcOk+qS/pEIiAp2KRbHEZGGf0m4NzBGGZyzxSqSDzV4GGIgCvoFTKtYuEt+D5WGpoCmyslD1lSM+GAnLpwbJBnT/Uh8F/uiWuAdmT7RhyMqdg==` | -> | Sweden South | rsa-sha2-256 | 12/31/2023 | `kS1NUherycqJAYe8KZi8AnqIQ9UdDbpoEpcdHlZ702g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDJ+Imy6VuOvZsel9SCoMmej4kFvP8MDgDY9EdgfkgpjEfOSk+vmXBMCFtthI7sHRggkuXQE5v6OkOPwuWuVWjAWmclfFIz+TTNE5dUUY6L+UMipDEcwFxtufnY3AW0v2MW5lOFHWbx3w7605yb2AFQuZjvngkjdelhDpVpX9a0XdPa7zUYBwXdxWeteH+i4ZJ62sjlBGzYRjFhK/y1rUKR3BVR5xtP9ofzqE1n/TRLpViU8iy4bpsQntTWa71xVoTFtE29h3ESw4QG2lRCwk7NIf8efyNdR25+YpVGIysAxXG2smGAi2W/YXUjteCE7k3IU+ehHJdWKB3spUBSoF/V` | -> | Sweden South | rsa-sha2-256 | 12/31/2025 | `jDAz2Lzm0DVWZUuijXfWc1pr7GWKY0Pj8VD/DDSxa5k=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDXFtDF2qY06eUHr2SSo8S6UFZ2X++ZCLn5d8P0q9S23k9bdwx1whNAAu2uqDEr2q4db+bKISHWlahb3dGDhi0FvXsOGTPWrWjjQ13IqyZR+vV/tKkz5ZZ/LKOgSMpNO/phJfToKqk0cF35Ai9L+Gg/vmnTzbaYmLBj0tKKq3d/DN2JX6Fb01mHedHvGLqaJryJX334ZR4QyiLn2Sr0Q9mTtqZibkl50dxYyJSXsHi/W8Sy/cPEpG2z7p/iUwnOzz0yXPR/EMkWwuU2RDWJDCNt4bXKRE6Ox1kbrF` | -> | Sweden South | rsa-sha2-512 | 12/31/2023 | `G+oX014UJXR0t1xHrCi715XuoHBkBxJMdH8hmVMilJc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDCa5Ny0EUd8yLOgzczm6Zge+D39VY7hpG+et2ln0i/HdYLd1aijEiF/0RDgnJYxZM4RhPZHxrVZXJXLsLa2T+ud+cqifvsjudsUSCzWNY3pHAwKBTSuu8Po+TrJXx8b+ogg+EhTh1BZQzIVQbtLwqRFJ3beLtvhp+V1pPWOoXRiN6Rq+x6ciT37jOdp033rbEM3AtzWdRBvRxUiVxKoRXcDYwAAIb3joaZ26p69Vj7HpD0HAf7w9f70zIwIzqrW4RcHcP+RbDVzNukK8gWP66OgSKrAQgRmibS6SEJx4kgkaghiQfm1k1bXkTnlKlz956DHkTkpMQe21/eW1Prs+q1` | -> | Sweden South | rsa-sha2-512 | 12/31/2025 | `anZywk1gGkJMWIN6REl6n2o+1gvpXzJ1tuqpCBi3eGM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDIld4L9tOAD8hutLCAQj5yhFN+01CDMlzAiGfDPZbcJ7Wewm+vSQkz8CDgqLxL6nS5PtCiDIdi66Ogluvh8vURfOOCMOd0FVzVblJnrvHAMp7gBqbSP94obGLNVlvQGMNrKSTr+PMXQ/acRaGgpw66sMx4s+mgkpym12jhHqQHTU2GUf1OQOUz8x6kr8iUr8gxM7u2kdb4JjMBqjp6MjRsC1MErDhP39tgsqa2YuZ1LWHsEApeuiA6OLFeGdt8mCnNqvs7oZSnZ0KgO2EgGYv7SJp/yaWVXV+M7HIKs6/re6KmrFQmLpsSPFaY7KuUE8rBsgwBNlW5anzX+8bZ7BEd` | -> | Switzerland North | ecdsa-sha2-nistp256 | 12/31/2023 | `DfyPsw04f2rU6PXeLx8iVRu+hrtSLushETT3zs5Dq7U=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJICveabT6GPfbyaCSeU7D553Q4Rr/IgGjTMC8vMCIUJKUzazeCeS3q46mXL2kwnBLIge9wTzzvP7JSWf+I2Fis=` | -> | Switzerland North | ecdsa-sha2-nistp256 | 12/31/2025 | `0pZsKdD8Mt2Ycp8eZQP3V7jE/KcVg0G9SHtKB9ZYtp4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMhtGLo1R2YN4YI0+cG7+lkfhsHiOohzccGbvAJL8GDsSQkGT37nv6v0UXwBOK05RqqYbXClQmVlzmeNEj6PlFQ=` | -> | Switzerland North | ecdsa-sha2-nistp384 | 12/31/2023 | `Rw0TLDVU4PqsXbOunR2BZcn2/wqFty6rCgWN4cCD/1Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLLhGaEyHYvfVU05lmKV4Rnrl9YiuSSOCXjUaJjJJRhe5ZXbDMHeiC67CAWW3mm/+c5i1hoob/8pHg7vmeC+ve+Ztu/ww12JsC4qy/CG8qIIQvlnDDqnfmOgr0Svw3/Izw==` | -> | Switzerland North | ecdsa-sha2-nistp384 | 12/31/2025 | `ooXk/r73YrYkElA/yhZktLu+jqjQ1h/Ph1QJGCl8Wwk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGpDYh+kklKbttOEbLJcoclTpIbfybZH20LFSx98stuDwxl02ZMZ5kUR99icKv1a4rLVHE6jhMK7uOA9dpYUob7VOEb+BBNy7zCeEzY9gW6gYLbLx8KHsGVyYJOu0khvkw==` | -> | Switzerland North | rsa-sha2-256 | 12/31/2023 | `4cXg5pca9HCvAxDMrE7GdwvUZl5RlaivApaqz8gl7vs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCqqSS6hVSmykLqNCqZntOao0QSS1xG89BiwNaR7uQvz7Y2H+gJiXhgot6wtc4/A5743t7svXZqsCBGPvkpK05JMNZDUy0UTwQ1eI9WAcgFAHqzmazKT1B5/aK0P5IMcK00dVap4jTwxaoQbtc973E5XAiUW1ZRt6YComeoZB6cFVX28MaE6auWOPdEaSg8SlcmWyw73Q9X5SsJkDTW5543tzjJI5hnH03LAvPIs8pIvqxntsKPEeWnyIMHWtc5Vpg8LB7CnAr4C86++hxt3mws7+AOtcjfUu2LmLzG1A34B1yEa/wLqJCz7jWV/Wm21KlTp1VdBk+4qFoVfy2IFeX9` | -> | Switzerland North | rsa-sha2-256 | 12/31/2025 | `UJCUXnlP5GE7WdONurCmOsBT2dX4EvoNglb0SkNUGVc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDfokyfs8exkQ6lwYhndILtNfJzSgENTP15rxcJ7GUi+GtcwtCrg1SobyH/t2pAkc5NnLn/nc6CZO97+XGsDrNI/A9uyo2FzbUtbMc6orqyjBfmaOb5haoMrkOJ/HzcUBAzRfQgJyGZsjyvPAiG1xpRf7dFjKJ18D38FpJk7jpZTdEBdeMkFpvi509ASrn+htnOLLSkIDOJRinnMapp+g4dOa99+rQgmfOb0U/8FUuS68cBetbwbdRrQhxqwQleZ0F9wJM66slb4R3dXKr9uPZy5nNxXnxTicfZTgEUdcBxs0PfNVzJ9NS408aRftnxmBpE8vHO20fJpKW+VbAkkHfF` | -> | Switzerland North | rsa-sha2-512 | 12/31/2023 | `E63lmwPWd5a6K3wJLj4ksx0wPab1lqle2a4kwjXuR4c=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCtSlbkDdzwqHy2C/pAteV2mrkZFpJHAlL05iOrJSFk0dhq8iwsmOmQiF9Xwth6T1n3NVVncAodIN2MyHR7pQTUJu1dmHcikG/JU6wGPVN8law0+3f9aClbqWRV5tdOx1vWQP3uPrppYlT90bWbD0IBmmHnxPJXsXm+7tI1n+P1/bKewG7FvU1yF+gqOXyTXrdb3sEZOD6IYW/PusR44mDl/rV5dFilBvmluHY5155hk1O2HBOWlCiDGBdEIOmB73waUQabqBCicAWfyloGZqB1n8Eay6FksLtRSAUcCSyBSnA81phYdLiLBd9UmiVKPC7gvdBWPztWB+2MeLsXtim9` | -> | Switzerland North | rsa-sha2-512 | 12/31/2025 | `xqR6ZvYjMlFYY7lQWQSe+jVasTn/Z1dj1YZ1VVilPCo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDI1WEVac58t60BTau8gagXm18Wsqdw58Qj9YIJ5FiREJVgNu77S94bdp8uDiHD5pcucMtf1piaExEhNj5cJccbz7ZsXyKpp3ElZIxQFofGKwwLbgeyAuNenufnGd+1deN3ubVFbcuV8Fzw8XlQUJt/2mFzWj+c9F4619XheailZGKnRdj+8vEaoAHlUGy0xeTqr09vDwNJrkJHksCdRK2+vu7OOGTY684oi1zEKXVZeMIuu0Aowk4Z8Uh+7emfq2MRCr+sjZreMdxcSbGqQAeIHGJQLtdnf89pEm6UrXDyzmQSD8WGlHkivICPGctKhNPsrgcC3oCMSD5vQUD/AECh` | -> | Switzerland West | ecdsa-sha2-nistp256 | 12/31/2023 | `5MyZiuHQIMDh/+QEnbr3Zm6/HnsLpYT2GXetsWD6M8Q=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEj5nXHEjkVlLcf9R9fPQw9k2QGyUUP6NrFRj1gbxKzwHsgG2YKWDdOJiyguiro0xV9+JRdW3VC49/psIYUFDPA=` | -> | Switzerland West | ecdsa-sha2-nistp256 | 12/31/2025 | `SrAdmOe1SSj0aFzfwLaLgRdqhkqk44Q3ffJ8Qv7dunI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAi1QaagaxBduq+yLgr68/MIwaYmaFzV84v5PyZfNP/MM3d2xCnY4w3FFxte1Np97D6f+J9bzufxzCxU/CVKZbg=` | -> | Switzerland West | ecdsa-sha2-nistp384 | 12/31/2023 | `nS9RIUnm5ULmNIG+d7qSeIl/kNzuJxAX9/PcwfCxcB0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBB/Ps4Wp15xhNenavSHZijwVXdZcvhzVq8IcfHR3+Gz3tKLed36OdHRTdWpvjrg0mENw4L1mEZnHnDx96WMtA+FfagGWXMVMMfcyM4riIedemHsz45KAR2suqcdkNHfdVA==` | -> | Switzerland West | ecdsa-sha2-nistp384 | 12/31/2025 | `3c8hd5migbtN7TxKAAcCvHZ0s/sB33vs9KZcUODIr/I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAcy8+3i9w8SPJfdqyxXrt4OuuQMkY9wUN1V1F9yDDt3HhOfZOUj5AHMnwRqC8qwkiC2QqQyx2JqugInqjxDEmTtE9x+Soaye38a/u7WjHIfr3gM5NvqnPy7sQ1ZlTdLAw==` | -> | Switzerland West | rsa-sha2-256 | 12/31/2023 | `yoVjbjB+U4Cp/ZpMgKKuji9T2pIFtdeXnJudyeNvPs0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDFl9NO3CJyKTdYxDIgCjygwIxlT1ppJQm/ykv2zDz6C7mjweiuuwhVM3LRua3WyP5mbgl3qYm+PHlA7UyIMY5jtsg7GaSfhiBSGZAdfgfDgOp3qRkgyep84P69SLb2b0hwgsPVkx8eWLDDVbOEdQLLx7TVndyxtdw+X4bZs6UdEcLMvLUWl7v3SoD5oiuJN6vOJPQl0VBeEaK/uhujjFgnlEu7/31rYEKQ8vQBbx22a4kIyBtUSAGo/VfKGRWF9oXL7Umh2xHAPwNbGwP+DdCKUY27wWG7Qe18O+QS9AOu0yL4+MRIHZg8ODLQsk0Hp3q8Iw2JjohSkk4lcjHYgb69` | -> | Switzerland West | rsa-sha2-256 | 12/31/2025 | `7ND7kGDrt9lN5QLEOCrZuRPh8QiKNaO3Up2yCU+8Q/I=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCiAmb+xePomfMqT6MLZxoPMxUL8dyXuF6JgF6QI0NC05tEilsv7og35mgLlDug+/QrAQVrNq9uFdVWA4YZgQXc8dY+QKHcv4PoDUnYKkRQLij1n9GttQPnAf+MOTrN4Ws07zeiespjsgjfpOz3LFS6GF8H/3qVWcFgAyiJqmV53dDvtFMQMYrek6scuVxOwZ2HP2U6KXjuBe+Xa8uifoLkLtxFcNivDxuDoMnch0d149HtMOwr98IjHCDbizUGvPObKQL9YLsFvk7IY11JB2jdX+I2So9bfOLvR64vC4NqXuI39VJUBQy4/devmY1+43GWqXCQ6YCIPjZJ1OM/kAoN` | -> | Switzerland West | rsa-sha2-512 | 12/31/2023 | `UgWxFaVY0YYMiNQ82Wt3D1LDg3xta1DfRUUKWjZYllk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC6svukqfg7147raZZrA1bZFOO/EDFgi+WRsxoOfH/EEWGmZ89QQ5m855TpsTPZ5ZARQD9kxrYEtqefcSPuWgth4Ze5PNVwRfAwedsSfnYwHZqHRlRM54bOQ6Img7T292ERl4KNJUI7SLyF+kKB7eXqp5nMBrTZ4rSHXoeibv2yZAph0cyf4V/NnfRj6KZSf6YDs0LW1VuovWAC6S7mpBjwtabBmd1gIiJleWhB7Jj48yiyh0m7L9oIoR4NRiuFC535JwqCYhrgFwujuk6iIR9ScRdayEr6gVcv6tBms3MyR16ytA/MHRxYHfPKb1kHUrpFjDQZZZswoDJDnhQGOm8Z` | -> | Switzerland West | rsa-sha2-512 | 12/31/2025 | `5vdBLwM+FAi6sDgIA9/k6uBRA8/XiMpD23sgxfHIILE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDBwwQq9f6JcSO8+03rBQlSswX4M5ZtoIdHvdPkSeUFm2hyZaDR4oEyI93ZupPDF6T7kq9z7WrjbrmgN8KmNP09fw3I9K750CETUSvB4tUgRNF0v9I15fdvvrTG28pQaxhYGcE7+WIOMvLpHmYQdLtgK5tmSPmivPJ8BkgVCMm+YDEJ8dWIx3sQUgk1Yn5LcBhPgmamQQZPbeOOL35MZVexKsePY2TzpQzSL3mWAxKvCzNY/lBogqPnOnoeziUYO0YXdnJTpPuCqt8odfapomRN8AGAt3uWANG/lxRYanFF1b7K8Z2ktjc9up9cx84WisD9f4FD3UTn2nlnxOYw3pj5` | -> | UAE Central | ecdsa-sha2-nistp256 | 12/31/2023 | `P3KxgoZgjHHxid66gbkRETjPsHUsNiPt5/TFU0Kby6I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOvHAXCWC9HGJnr5SRW8I1zZWsyHIczEdPpzmafrU8drYmhpRxlD6HlKnY7iXqfq8bOIK063tpVOsPbrVevAKPs=` | -> | UAE Central | ecdsa-sha2-nistp256 | 12/31/2025 | `eLseSgVB/Uy8v71xNcS1RTPs3Dalv/NP94UqWiXArmg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNZ7GKKOuBg1epk1QSkoewctpPA9cJXwnEtHW6SOyJvXxdim3QhGDe35m8S2hXQftBAHKfvs234t10fWGHL75ls=` | -> | UAE Central | ecdsa-sha2-nistp384 | 12/31/2023 | `E+jKxd6hnfVIXPQYreABXpZB7tppZnWUxAelvEDh874=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMDLyroqceuIpmDQk/gvHHzFup7NZbyzjXMdGrkDvZDE2H+6XTthCGSVNVmwqdyHE4yGw88jgW1TfWTAZxCxTfXD+xF72iYyBAsejgiyYY/0x9NKM/lrtw8mnRtkZzLyrA==` | -> | UAE Central | ecdsa-sha2-nistp384 | 12/31/2025 | `lO3lSaBB3hriPePQ3Gy/S5xoNrbw3tIjfFRIgogq+lU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNepTdgyzOXRje4JSY+mzB/k/HAmsKw8PyJFWR7tUdY5rPNghGg0pH9pos/CrynXq30lhBSS5bVA7Gy74AjjUQdWCM7/oOu97jJWkfYJzSvLIAJ8WN4H/PchBcKUex1Cpg==` | -> | UAE Central | rsa-sha2-256 | 12/31/2023 | `GW5lrSx75BsjFe4y4vwJFdg454fndPjm4ez2mYsG3zs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAQiEpj9zkZ8F3iDkDDbZV4A3+1RC/0Un6HZVYv5MCVYKqsVzmyn+7rbseUTkZMO/EqgF8+VWlwSU5C2JOesZtKXAgNzXBSOER3NbiucB5v1b1cC+8Qo4C2+iTHXyJSKxV0bTz55crCfhKO1KTQw3uZoYh6jE9xI1RzCI1J4qP+afZQQhn3H+7q+8kTMhmlQrfKuMWennoWZih+uTe9LPHjlvzwYiXkS2sOIlKtx8eLDJJg2ONl7YKSE4XVq7K33807Gz5sCD/ZV+Bn+NyP2yX14QKcyI97pkrFdcJf2DZi7LdTuEVPx3qK/rHzmzotwe6ne6sfV+FJpowUUTbKgT5` | -> | UAE Central | rsa-sha2-256 | 12/31/2025 | `1CPpQFd1HDc1TVCnaktsKgKewrTBvoISkyDpte/rDOo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDHSU17nm3EBbLChzISwQ6GhCNWyk7dxOYyLa8GUNLDRrlEkbEgcAPpfRosf/D60oCFCKRV9ZAKopiTN3ZFSyxmErzSB2+xxaC/P0OyIV6Iy+tJIhc6daNI0s1Dr02yideftrt7IOVegjhkkE26l7lcgrBoHjF5DFjJqJGD/f8fjtKeTJbsMUKAwPQZ7ZvRzoel6u4gDZcLS9HjekFAUWKakh0qsnajsmBK/wOd87eMYle6o0rVen8GbxvLpbjwW1ZqLYiKU6aNx8wSWA4Ax7N4DJXrd7Wq5sxYoS2HcLcEkZho6dk0S0Dn2jax7hDbHbj8EB3dbXhmAGgWFWqvW3CB` | -> | UAE Central | rsa-sha2-512 | 12/31/2023 | `zflL4olL2bga9JCxPA/qfvT2jSYmIfr2RY6GagpUjkE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAtxSG7lHzGFclWVuErRZZo6VG5uaWy1ikhb67rJSXdTLuSGDU+4Boj4wKxK0EyVKXpdQ3VrIwC4rOEy/lKAlnI2PrkrMjluau2aetlwW0hCBKAcgEOpMeMJJxCvv9EVatmEhvCe0ARyVM539058da9LzoZ2geFnFIbh3t8fNCaJZTNSS5PW1SLkspSqYXUYJWzu8Kx9l3LTzlmJT1DukKLIKj5ZDwuzOIN5m1ePYp4MzfIeBN6ys8df8HqXLoEXE+vOZWOzwkPVWoTsYvwB8j9+FHECAVf4Gcm8sPvRZA/RKDn1dGW2THzVw/VI/F87fFC7stLmZJ1v+a9TTFE649` | -> | UAE Central | rsa-sha2-512 | 12/31/2025 | `gUrg5GpMevHc+oY/6e5zf3v/QAUs7LfQPDuJzPDvCj4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAJnedb7pHRHXfKMPJvF8AwEydvhLJ/n7NNdxWEGM3LjKMehDVVthzt09Z2NUpw3oPBOq0D7onxohoxLVKuPPk7shs23fVV0lyBnTehYKHvVkLpTsBd2E6JEXzTRoT7LWJWJr5WWjnUagn8HprOiBLYo7kW8g0iidfzaYUSKvtz3j4iYCCogjqTgsxF1wBn/R8LM1kpZw75ym9VWmeP430ov7fyKxho+EG9Xf2ta0E1AKrkJoTo/I2PY6/44Uhxf65afApGGbQOnuAuJsSQRfTs4f1Potuv4leDo6p1awLbYAiDjdky7QNbjmznDu8J+O+F28HNI/E4WrMgmM9xsQZ` | -> | UAE North | ecdsa-sha2-nistp256 | 12/31/2023 | `vAuGgsr0IQnOLUaWCCOBt+Jg0DV9C6rqHhnoJnwORM8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEYpnxgANJNJ4IIvSwvrRtjgbejCpTc3D+l5iob7dBK4KQ7MB40rq+CtdBDGZ1J7d6oCevW6gb1SIxU/PxCuvMI=` | -> | UAE North | ecdsa-sha2-nistp256 | 12/31/2025 | `CG5AfI2DZM9CuJahiKljc5R7r1fFuFk7on/fpxraX5k=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBND/xbpRM4gkyWzkPTqJ0gT43sKGDpboZnor6arGO19aT7rUvwvvrDavj6+tHQ4rspF61evvqNwgex2jXfjZl4c=` | -> | UAE North | ecdsa-sha2-nistp384 | 12/31/2023 | `A5fa4Pzkdl0H2kVJxlNiEQkOhPzBYkrfQrcviQUUWUA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBOz4ENDgFpo0547D5XCRCJLg8brp+iUyId2IdEhZAhuNX9spxlVe6uSkiQbd+8D5hHPVNuLFTFx7v2wXObycM8tr/WGejn/934BvSUhM6lDpU+d5n+ZcxEEhp4gDiy1l+Q==` | -> | UAE North | ecdsa-sha2-nistp384 | 12/31/2025 | `ZKSbth32z81WlOVHmZQXMgKKpZtoKM51iQlppBjIEsg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLVt41XkHBVdtvDrzNdTwH358z8nuYKXsbhOXSC5y5vO/G1lEnWXdpDhKMf6Gai0BDRkoiTg8UPeduAJhJMS5R0aptOVEHqcUoByQydX787Xzs1zkb7R9HroAQqxZkN76Q==` | -> | UAE North | rsa-sha2-256 | 12/31/2023 | `Vazz+KIADh85GQHAylrlI1tTY8/ckoRqTe/kbLXPmd0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDRGQHLLR9ruI0GcNF2u3EpS2CbHdZlqcgSR1bkaOXA9ZufHyxuhIpzG2IgYQ8wrjGzIilYds6UIH7CAw9FApKLNpLR6qdm8qjM0tJiyHLm3KloU27FfjCQjE9JhmsbTWCRH3N52A9HXIdiVCE3BBSoXhg/mF+3cvm1JvabKr1twoyfbUgDFuF7fDyhSxJ/MTig8SpgzWqcd5J+wbzjXG0ob2yWVhwtrcB6k97g25p77EKXo3VhSs0jN7VR+SAHupVwWsUgx4fZzi2I5xTUTBdOXW+e3EiXytPL2N5N/MtFKVY/JVhFkKkcTRgeuOds51tkByteSkc32kakcUxw6CjJ` | -> | UAE North | rsa-sha2-256 | 12/31/2025 | `xkPKadBhJcbriHJ7u9rysvVUYJJ3BgmJ/tVmZ6Pdh9E=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCg0BnGxp2p73iSfklsC7oXdXMSwwl6ZWBXRbLOb50Q+Be/SXFm8i5pbQCoWQTV02/5zQIRjyPhHNrDLGgQG3FqpTWMe47T1OdMMYvBIzaI2KFvSRnKWPy0dGw9nowmwDUsHPR+I/MO0D6x1NgYwNmcIPzMzN81XnXB+U9yBCIR/dwgaUrw2LHE1gL4JDhIXGM7dZWpnoWtLtjjqJuoTy0CgL+sxsexRDXmpE0LujyzA2xWNWo7suF1HZmVPI1cFa8+UC+o24BlBtd4IU7otIX2qgkXyeMIJuRnT+THbEAvz7U9/QH1+WDC4Jy+vlitlulz2VHyf37cXQaq949UO1VB` | -> | UAE North | rsa-sha2-512 | 12/31/2023 | `NDeTZPUor2OuTdgSjLLhSaqJiTJUdfwTAzpkjNbNQUY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAx9LfiyVmWwGD/rjQeHiHTMWYaE/mMP6rxmfs9/I4wEFkaTBbc4qewxUlrB1jd7Se2a0kljI3lqQJ9h+gjtH/IaVTZOKCOZD8yV9Dh4ZENRqH/TOVz6LCvZifVbjUtxRtbvOuh1lJIVBSBFciNr0HThFMnTEIwcs5V48EFIT6eS9Krggu+cWAX2RbjM0VQnIgkA5BeM33MjSjNz86zhO+e7e1lhflPKL5RTIswtWbwatgkyvfM33pJql/zJz+3/usSpIA/pgWw23c8WziYXiHPTShJXN+N+9iLKf9YUkpzQUZSaRw8XDPyjJNx327Lot0Bh4YLpe37R0SrOvitBsN` | -> | UAE North | rsa-sha2-512 | 12/31/2025 | `WW8903bkfHA2Gn59xbpwus4rOy//t2ND6iarME8FoX8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCnVyU5nye5iPn93/4jxtW2Jwjm4qtFZ3EfIuAOR9p59Td6f1uz4+TkTdernYFZFs+2VYJaniX1YiugyGhfNCcxjl3kdE3uRsaDUswKuTgwVbHdD1eatOC9dMKaFDMyuJ9l3GY31+hvurmOxSWAMbr4EVWBiHIJFhRcp6PXh8U3Q3TcSw+hf4+XM+9+ffChn7m6jxkb6hCmGWmQeSLz16hUCtt4QD5UrZ7kWlTWek0MDtCDVcds86CDACopkLUuSxc1l7KmESnV2zl5E4A337RWhSxueSEpO+pPaMEwLDySKy4QWpuD1A6lUWMjCrYY+enPNOqWZOmG4UHtRz3SuR2d` | -> | UK South | ecdsa-sha2-nistp256 | 12/31/2023 | `weMVzOmQnlMdMp5XBoU9SdN5meBbx/8nvA8dB45w8Ck=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEnBllEm4/HsTP+ZMhlc8YnSAYWF23tibZDqGxf0yBRTU/ncuaavuQdIJ5TcJb0NcXG7skEmq3StwHT0FPMWN8Y=` | -> | UK South | ecdsa-sha2-nistp256 | 12/31/2025 | `O/fVBsiwFR71jWIDIR8kY8UeT3NVfyr3F5O7Zgd9kwg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO1pIStRDeGkyH3Qx+A6Uyoknzu3miYLzYYgDlsByz3TfuLmEheHtD/QnBRvPWF5IqmLZn/dz3xUJQi04lwrfok=` | -> | UK South | ecdsa-sha2-nistp384 | 12/31/2023 | `HpsZ8zoOCCsUbpD3nAOtxpuKIvn0L8KGyg1KMLuMUqU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGd/672brwX1kOhH31ZTdBRj+bcEmemcdmTEe0J88cJ3RRQy7nDFs25UrnR+h3P0ov9Uq24EJQS8auxRgNCUJ3i3ZH9QjcwX/MDRFPnUrNosH8NkcPmJ/pezVeMJLqs3Qw==` | -> | UK South | ecdsa-sha2-nistp384 | 12/31/2025 | `2waT1L91yV7OgudDQ7yfA9sk9jSmqrSX3cy9uA6MahM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBETAKzK2eYy1m0LxYvnGtu564RmVIgkYBfY8aBSbHUUikdAQLdfEDbDO4CaReHGMJpZk3CY/gGMcSjxmazpJq0B9L56Hj/Kp8uRciVJq9wEeRUML2Mh8cuz/JBwX9eVdYA==` | -> | UK South | rsa-sha2-256 | 12/31/2023 | `3nrDdWUOwG0XgfrFgW27xhWSizttjabHXTRX8AOHmGw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCdLm+9OROp5zrc6nLKBJWNrTnUeCeo8n1v9Y3qWicwYMqmRs/sS9t5V3ABWnus4TxH3bqgnQW3OqWLgOHse/3S+K1wGERmBbEdKOl7A7kQ9QgDkWEZoftwJ9hp+AMVTfCYhcOOsG+gW021difNx+WW2O5TldL31pk+UvdhnQKRHLX31cqx5vuUmiwq4mlbBx+rY8B/xngP2bzx/oYXdy1I9fZbWWAQ6FwJBav1sSWL0l7snRdOsy5ASeMnYollEw1IATwYeUv8g3PzrryZuru+7gu/Ku9w8d5jbFyI6Up4KLwjs/gZNuqQ5dif7utiQYbVe4L0TPWOmuLA25JJRZaF` | -> | UK South | rsa-sha2-256 | 12/31/2025 | `Ntdjy7uYiI3L1G+QeDK2UhrsLj4H4cLEF5GPFzwqqQk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Z3tBtO24z3kg76jT+sS7Np6cmvcSFLFTyDO1z28Ury1cnIk5WK9OjRuwlDhIfnR4mSMmcA1OuPzIGK4jIdMuj/Hy+YUF2D+jR8oUBCqZocbUH0rYEOCEo9U1n2vly5oYGTU3COqHId67eCQOs3C0hXU0Dpso+cidX0QkLArvmYvErpmg8a9EG+2Sbl4DQjAXY3HYBafl/2jkOcIVPW5Fw7Pdql/fWRC6CsinobdCaoFuqR5+VwMQPftKdD+HfykV38gjvUaNVIRyEfFkbMo1HQ+vTU04Bw612ka+xTf/npu/1g3AV9Tb3Xlr0gqoU5p7W1hAqJAZ1td9oTgE247x` | -> | UK South | rsa-sha2-512 | 12/31/2023 | `Csnl8SFblkdpVVsJC1jNVSyc2eDWdCBVQj9t6J3KHvw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDIwNEfrP6Httmm5GoxwprQ57AyD6b3EOVe5pTGQWIOzxnrIw2KnDPL07KNa33xZOmtXro5PYyhr5eNXUkFiQMEe+RblilZSNAvc4MHbp2TVD0L9N7Pdy2SetoF4m5BCXdC48kZntqgkpzXoDbFiaAVln5zQCHB5fOuBPS1id8+k3zqG0o+K0MHb6qcbYV8gdQeOn/PlJzKE4M0Ie8na3aWHdGvfJjDdK/hNN0J+eUK8qIb9KCJkSMDj/l3rnue9L8XgeKKA2Pkvh3nch4VBXCcCsDVhgSf+aoiJ0Fy8GVOTk2s7QDMzD9y37D9V2OPl66q4pjFGOfK0mJmrgqxWNy5` | -> | UK South | rsa-sha2-512 | 12/31/2025 | `tS7jt1nZRrT+zXYm2U5uftS9o5l/ca53XWBFHYJrLAA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDXaUQJ4GSVIs/tdFCts+bOmOBEeJ85bMAt3A3u3G4IKa1N7rrzZEJOS6MGluyX9ldjihwHLrOQsce8W5Mb/I2iv84ywo8sE+OlgArvpydO9TaSMQU0/pXgxRn9BP3cfUxyvl5RZw+54Y5rQpP/cQZFjC9OpBRZhiaq8GiNbWwrvk3Zwo1eT8B7BEs4pLPEQpnGnicAywY1Dyk3cBIRNR8FFlK1by1OXr+ZpTWx6RX4WxMvmg6EHNqOUvls0G3/1oDq8Ap55DwXFI1aNCTLevJrf+N61rlJrzF5vRj3OFL7JgPyafXPRmMlgRX81K6La9oFWOk9oPSLvW2XD7YcM/dV` | -> | UK West | ecdsa-sha2-nistp256 | 12/31/2023 | `bNYdYVgicvl1yaOR/1xLqocxT8bamjezGFqFdO6Od0I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKWKoJuxB3EO5bKjxnviF+QTv3PBSViD1SNKbfj0qYfAjObQKZuiqcFYeDoPrkhk9jfan2jU6oCEN4+KDwivz3k=` | -> | UK West | ecdsa-sha2-nistp256 | 12/31/2025 | `Y+t6kUTkav589Ri4L1AVG64Ugkf2g0XnHAkkQFE6+0o=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOypY+rnYWZPtUYshSwOxCr/HO5f8FrTayhjuqu5SIr6beRrNmI/5mg5V7mK75rbxzkDQBtdOg0UY5afhd12VBI=` | -> | UK West | ecdsa-sha2-nistp384 | 12/31/2023 | `6V8vLtRf6I5BjuLgToJ1cROM72UqPD+SC0N9L9WG6PA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBA+7R/5qSfsXACmseiErhfwhiE7Rref/TNHONqiFlAZq2KCW3w3u8+O4gpJEflibMFP/Mj5YeoygdPUwflFNcST9K+vnkEL3/lqzoGOarGBYIKtEZwixv3qlBR+KyoRUkw==` | -> | UK West | ecdsa-sha2-nistp384 | 12/31/2025 | `js1uEKB1mrXNBzdNuMS5kdCxLpAkcmhNLhSxbboWey4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBCDTQUgC8WbfDZYtQYBCwjcyw69DUduYXmedfRS1sEKfVvQ6WIC3NmimGQ0l3hZqykOVIYZSmpoKZgbsJwuTbVQE3M+vu9ZElhyrds8QWMm0iNVKZCJwn5oxdLk+KPEe+w==` | -> | UK West | rsa-sha2-256 | 12/31/2023 | `2NQ5z6fQjt4SZKdViPS+I2kX7GoXOx3fVE81t8/BCVE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNq0xtA0tdZmkSDTNgA05YLH5ZuLFKD7RbruzuL4KVU2In0DQUtJkVqRXIaB3f+cEBTs9QrMUqolOdCCunhzosr5FvCO3I6HZ8BLnVNshtUBf2C1aT9yonlkdiIyc2pCHonds8vHKC4SBNu3Jr584bhyan8NuzJqzPCnKTdHwyWjf8m5mB4liK/ka4QGiaLLYTAjCCXmaXXOVZI2u0yDcJQXAjAP5niCOQaPHgdGk6oSjs0YKB29V+lIdB8twUnBaJA9jgECM2brywksmXrAyUPnIFD6AVEiFZsUH3iwgFAH7O6PLZTOSgJuu994CNwigrOXTbABfpH2YMjvUF///5` | -> | UK West | rsa-sha2-256 | 12/31/2025 | `x3DuKaxnJ4GPXUY3+TS6U+Y4MwI/er1315Wtf+GSiYg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDD5+oajaLstTLolvR2fWrU57xcIE0Ho64SXtj5rWJZmk/BlSwwNOKwYiNSSDgcQFYxKc9F/zudD/o55qj6NqHUurwtsXBKzUWZpb02yYsSu0S9BMym205LUIH5zOe/+t9BiILkoATLjxOMWmp0TDIEHMky6WiUKaCQM7JPdOnp6xaAM4ZSJNe0ut0TPRgof4zD0QbQ58TpJ8bIdD2YDnAdSj697cmyNwt4gDMv3YunG1A5KDYNmZe+BVBO8m8sbL0RwZ4LwfCSkorTNyQlIG684K9v4Awx1k+VDoi9hOXyCT+IvyhkZBtljKWTnhPESiI/sjdpz6MVQK3HUw70pQsV` | -> | UK West | rsa-sha2-512 | 12/31/2023 | `MrfRlQmVjukl5Q5KvQ6YDYulC3EWnGH9StlLnR2JY7Q=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQClZODHJMnlU29q0Dk1iwWFO0Sa0whbWIvUlJJFLgOKF5hGBz9t9L6JhKFd1mKzDJYnP9FXaK1x9kk7l0Rl+u1A4BJMsIIhESuUBYq62atL5po18YOQX5zv8mt0ou2aFlUDJiZQ4yuWyKd44jJCD5xUaeG8QVV4A8IgxKIUu2erV5hvfVDCmSK07OCuDudZGlYcRDOFfhu8ewu/qNd7M0LCU5KvTwAvAq55HiymifqrMJdXDhnjzojNs4gfudiwjeTFTXCYg02uV/ubR1iaSAKeLV649qxJekwsCmusjsEGQF5qMUkezl2WbOQcRsAVrajjqMoW/w1GEFiN6c70kYil` | -> | UK West | rsa-sha2-512 | 12/31/2025 | `xS56JtktmsWJe9jibTzhYLsFeC/BlSt4EqPpenlnBsA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDE7OVjPPfsIrmrg/Ec0emRMtdqJQNQzpdX1e8QHKzjZKqELTDxZFoaa3cUCS/Y+y6c/xs/gZDv0TU/CLGxPCoOyz2OhhTQnzRuWQRzgsgpEipHXHbHp3/aL0I346MmsEx8KmrrIootcP+K5RLDKlRGb62tOCEX+rls4EjAbNZBOnFAytg9h5L6crV4iGeRf0tAxh0VzYze5QmelWBViVfejV99e091CAU7SnBX5FUvuvgil03sZQz4lH2qdOwKBEpVuzSkueJWMIm+EpWwVcfqoPnwB+J4Srr4qIPdJk9FkSGF5E+8VtqTGe8I+3sNxUg1iwpUOtq+G3q6ueb5h4M5` | +> | Australia Central | ecdsa-sha2-nistp256 | 01/31/2024 | `m2HCt3ESvMLlVBMwuo9jsQd9hJzPc/fe0WOJcoqO3RA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElXRuNJbnDPWZF84vNtTjt4I/842dWBPvPi2fkgOV//2e/Y9gh0koVVAYp6MotNodg4L9MS7IfV9nnFSKaJW3o=` | +> | Australia Central | ecdsa-sha2-nistp256 | 01/31/2026 | `5Vot7f2reXMzE6IR9GKiDCOz/bNf3lA0qYnBQzRgObo=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLs9yqrEGdGvgdSWkAK5YkyazMWi30X+E6J/CiGpJwbuczVJwT/cwh+mxnE7DMTwhEo57jL7/wi/WT8CPfPpD4I=` | +> | Australia Central | ecdsa-sha2-nistp384 | 01/31/2024 | `uoYLwsgkLp4D5diAulDKlLb7C5nT4gMCyf9MFvjr7qg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBARO/VI5TyirrsNZZkI2IBS0TelywsJKj71zjBGB8+mmki+mmdtooSTPgH0zmmyWb/z3iJG+BnEEv/58zIvJ+cXsVoRChzN+ewvsqdfzfCqVrzwyro52x5ymB08yBwDYig==` | +> | Australia Central | ecdsa-sha2-nistp384 | 01/31/2026 | `adZj2DQSv+LtvnORWfJdnUJhVy/Tjck1AWxOwF5q4hU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKVV77ZE9HdETqzwJ+w71BdzF5+8T+LX6ZYvEpNkts6aNurkpH5jfl89Lb0GVeOxIfw6pi3TCiYiXysImBKTsMPQYJ+7jWgLMJEgKG6iDdo3Ust0iolueehHci2iMxPwEg==` | +> | Australia Central | rsa-sha2-256 | 01/31/2024 | `q2pDjwwgUuAMU3irDl2D+sbH8wQpPB5LHBOFFzwM9Sk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOrNklxmyreRYe7N72ylBCensxxPTBWX/CfbdbGfEbcGRtMGHReeojkvf4iJ7mDMZRzecgYxZ9o2bwTH9UImNkuZTsFNH6APuJ075WyxoDgdBX1UAQ3eE6BrCNI0BcwLakU9lq0rNhmxMpt/quBXxxWbRieKR9liTOg5CGSqoUPo7TpwaZQBltJCEf7rN5wGUlHV49iuiJIasSldYT6F1c3vS4bJb2sdIvVnKVLq+yTMzaPzWn34BD+KHx/pkB+s7/vQtdMfBBEdgEdPVvMPsyXtIKhx4Q79LnfZT19RDY8KW1mJrbPo67oEcjJYTXSZTKysjCUNmNNrnXvp6sHd` | +> | Australia Central | rsa-sha2-256 | 01/31/2026 | `u2Lg2ZWkF2yQcm/gYtuy1pTIyY4zIhy4VRwZe2sJZYQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNKRFZfxWPzqUEPzS7ywkynUs3ZQuhmFOaPqgORDqDf/+OYRswOcNwu1LqH7Ait5ntwFu99AyleKGkdKvkEHDHfKI3dJIczV5OpxZ4m9hFuDa0pSwlyUSVQc+jDTbtrUSFtkAZDsmfbXR3UBikrwJmA+9IF5UWewTxqvZ894r1rSbLkaZpObu5Cq9MW15On/Aa4lpR4mtVtSLt/ww/qGXy0wQDgzItjQlU+VrhjTd7PrL7NVpSmGIQioFqJqNP4mp8aUU9jceAOCa4nJkfEJ3oQRYTs2M0wxTNdo1XR1NPju6vlU0fKBq9G+hssOSNPZFc2Mnz7ECnVgjASKn9B1hJ` | +> | Australia Central | rsa-sha2-512 | 01/31/2024 | `+tdLVAC4I+7DhQn9JguFBPu0/Hdt5Ru2zjuOOat+Opw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCnd0ETMwpU8w7uwWu1AWDv6COIwLKMmxXu+/1rR429cNXuPrBkMldUfI7NKVaiwnu1kLPuJsgUDkvs/fc7lxx2l5i6mYBWJOXcWzAfXSBfB1a+1SK+2tDPYT3j4/W/KRW74DFPokWTINre22UVc+8sbzkmdtX/FzZdVcqI4+xJSjwdsp2hbzcsVWkxWhrFzKmBU40m5E/YwKQwAcbkzmX6AN5O8s66TQs2uPkRuTItDWI3ShW7QzW05jb6W8TeYdkouZ5PY0Yz/h3/oysFzo4VaUc0y3JP98KRWNXPiBrmvphpKnU1TQrjvVkYEsiCBHMOUnNVHdR1oIHd2zPRneK5` | +> | Australia Central | rsa-sha2-512 | 01/31/2026 | `oOWjGbOjG/o5T4MRYnl2JmIWDQor5ScEXhbbNBsN07Q=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC4/SgLtX9IiVa6W6cqMTozxCEnv5OcjT9aohtlhd9ho4h4OI/m+vDXdxeSUcJE1vMK/mIpzqs402Gm4PB1Z667t6mhpj6ISPIp2WhPdbnBo1vqagMUWM3tHJjp4XlOyQW/dteQtqV32m5iBfCjEzCJt7aw93uWrMosB5q0j1mS0EdCFBWzLtaPPyaQnQ6Pm7KX/ZICzhEadU2tYC4alALfFvqn1HDUY+gyzE0/W3S+4+o9ds1uzG165c8hluYInsgTFAbHjVDAvy/5lG93tkNDh1qQu1m2bYnIoXzFg3ZYHrcvewbrHCPOH4/6TVItibspePHqM+cbRTuLd3oVzgh1` | +> | Australia Central 2 | ecdsa-sha2-nistp256 | 01/31/2024 | `m7Go9P1bwcPHAcZzRSXdwYroDIdZzt0jhxkJW42YGKY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHp76felOL7GAHcJoW6vcCS83jkeR6RdFCwUk0Jf6v7SFoqYNZfTaryy2n0vwG1W1dAyHvOjB1+gzTZOkHN/cAI=` | +> | Australia Central 2 | ecdsa-sha2-nistp256 | 01/31/2026 | `ljng4w6TbLQ8Gx6ZRiD3/IpPELeGqMF0LIPVWKPGwpE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOUs2ledPbnskBJiCxyvDDZ2UXJ0FX0A0orlg0thjLfu+wTyDzhkMENTwBFQcxbHUiF2si2EaGH24/vGbTIu4u0=` | +> | Australia Central 2 | ecdsa-sha2-nistp384 | 01/31/2024 | `9Jc39OueTg3pQcq8KJgzsmPlVXxILG24Euw27on7SkY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEduOE61sSP2BozvJ6QLtRDZ7j0TenX7PjcpPVtYIQuKQ+h3qakXFwFnj8N3m8+LpTXYO41mgX7N02Rl12QvD7lDpUgHUChaNpUcMcSpm5qvguLyG6XZg2BDNd6pyx+fpw==` | +> | Australia Central 2 | ecdsa-sha2-nistp384 | 01/31/2026 | `jm715CgIcCpPm/Lbc05DQGY/ruz1OqdM5jZa1I63W34=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLSDA7juMVxMlQQghLVwdkg87U1kE9P4ssrwt8k9Pts2vVSlG/iUYeCOBibjFljDnWkZXNiUzz008fAdNCfcjuwXbKwBXU/shP+Of11rCfTTu2hCE8KLU/Q3uKQyiGB3cQ==` | +> | Australia Central 2 | rsa-sha2-256 | 01/31/2024 | `sqVq1zdzD3OiAbnDjs70/why2c3UZOPMTuk5sXeOu4Y=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNZVZ5RVnGa0fYSn+Nx3tnt526fmMf+VufOBOy5/hEnqV6mPKXMiDijx2gFhKY4nyy957jYUwcqp1XasweWX6ISuhfg4QWcygW0HgmVdlSDezobPDueuP0WdhVsG3vXGbEYnrZOUR5kQHagX/wWf6Diy1J5Cn2ojIKGuSuGY/9bu3bnZzKt08fj+gQCEd1GxpPoBUfjF/73MM57IRhdmv919rsGD5nsyZCBmqFoKlLH/gKYZ4B3hylqf/6gER7OeZmG2S/U/fRAN0hVK7RkHNf2CFoCmuxXS6r87BznT5vF3nmd7tsf0akaxLjfWRbKLMWWyZkzU4/jijpbDDuu1x` | +> | Australia Central 2 | rsa-sha2-256 | 01/31/2026 | `Rtw7IkxA4khKCdOQRMby9qILYVL9Vjc2Mq0mEk1bZCs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDD9nOyOSgLGF2U3gtmh+5K4JLna7i0nySgGrhsmSvM7ZMP0csSpNGqgfluu1QPYgCQdYWZ249zF8VyOecMvZeWPevsnKGk31W19v5uw0XFZehN2otbeDYhrIH3qGoYckGZ53UWNpwjCS5tn9AnGzifk91mufUxahHCMvOYW/yXziOUZG6aIRmJXwTNO+6boe4r3E7jNhi7fNmoaxb6C6CfgzzOXEnXxOGOH5gbvxDo0w2kCIsN3HlR8FPXZEDVsxMpRfl+8WLVUk1ReJY8D3UiRF74f0QtzZofgW0dErbu1yS4+m8Pd76P9Dk7X+warYVWPOJB6fiaUuJGMNztNZxF` | +> | Australia Central 2 | rsa-sha2-512 | 01/31/2024 | `p6vLHCTBcKOkqz7eiVCT6pLuIg7h4Jp41lvL/WOQLWM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDcqD2zICW1RLKweRXMG9wtOGxA5unQO/nd9yslfOIo54Ef0dlhAXGFPmCd3Yj60Gt/CIpqguzKLGm4D3nf19KjXE8V59cD7/lN6mVrFrm+6CU44JAzKN9ERUelxhSQKi/dsDR773wt4jsAt4SLBRrs19RC2fkYnxZgC/LzNZKXXY3FFb06uwheJjGOHyeQJbGpaV3hlelhOSV1UF2JAB8v6d8+9+S+b666EcpQ70JtxtA8h1s30hqhTKgYdRYMPfz7lqKXvact2NBXlqYRPod5cLW7lYBb2LzqTk1D44d8cwDknX2pYQJpgeFwJhB6SO9mF/Ot+jk+jV/CxUI55DPd` | +> | Australia Central 2 | rsa-sha2-512 | 01/31/2026 | `jDCUSB/oiZWdbT9D0ut2YeWp4Tc9B2sRkLckc89GyOQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCxq8t20rSdPNg8/wq9IHPFWonfXAbJgiRtnBfsdXGq42Mecyx8CMm9i+TUbKdNq9JjEay4V7R6A41tpCDiAhKF8Lm0LbLU+xMti2VGudCBoxhLw2Zwhw0LDP4JO+S9gzh6eWeEkLZqQH8EyxQg0RghwumAyEFl3xkeAsM1lDMuKqVPPluc9x1j3vGU3C1UpUBNFSYs4BtgcqFRwnMS2P4bYXkT7HJFuXTIZDIcxMAAv9mF5nHw8xyzHcug88OW1cnqW0HLBDFpjE2FCAuStu5qIydSDf8+4WlgcaSfYHe4WM31fDMYARCm68qVhriMBvlByhlgJPjhP3kkNiCsxm35` | +> | Australia East | ecdsa-sha2-nistp256 | 01/31/2024 | `s8NdoxI0mdWchKMMt/oYtnlFNAD8RUDa1a4lO8aPMpQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBKG2nz5SnoR5KVYAnBMdt8be1HNIOkiZ5UrHxm4pZpLG3LCuzLEXyWlhTm8rynuM/8rATVB5FZqrDCIrnn8pkw=` | +> | Australia East | ecdsa-sha2-nistp256 | 01/31/2026 | `qLI4Er+3h7wEuAuMSWffpVJnckWm9egyz7ciWi4+GqI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ5v4o12sOOmXEW0s7nd6hjm7s2R6psCu+J3XYYV90Kan31EIqQvLOVR+/ScRzR2ZWrglvHbZ0p3BIS9b+Qmuco=` | +> | Australia East | ecdsa-sha2-nistp384 | 01/31/2024 | `YmeF1kX0R0W/ssqzKCkjoSLh3CciQvtV7iacYpRU2xc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFJi5nieNPCIxkYS7HKMH2fQgONSy2kGkViQucVhWrTJCEQMVz5peL2JZJFjf2a6zaB2olPaBNEkeuJRHxGyW0luTII9ZXXUoiGQH9l05B41mweVtG6pljHfuKQ4HzoUJA==` | +> | Australia East | ecdsa-sha2-nistp384 | 01/31/2026 | `eHy1DetHa/RbyledxIW22WT8Da2fqrnO9QVvzA+1AlI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBPKT9YkKOum0fA9ys/jDM6EKMs3WZj4FEsizY+lCF15RNRP27pTeUeksBeiBVJLJNxpDkxealP4kKTDAN2rO5KMcIjrfcaNpBfnhgg5u0E8tPjZgKTsFiWW4bRCKQ4MBaQ==` | +> | Australia East | rsa-sha2-256 | 01/31/2024 | `MrPZLU8llsG+SzgBN8eH702H4zuynyYgqqQLQmWGDEs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDsRwHZ+DKINZZNP0GO6l7mFIIgTRnJy7ikg07h54iuk+KStoB2Cwppj+ulPs0NiR2RgAsP5nchWRZQysjsfYDui8wha6JEXKvWPlQ90rEYEs96gpUcbVQesgfH8ILXK06Kn1xY/4CWAHEc5U++66e+pHQulkkFyDXTsRYHsjTk574OiUI1` | +> | Australia East | rsa-sha2-256 | 01/31/2026 | `O4+QFg7TgHTwoZ1asStdM+7ASB0kZ7Hr2BrC3pmTwZc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDLZNGWVC23V6iawz7XwcbwH7OcxNCl5mMKrQQPQLBqsf6uWMcIA66tV+Gwy7mOVztGEa7qb29MUdjKeIXD1je1THq/usWe8XaXCvIH1YueWx21ANCuo9YGrpRQLHTIu01SBeiFMsS4ZdMcTn1R2wEwxRR9awZ5Z24/iScJE/38M7WO9LtttwpOcFE1E6BGbdAbBtvpB55/1pRhLV4InwKULagNHkys6vqZ0TawgU1Xnfmvd2VfXREDkVqEcYKt6o1fEyD2ietUOqU0WOsNDIgXq87xDfY/D9i+3RD/mwHM6OzOCTF9lJIjJxCNAqohnP9A6VyKyWO7vtFvhN774d6V` | +> | Australia East | rsa-sha2-512 | 01/31/2024 | `jkDaVBMh+d9CUJq0QtH5LNwCIpc9DuWxetgJsE5vgNc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDFHirQKaYqkcecqdutyMQr1eFwIaIM/h302KjROiocgb4iywMAJkBLXmhJn+sSbagM5tzIk4K4k5LRjAizEIhC26sc2aa7spyvDu7+HMqDmNQ+nRgBgvO7kpxVRcK45ZjFsgZ6+mq9jK/eRnA8wgG3LnM+3zWaNLhWlrcCM0Pdy87Cswev/CEFZu6o6E6PgpBGw0MiPVY8CbdhFoTkT8Nt6tx9VhMTpcA2yzkd3LT7JGdC2I6MvRpuyZH1q+VhW9bC4eUVoVuIHJ81hH0vzzhIci2DKsikz2P4pJT0osg5YE/o9hVJs+4CG5n1MZN/l11K8lVb9Ns7oXYsvVdtR2Jp` | +> | Australia East | rsa-sha2-512 | 01/31/2026 | `f5+TI5gN7KXS/ofLDLeS+6d7rzChq8SrZMKr3+ylPFQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCrhphicX/V87bso8jPZG016Hez0oNP7CvJXDlEZRIkuJlX0wRorD0u7iyyJSXbFZsSl20H6idsNae0ljy/MUfBfb6nV4LXdV8SRSY2QExrd6sMiMgESpfTaXIM8YI/2B9Kyrx6AJBTuNMQACvq8VoBziNGoWhhCO4Mj5fwhDB6vNF3A0Of3qvh/mmMBpY/B/Ud4SwaoGxrP6vwvoB1S7RLQSDdjR1aeGwtWrxOnx1ReD3TsV3FYoj1Ot3LLySkPYF8eDVrnz54U/XJocta+bWdpgyxne4cNULHAyxtuTdvNo3eoZszUdZ8h52dEckhva1ud2eAMvq4xDbaBSIfW0Hp` | +> | Australia Southeast | ecdsa-sha2-nistp256 | 01/31/2024 | `4xc49pnNg4t/tr91pdtbZLDkqzQVCguwyUc16ACuYTc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCdswzJ+/Bw5ia/wRMaa0llZOjlz67MyZXkq7Ye38XMSHbS4k/GwM0AzdX+qFEwR00lxZCmpHH28SS+RyCdIzO0=` | +> | Australia Southeast | ecdsa-sha2-nistp256 | 01/31/2026 | `ieme9KpUiNa0zSTmW/zlYeiyq3yu4GwD28n3Le+Fwpc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFbcds+lsX2tixQjy47ZumhpAIvp0ojjVEOTnyKgMRYBbT6AOyjrk5ECbK5s1W79bTtZQQt4xmnfUXUkm0JvB9I=` | +> | Australia Southeast | ecdsa-sha2-nistp384 | 01/31/2024 | `DEyjMyyAYkegwLtMBROR/8STr1kNoQzEV+EZbAMhb1s=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJRZx6caZTXnbTW/zRzKfoKC4LGzvD5fnr2p8yGWxDq27CjUEMxkctWcT6XS3AstF2MLMTOFp/UkkSr8eP0vXI8g99YDeFGXtoBiFSIgYF2Aiu/kpfEu3feiIUl3SVzxKw==` | +> | Australia Southeast | ecdsa-sha2-nistp384 | 01/31/2026 | `YinhhlbjexJimlqKzOetdTlg+oP7sDVf3pjBZcUMZlU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKvI6seG26Vpmcc2WksGHHKnp4JSeDVJ3UvN3j4QoLrBGzRe1qx6IAMQuygggVCU54cGxkiPzci+NV6fl3Nw6uXMdyR2AP76yWbsYvk1nUnhsG83oVjucz9WsXjsl/dDNg==` | +> | Australia Southeast | rsa-sha2-256 | 01/31/2024 | `YafIMxux7NtoKCrjQ2eDxaoRKHBzpanatwsYbRhrDKQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC7omLu37G00gLoGvrPOJXpRcI5GTszUSldKjrARq0WeJIXEdekaSTz5qv2kSN/JaBDJiO9E4AJFI9q5AvchdmMVs4I59EIJ0bsR9lK+9eRP4071EEc8pb3u/EPFaZQ8plKkvINJrdK6p0R2FhlFxa7wrRlKybenF1v7aU3Vw79RQYYXaZifiNrIQFB8XQy3QQj2DcWoEEOjbOgZir9XzPBvmeR8LLEWPTLYangYd3TsQtybDpP6acpOKaGYDEyXiA8Lxv8O276LUBny6katPrNvfGZScxn6vbTEZyog+By8vyXMWKEbC1Qc/ecBBk5obFzbUnq3RP1VXLJspo99cex` | +> | Australia Southeast | rsa-sha2-256 | 01/31/2026 | `xmdRGjdB8ODcmg68eG+/dplKKKfOSEAXtXAAXYaQxsk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCzYBSvVIo2FgllCfeH6xerVZf8jxxYsZiTcRvojdlB8b0/n2/BISx43EtAmFudQ3dJ3Phc+U81CSgfr3Y9dWbfXsbpF5G41hVrGjpmR7u8ZYx/u3B2t+ymMatNytsNpHiUqKf1TR55jQqjhIctbbn9poyb43H6MLsxsLxvmFN21jwp1N3uHuBJ4fHJraa+QOIfcdGw6hSCuSAXdlbUVVXiF8U+MB28wiXuKsv7TFPHsNOyslre2P0MxQt5E8w78bpx8DGor1yvvFo4qNcmXqrc3cZfmfEB8sMCRGqgWisieu+bAOtCkK8mMjopArQBYjuOLms0qpIKwG8m0jttQCuN` | +> | Australia Southeast | rsa-sha2-512 | 01/31/2024 | `FpFCo9sNUkdnD1kOSkWDIfnasYhExvRr1pJlE631QrA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDmuW2VZAhR6IoIOr32WnLlsr/rt3y4bPFpFcNhXaLifCenkflj9BufX3lk5aEXadcemfKlUJJdwBTvTt1j4+X3P2ecCZX1/GSsRKSTuiivuOgkPxk3UlfggkgN9flE9EdUxHi/jN/OQ9CjGtHxxk72NJSMNAjvIe0Ixs7TfqqyEytYAcirYcSGcc0r70juiiWozflXlt+bS7mXvkxpqMjjIivX+wTAizzzJRaC6WcRbjQAkL2GP6UCFfBI1o9NBfXbz+qvs1KTmNA0ugRQ7g6MdiNOePHrvoF1JgTlCxEjy+/IqPiC8nNQUVCW6/gcATQoDQn0n9Lwm1ekycS35xEh` | +> | Australia Southeast | rsa-sha2-512 | 01/31/2026 | `aJTfDB4bKb7ZXnNHf/rQpqn60uHNsDdaqrvsTqIK0wI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCfeIyKblF1xo44RVh/bFm1DYxI9l26h+tT5P7qBqZztZ2yT3tLUkru6dKbkT8epNhTP4e0NDZl/WlIsleCmzCRfHnFYit+riYnskJBP4wcBDkDmQLBQiKcPhMwwCXsijWisHsc0PrdfSwOAhGllsJTy7FsKfYyCRaeLEq8AszNSwfgjMlLxytTEyKNMRZhTq6udY+8u2OJZaOveiKCyw/PRD64kR6DONcHMc+y157UaDIfx6nZtQ4O8T0akM+s5J3xnhUOQH2J48+QBN8l4y/cX65quyW7zqN8pxR2N8CK498p6eWan94visO/evOhnlLPAMR1V+cd0soVxyKt5Qlp` | +> | Brazil South | ecdsa-sha2-nistp256 | 01/31/2024 | `rbOdmodk5Aq+nxHt04TN7g6WyuwbW5o+sDbj86l6jp8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNFqueXBigofrM5Kp2eA4wd4XxHcwcNgNFWGgEd0EoNdKWt9NroU47bN43f79Y5vPiSa4prKW1ccMBl40nNN4S4=` | +> | Brazil South | ecdsa-sha2-nistp256 | 01/31/2026 | `hKqaUmDSKTLOZ4e558z5EBbcsLClt6uZ9Gl5dNQD8X8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPoLBRafaKd+jqxNF+AygWL/E8CA7Bc398nruOHSyXLQEDRPvNbNzVEXeK4BbhuQxPZWZV8gtWcYcJjSGCRUX3g=` | +> | Brazil South | ecdsa-sha2-nistp384 | 01/31/2024 | `cenQeg58JZ+Dvu3AC7P7lC/Jq7V3+YPaS37/BBn3OlQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBHBhfnlfXV9/m6ZgOoqmSgX3VPnRdTOraBhMv8v7lEN1lWwyBpiWepu52KS0jR1RhttfXB+n+p6i2+9djJ1zT7fHq4sNn/d/3k2J6IjJlymZ32GwPvDk+fGefupUtabvRQ==` | +> | Brazil South | ecdsa-sha2-nistp384 | 01/31/2026 | `cMW9MxGhPxMZQj34L0PTuEcPUVds74cuC0rJ/nBv1hQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDb+/ZDeuja6wcxVJVSNMWylUTItczguOMOsqyVdhJp2A3AevWHCo7edA+7Hl8fHouzdGsamlxDOwv3/fvL/a3DLtNyr9q7/sEaEr5wll79PhKLgq4VqZzm91VXN3y9DJw==` | +> | Brazil South | rsa-sha2-256 | 01/31/2024 | `qNzxx1kid41tZGcmbbyZrzlCIPJ9TFa20pUqvRbcjro=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC04g5K8emsS4NpL6jCT3wlpi6Msb5ax6QGlefO3IKp3wDKWAEqN+PvqBdrNp1PsitTKeyRSCLofq9k2wzeAMzV2n3UVqmUpNf9Q0Yd8SuXPhKG6VhqG2hL5+ztrlVTMI2Ak18SLaAEA1x7y9Z1lkEYGvCzJQaAw5EG8kd7XHGaI9nSCJ7RFOdJQF/40gq8z6E+bWW9Xs55JpWQ0i44i/ZvQUEiv5nyAa7D86y23wk1pTIFkRT99Kwdua0GtyUlcgCRDDTOzsCTn4qTo/MAF1Uq/ol4G0ZxwKnAEkazSZ1c+zEmh6GJNwT64nWBZ+pt5Rp3ugW+iDc/mIlXtxEV2k7V` | +> | Brazil South | rsa-sha2-256 | 01/31/2026 | `XGzPXMnOOBOE6DKAtYZDL0J/p33FDBqYvtoI8d8iMo4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDQkgaV5fCbgfaq099rXhqysOfNdFgVqMpNPbaMVyuTrO3zu6TQ3qPUylUaihFK2EBtiIaTlnfqCg3lmdydojez4cJnRV1o9i72LnFTJm1bMVNYA5RtNrJUIZQ0dpCjlJHmsQnjTCC2nfaamR0vqA3u6/KTp8rMMA1eKkvPRWlcXo/7l+ZdPinrfpzZ1KL1F8RYv7wRzrEdFi+u1gmzw5a3X6R6W45r9R/nvj3xiEDr9D7NUAztCJZcIX6GPmInGNNA66q81cRmO3aaJj2LaYeXd9BLblvXcupaZYcV9//tLF3WL0JGu635O29JerlH8VHP7Q09PFQfSfRXR1KHQs49` | +> | Brazil South | rsa-sha2-512 | 01/31/2024 | `KAmGT8A7nRdxxQD7gulgmGTJvRhRdWPVDdagGCDmJug=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC6W0FiaS21Dze6Sr6CTB8rLBu1T1Zej+11m7Kt283PSkQNYmjDDPUx0wSgylHoElTnFcXG+eFMznnjxDqkH+GnYBmlpW3nxxdTYD/MrdP4dX9ibPCFjDupIDJ4thv+9xWCw/0RpGc1NlUx2YmenDVMFJtYqjB1IDa2UUEeUHeQa1qmiBs1tbBQdlws1MCFnfldliB5H+cO4xnbAUjOlaa01k7GKqPf0H75+R83VcIcFw8hSuCvgMT+86H6jRRfqiIzE7WGbQBTPQs0rGcvxcGR3oGOmtB2UmOD232XTEk+sG3q2RxtPKWTz8wz1Tt2c1BOxmtuXTtzXnigZjB2t8y5` | +> | Brazil South | rsa-sha2-512 | 01/31/2026 | `c/BRQKWsx7emZMCDznUYFq4QgjqN3xY7oBdDXLbEFu4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCqu2gYqpE6pzLaaxbuN92SqpXcekRolPVC5BMFplaBVTfmyyw/SfaRbVQRAzXjjALjAxIrnPCAXOU1Za6FOwww6cUuex8F/5gIFIqPrQAKOqsOr6jj1cgS1BzvZyz8cbpL7Ovxf/hzmFl+SKoeDsPaLG6WcfitE13K9aPh0JacOSakTnPR82UpqWil3Dt24/gBUeKCUMTETaFK0N` | +> | Brazil Southeast | ecdsa-sha2-nistp256 | 01/31/2024 | `dhADLmzQOE0mPcctS3wV+x2AUlv1GviguDQgSbGn/qs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPYuseeJN3CvtyPSKOz5FSu7PoNul+o6/LB62/MW9CUW+3AmqtVANVox1XQ8eX/YhL0a5+brjmveZPQS6M09YyQ=` | +> | Brazil Southeast | ecdsa-sha2-nistp256 | 01/31/2026 | `waYY8zhE779/EFR8KCFsFx1by1jhT73Q4qfjLtfAZmU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHzDBumEcvBf0+y8zqSKlknaasOFOOPL+b8RSVycYmkR3CGsqb7QVRZGzhZnYOogynbbKlWtrGRiMMQNXp+FgeY=` | +> | Brazil Southeast | ecdsa-sha2-nistp384 | 01/31/2024 | `mjFHELtgAJkPTWO4dc7pzVVnJ6WLfAXGvXN1Wq2+NPs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIwFI6bRmgPe0tN7Qwc03PMrlpBn+wBChcuofyWlKVd/Ec6t2dxHr/0ev0dqyKS2nbK7CAOQxSrV1NVYnYZKql/eC2sPqI1oxz7DzUtRnNKrXcH714ViN3RIY3DZA6rJOw==` | +> | Brazil Southeast | ecdsa-sha2-nistp384 | 01/31/2026 | `LAPvDR8i5PsVJPSiMYN0pSNFz1axBwiYl2rNaOPzB2o=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJ2ZemQNN0FTdJXTb/zbuN3FzRD0oTtP5cLvNoNc6FZ2cTwJRZOtMwOZYuSxEC1FQk6Hw+jWq+ZGz1nmu12ohCeuVZbKo6hvdzOS0WEzTJ0wjVPDG30a8iBV8yTZtw3Kkg==` | +> | Brazil Southeast | rsa-sha2-256 | 01/31/2024 | `D+S7uHDWy0VPrRg9mlaK70PBPghBRCR1ru/KEsKpcjA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCz86hzEBpBBVJqClTRb7dNolds/LShOM4jucPRawZrlKGEpeKv70Khk8BdI4697fORKavxjWK0O9tQpAJHtVGSv3Ajwb9MB7ERKncBVx/xfdiedrJNmF0G+p97XlCiwkAqePT/9IFaMy1OFqwl6LF7p7I0iBKZX0UgePwdiHtJnK0foTfsASNY4AEVcXHEuaulLFJKUjrr6ootblEbPBnC6IxTPj9oD+Nm0rtlCeD5JtCRFgKUj3LWybEog/AnnMNQDQ+vMPbsCnfsW/J/HQc+ebx3NtcumL+PIxqJw2Pk6mRpDdL+vs2nw/PtnPkdJ7DjIQYLypBSi3AFIONSlO15` | +> | Brazil Southeast | rsa-sha2-256 | 01/31/2026 | `TatDYCAIu5TTBVlcv3TcZgBQft07KeMzSxxXIAeMpQc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9U3Bn/r8jYrJC+D0OVC8dK7+K1HVIaVqomWsXZv92iZC5xEuhnf9vQb0Qz+0vfWQn78G7pJ9O+HkEmx0TjSdHvA0rcXUDHoutJxry+OzDWPAoLnogkCs5EvqyQW8NAqZr69gYHLSx5aCV/ys7og7rmXD/mEylqfGc5BfEXDq+zfLVJZXtPta5D6/ZMH5YjggjHLNy1J0nw15/UMjt5KvhyIJS3jt3uYQymwvZBnNU33ZMPRm2lfpP+GGwDRBHv+/pA8ZaG1f5OHxJ2teEUXcQzL4jhWiIwAeeWlfD2JF1tZ2IlI1ei92Rtv0WyyZ64bqSW4E/eRew7p8slwMKzJJ` | +> | Brazil Southeast | rsa-sha2-512 | 01/31/2024 | `C+p2eAPf5uec0yG+aeoVAaLOAAf0p8gbBNss3xfawPQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDV3WmETlQwzfuYoOsPAqfB9Z2gxsNecbpuwIBYwitLYKmJnT9Q3SNSgqnBiI1TKWyEweerdQaPnEvz9TeynGqSmLyGT0JJXQXFQCjTCgRHP4WD0Q+V7HWHnWYQ5c2e8tKEVA1jWt57dcrFlrGKEsywuMeEX21V13qQxK2acXVRWJPWgQCVwtiNpToc/cILOqL5XXKnSA81Ex7iRqw8QRAGdIozkryisucy+cStdJX6q+YUE5L62ENV8qMwJdwUGywEpKhXRg5VQKN0ciFqvyT/3cZQVF+NkUFGPnOi0bk4JzHxWxmQNTIwE7bmPsuniw5njD3ota/IPUHV2og190Xx` | +> | Brazil Southeast | rsa-sha2-512 | 01/31/2026 | `QcySGI6X4F0GEHlkGj1MobZV+GGmy95/wYEYjyw0ORc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDwoCo/GZb1f/CnfvCBBuMODKxyPCmYM0wBafuKKKRrH+Jl1Ek0Qfgkuaa4GUYO+klyqxV5t+J6zVECEHQ6on6AXUJRO2/+zg2oYjLGSMQVvzE2pRj5+l2zOuZtu0p60MIYf49AZS7MDGRDBZBxcPxiNiUdKMD6D5h5zsMcNe28/CkRDdvOrORO8XPCKgNKFcGjSORKpRCuSn6NYQ6hx7lBuXnO6n5KfCjLH7+kRBx44kSBnHF7fEMhdzTh0tOdGJfRAl+YAK6T7m4FxwrJa1RaLyCKQXlK32y6h14WDRu2sHzfsJhTPuywJLvJvJ/ZzXtPKu/GGR+zR1RQiABc6krN` | +> | Canada Central | ecdsa-sha2-nistp256 | 01/31/2024 | `HhbpllbdxrinWvNsk/OvkowI9nWd9ZRVXXkQmwn2cq4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBuyYEUpBjzEnYljSwksmHMxl5uoErbC30R8wstMIDLexpjSpdUxty1u2nDE3WY7m4W/doyXVSBYiHUUYhdNFjg=` | +> | Canada Central | ecdsa-sha2-nistp256 | 01/31/2026 | `7QJ5hJsY84IxPMXFyL1NzG5OVNUEndWru1jNBxP26fI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAGEx7ZWe5opSy1zUn4PNfmAvWmTVRRTq2bwoQ5Dibfsr1byd7IIkhD5+0P5ybtq1dEdxh9oK2IjFSQWzj9jFPY=` | +> | Canada Central | ecdsa-sha2-nistp384 | 01/31/2024 | `EjEadkKaEgaNfdwXtzlqanUbDigzsdzcZJeTzJfQXP0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBORAcpaBXKmSUyCLbAOzghHvH8NKzk0khR0QGHdru0kiFiE16uz9j07aV9AiQQ3PRyRZzsf+dnheD7zuEZAewRiWc54Vg8v8QVi9VUkOHCeSNaYxzaDTcMsKP/A7lR2AOQ==` | +> | Canada Central | ecdsa-sha2-nistp384 | 01/31/2026 | `xqbUD0NAFshX0Cbq6XbxHOMB+9vSaQXCmv/mlHdUuiw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBmGFDJBLNDi3UWwk8IMuJQXK/927uHoYVK/wLH7zI7pvtmgb9/FdXa7rix8QVTsfk8uK8wxxqyIYYApUslOtUzkpkXwW9gx7d37wiZmTjEbsvVeHq+gD7PHmXTpLS8VPQ==` | +> | Canada Central | rsa-sha2-256 | 01/31/2024 | `KOYkeGvx4egH9DTGgxiONDMvSlkEkoU8cXWnynOEQRE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC7jhZvp5GMrYyA2gYjbQXTC/QoSeDeluBUpji6ndy52KuqBNXelmHIsaEBc69MbixqfoopaFyJshdu7X8maxcRSsdDcnhbCgUO/MnJ+am6yb33v/25qtLToqzJRXb5y86o9/WtyA9DXbJMwwzQFqxIsa1gB` | +> | Canada Central | rsa-sha2-256 | 01/31/2026 | `sjyXW72mkYFHJsn3kOW9jTj4eigLiltCg7gBzUC50F8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSiEoTgcdpkDMTugT+lzCFwFIiwYocqCLxjr01TOHG4X1ieqOphVa0+ccHT5ptNZAc1Wj6Rtxl4XYeyW2Hsssd0fKY/S9z9tqbFf/j8M36/D3h+pns0e3qWZ9BQstKQryRgvVhok5Je9mPjv27nJD4kSzJcK8+APYMNwESXbLSeZ1llvvYgdrWmJ/aZhoNEVXfjMfwC0SgnhTO47977mBtxJXz6i0ApDa3Lc2xvIdMMsufjiqeLyQrjwFsMB09N43PanFKw/QL4xWaUygAlV5yEuMdKn4tY/yLETUiEliaIkNW2hoYFDLj+TeVtjgX2ToVSYJ+xik9XDimFmRW7I1` | +> | Canada Central | rsa-sha2-512 | 01/31/2024 | `tdixmLr++BVpFMpiWyVkr5iAXM4TDmj3jp5EC0x8mrw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNMZwL0AuF2Uyn4NIK+XdaHuon2jEBwUFSNAXo4JP7WDfmewISzMWqqi1btip/7VwZbxiz98C4NUEcsPNweaw3VdpYiXXXc7NN45cC32uM8yFeV6TqizoerHf+8Hm8avWQOfBv17kvGihob2vx8wZo4HkZg9KacQGvyuUyfUKa9LJI9BnpI2Wo3RPue4kbaV3JKmzxl8sF9i6OTT8Adj6+H7SkluITm105NX32uKBMjipEeMwDSQvkWGwlh2oZwJpL+Tvi2G0hQ/Q/FCQS5MAW9MCwnp0SSPWZaLiA9EDnzFrugFoundyBa0vRjNGZoj+X4+8MVG2fYgOzDED1JSPB` | +> | Canada Central | rsa-sha2-512 | 01/31/2026 | `z8Uq32MaJlqeL8bFNdJU55tq+gj6D9gwzQG1Cai1IHg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDs7iqGJ3oYF9ptVmzR5yQodggMFn7zAIu7XlZNqJk/BR3bQ/gG/ogtGg+893aQCcT8/6joGu7SUgFKJeS8L/N9fg+h0SCdq5Iu/p0kbURvtcR4+qyeH6WIaagAPNaPYf7p33QCzFvu0Izia5nleOfpnvTgGN0eVrDYmP4TemVHK/LJs3GB7U3YAztK9mDJtGjTjNnHYsxwlNvfZBr9eVNr1ebN/YvN9e9qSFAPdQnQa4bzEa2PeHYWVAvLjzPIHM3m0K+PxeWINSlZrLn2/RcjGV8F0jdUj3fGEohF9Ui4IPIDtP1WGx48Iw20DB5lERiOcWT2Ps9RPzC2gIY0OUl1` | +> | Canada East | ecdsa-sha2-nistp256 | 01/31/2024 | `YPqDobCavdQ/zGV7FuR/gzYqgUIzWePgERDTQjYEE0M=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKlfnJ9/rlO5/YGeGle1K6I6Ctan4Z3cKpGE3W9BPe1ZcSfkXq47u/f6F/nR7WgrC6+NwJHaMkhiBGadEWbuA3Q=` | +> | Canada East | ecdsa-sha2-nistp256 | 01/31/2026 | `ppta3xQWBvWxjkRy0CyFY6a+qB3TrFI1qoCnXnSk3cY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIb5mteX+Vk00D8pPmjYuYBqC9g1xdmN8e3apdsXBucC8qXx9qug7veSex0/NzkTu00kIVVtvW+4LFOvhbat5Y=` | +> | Canada East | ecdsa-sha2-nistp384 | 01/31/2024 | `Y6FK9rWscBkyKN7mgPAEj0jKFXrv4mGNzoaZ9ttc4io=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDS8gYaqmJ8eEjmDF2ET7d2d6WAO7SgBQdTvqt6cUEjp7I11AYATKVN4Isz1hx8qBCWGIjA42X1/jNzk3YR7Bv/hgXO7PgAfDZ41AcT4+cJd0WrAWnxv0xgOvgLKL/8GYQ==` | +> | Canada East | ecdsa-sha2-nistp384 | 01/31/2026 | `RQXlsP8rowi9ndsJe+3zOl87/O2OOpjXA/rasqLQOns=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBO3mWu+SY6u27HQuJq154HCTrGxVsy9axbwTdVXFvgV1h1uhpIdgAZDL55bDe7ZPmB0BPirPas/vUQyG8aGDNAZJn1iinq/umZegYb0BCDthR5bPi7SPb3h7Qf6FN4dXoA==` | +> | Canada East | rsa-sha2-256 | 01/31/2024 | `SRhd9gnvJS630A8VtCYMqc4djz5R8EiG7spwAUCYSJk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD2nSByIh/NC3ZHsjK3zt7mspcUUXcq9Y/jc9QQsfHXQetOH/fBalf17d5odCwQSyNY5Mm+RWTt+Aae5t8kGm0f+sKVO/4HcBIihNlAnXkf1ah5NoeJ+R0eFxRs6Uz/cJILD4wuJnyDptRk1GFhpAphvBi0fLEnvn6lGJbrfOxuHJSXhjJcxDCbmcTlcWoU1l+1SaYfOzkVBcqelYIimspCmIznMdE2D9vNar77FVaNlx4J9Ew+HQRPSLG1zAh5ae1806B6CHG1+4puuTUFxJR1AO+BuT6fqy1p0V77CrhkBTHs8DNqw9ZYI27fjyTrSW4SixyfcH16DAegeHO+d2YZ` | +> | Canada East | rsa-sha2-256 | 01/31/2026 | `Xu6BiQYqbw7D0gTh+OZaARgIVYWTFlkIC+VNpuBOPF0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDCTQXQ0rFbmzK66YlBM5nA+413ZBtj5aWZBh9w1pPjmLRwuDtM+PgW6LSbWzC9TR0OkH0oinW4ARGTmECWs4oi5EZSwC9t45GUF3jYbsGfEzfOC51elTmYEA00IjAXVuBMQQ8/dZehuBXsGh6frtVpDus6f4lmfWLyrGGGo5gjrwzmQOw8lWXfMGohzM04qtqu2M18wNb17JraqrDQr6q7Nbpt/dRrjWmqpkOwCVALH27BiHPypCy7poCRyH1s5eakM20AC99Dl7XTDCGfaySPVIt0MdZDL59BHkyY55zjGaalQTxVXIISLg4kkdVMZ8iCvjFp39Ejy9j3oroQMSD1` | +> | Canada East | rsa-sha2-512 | 01/31/2024 | `60yzcSSOHlubdGkuNPWMXB9j21HqIkIzGdJUv0J57iY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDDmA4meGZwkdDzrgA9jAgcrlglZro0+IVzkLDCo791vsjJ29bTM6UbXVYFoKEkYliXSueL0q92W91IaFH/NhlOdW81Dbjs3jE+CuE4OX5pMisIMKx45QDcYCx3MJxqZrIOkDdS+m8JLs6XwM07LxiTX+6bH5vSwuGwvqg5gpnYfUpN0U5o7Wq7H7UplyUN8vsiDvTux3glXBLAI3ugjn6FC/YVPwMOq7Luwry3kxwEMx4Fnewe6hAlz47lbBHW6l/qmzzu4wfhJC20GqPzMJHD3kjHEGFBHpcmRbyijUUIyd7QBrnfS4J0xPVLftGJsrOOUP7Oq8AAru66/00We501` | +> | Canada East | rsa-sha2-512 | 01/31/2026 | `9WgdJJpcIgUfdOMQ0R9UCtYejScPaEk1/6mr0P/pirA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD2M/EM3gDr5tFjQlc/Fe+cyJhu3c/oVT7HnpHVLHLeSMaT6QM9j6XX4kfH9Vwsv6FaOFjDBDTWTWF/UY1KrJJl3beUwNLeEIDs8TY8x/lPd6cjAVNanGmrqPgeErIfTxOS1cmAV6AamTJKgrRLJkpoqZcEZ1+1ZF+SoRTAyPG3BP8L8V9VQa8mnN6Wn+vPbTc1vxyx4jXLWyPmPjFXnOJW3l/gJUTEstDoDA1V85OAwVg9TTkfweT7DhnbrM5OjpG6VaTfFTivAwK+SLhyzKtLHoiMf9Ps1ufRVZJGj7NnLQrYALdOVVNRlRkYXxiwTeHIHYHDeZnorZwj3PJd8Tll` | +> | Central India | ecdsa-sha2-nistp256 | 01/31/2024 | `zBKGtf770MPVvxgqLl/4pJinGPJDlvh/mM963AwH6rs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBjHx8+PF0VBspl6l9Xa3BGyJwSx2eDX0qTDnhrdayzHMWsHGX3vz0wr7oMeBVdQ26dOckExa6iPrEDSt8foV1M=` | +> | Central India | ecdsa-sha2-nistp256 | 01/31/2026 | `rHRhvRfgmqyom1omCeSUGYj7WGA4YjMeFl+UqwAlaC0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDdtXYbiF9jmvUF2CCOoI5KbFNXpSvzLDN0onfcToVHqOg5UOiDng3KLU/CfPBKrnkpJSYwuAXMHkz6ZndjsZEU=` | +> | Central India | ecdsa-sha2-nistp384 | 01/31/2024 | `PzKXWvO/DR/KnUElcVWIwSdabp6ZJqce37DJZzNl3Sk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJwEy1f+GYN4rxhlCAkXGgqAU1S7ssI4JPEJs8z1mcs8dDAAVy1cqdsir9yZ9RSZzOz/BOIubZsG137G2+po0Pz0FfJ0jZVGzlx1UHXu7OMuKQ7d2+1TkPpBYFy6PiCa3w==` | +> | Central India | ecdsa-sha2-nistp384 | 01/31/2026 | `r3wp9j9FCMQUljrxkegRavGW8rHGYWLrdnjhEvD+qX8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNtvF355mm7qAbl0aMHb8mDOj/4ZOw4DDyW5JXCW/+JTKMuRDY1IcYUx4BHV3F8C4nnFKvO5pPmUMmutQlPbnO7GLTGPbkkbTE97ukOnaE8zygggv2IL8o8ly+IScngaQg==` | +> | Central India | rsa-sha2-256 | 01/31/2024 | `OcX6wPaofbb+UG/lLYr30CPhntKUXyTW7PUAhC6iDN0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDWuKbOJR8ZZqhE3k2HMBWO99rNWoHwUa+PVWPQHyCELyLR19hfrygNL9uugMQKTvPYPWx8VM6PrQBrvioifktc/HMNRsoOxlBifQETfRgBseXcIWorNlslfFhBnSn6ZGn8q4XICGgZ1hWUj9z1PUmcM2LZDjJS33LLzd23uIdLePizAliJAzlPyea8JNpCVjfmwnNwtuxXc48uAUXlmX+e0ZXRwuEGble8c1PbrWWTWU4xhWNJ+MInyvIGv9s6cGN7+fxAFaUAJS0wNEa3poCnhyNxrckvaqiI3WhPQ8Hefy2DpXTY03mdxCz8PZPcLWdQU3H5nmuAc/pypnc0Avax` | +> | Central India | rsa-sha2-256 | 01/31/2026 | `i5Zac3+f2G320lSm0K8y+6viEGtsl6qCYMMpgVTcy64=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCjAJLsxbTma6wk7woZqkdhYdXNMI1HBklRHXXlgMdsu7wIOwlyzKAGRjFp5xG/FvWoGlJOUjd2xAg5zUS7CKRP9CHoKPfj+0M+LJUXKFabcIP3ibg2IWKiIVc3B+C76YUwz9J6vHrjinlVH7fJ3DU/71RcFwNTVS+MlWC+Z7rhZ3p/V7BGRXIA77lBvs4iXiXTmoIC4JqnscJqR/53zaCY0WbdDlaM1jfG1bxTGRSoJIoYoJwIled6fNKFdWscodjgT893mx19c6blfnVbohCWvvhXqmARoeoMFLqEhGitZgyEtW6Nrww+KnQsHt//6slBhkXYCF4t32Jan/Od4coJ` | +> | Central India | rsa-sha2-512 | 01/31/2024 | `HSgc5u8s+QILdyBq6wGJkxRcK5nxj81gxvpkR5bcH6k=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDSO/R/yw8q33yLkSHOw0Bi2WKDWQPrll8skh3hdRUB6wtw9dvtQFEV3suvFJsTVvAbnGBe2Fjgi69X0zkIygxg74XuQsx7GZO6gyaKDwljyanFoCzer+OzFSpDcVJ0zOfhY99uHeYT6k4leb2ngABqjiqieDHMZ9JQX12KOK3cAks/oytrNUo9krGb1Nyv5BYu4dWXHmuFgtigDd043khaARfdWkg88lKgb6G9k+vQTGKphLnFMqhada/aP8GsaA2Dq5d/LH5P5CTU7MRPA8TuuyLOtbv8FtQ2TyaAXhYCplCQELtto1yXZ79WVjQE/uKuX8xK5M2rfOH+H5ck/Rxl` | +> | Central India | rsa-sha2-512 | 01/31/2026 | `ayU+zBGAtHWl//+qIGkX+J2V9HmjLkrFIuouPXpHn3I=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCw2Cg206KXydbvcCXQnMUmF1cJX3duWHQ4tkToq9ne2C28+rb7tPNznxR1tyXEG/in6U7W24QvkwcRiq8yPOjgTOlDUVXyVp5g/JZyElVZkSh22/cOHjwpJyNvqXAW3/8Gy4umrbB+hZhloZVINswKn4H476z7y/bAqZ5xzpEjIoXUkGz3KJvFa6zbAyh4cK9P0BosnXT9CPQ6KEgUmW37HI2GbBfSgg1Oh+hTEWYVMUHQ6lRA+rGVtVo7dtF/Lcq+M2xw9` | +> | Central US | ecdsa-sha2-nistp256 | 01/31/2024 | `qN1Fm+zcCQ4xEkNTarKiQduCd9S+Aq3vH8BlfCaqL74=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN6KpNy9XBIlV6jsqyRDSxPO2niTAEesFjIScsq8q36bZpKTXOLV4MjML0rOTD4VLm0mPGCwhY5riLZ743fowWA=` | +> | Central US | ecdsa-sha2-nistp256 | 01/31/2026 | `qauInQWUECwYnaX7TZX3fiUK8Ik6JvqcHPiGZ3t2USE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNK4jYX7nbriJOOrDSuKDqRIplMn2QXJc1WjTu/nJWVP3Ajq+Q1GhtuFTnVGqTaqhrVnlqwr7z4aPTwb9SKcO3k=` | +> | Central US | ecdsa-sha2-nistp384 | 01/31/2024 | `9no3/m09BEugyFxhaChilKiwyOaykwghTlV+dWfPT6c=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBCiEYrlw9pskKzDp/6HsA2g0uMXNxJKrO5n16cHwXS1lVlgYMK3mmQdA+CjzMdJflvVw7sZO2caApr+sxI3rMmGWCt5gNvBaU6E9oUN8kdcNDvsfFavCb3vguOgtgbvHTg==` | +> | Central US | ecdsa-sha2-nistp384 | 01/31/2026 | `ZEDS1pjRAIEjCgX2QiX+rHtanf5xtfkfoa9bSqt7+PU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDsC/6PC62ViNxNREq5R7gDOijn6iff8JN0tAskmv/GnzOLePqF/h7XFllfUb8/cBO7912wagjKgl/o7t4oGCs2u4qIW5XkJROAM+lNgjBOb8B2GgxUGHThzbd0z70I2kg==` | +> | Central US | rsa-sha2-256 | 01/31/2024 | `GOPn34T1cCkLHO0xjLwmkEphxKKBQIjIf9QE1OAk3lU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC9oA4N2MxbHjcdSrOlJOdIPjTB2LpQUMwJJj+aI2KEALYDGWWJnv0E14XjY1/M35jk8z0hX4MHGE/MEocSsTVdFRdWdW9CKTWT6eICpg9frTj6wfkB/Dxz/BAYb/YXq5OMrFlkFJUG8FMp9N80W6UWichcltmSrCpRi5N3ZGpVXEYhJF+I0mCH7Yheoq2KzIG2iWU/EJT5fui4t51wD8CQ1NWG8/THnNr0gjCr3AtB+ZPAl/6N7i2vO3FlZEHUj6BHoQ4dhIGjGCkgFDNU6RpdifqMJRihP9fSMOq4qksch1TE5sOnp0sOaP/RQvChb4oXB8Pru+j45RxPzIvzzOZZ` | +> | Central US | rsa-sha2-256 | 01/31/2026 | `JfKCn0CJEScjYafW9PpANzQdTnOw/EdN3gJhbMI8gKs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCmhK7qQ1FcvmISoyHhnfTIiH+IelL9xqZaoojvmy0EVhra95YptGOMkTn0CDWICXmVynAE0nBd4MTkztJbp/m+FWyGzKRn/aA4AfAztQSngo0pJm/lFqRCEbVlqpVaYzuG7ev1OL3FFzJnVo5jYMUqfo8VsAC44JTLrDvCq/FLhAqUxfzzluqy5T9GqxvsnV4ghAN9iHpKF3evm0eZHgeqmmgNbNbUGJ5xcR2c1UJ/kuKL5gfiJaVQhBY9Ps7Hj4AmXfUkcKboPbfssmvrhsWnrHUFZV7zs2FHGpZJ+OYwKCnRkNhIcdfgA7qUhnFU6wR8Y/T0Cc1bPLmhqMQ++wsJ` | +> | Central US | rsa-sha2-512 | 01/31/2024 | `VLhZbZjHzoNRMyRSa3GYvk2rgacjmldxQ2YNzvsMpZA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDPnuJixcZd6gAIifABQ377Mn0ZootRmdJs1J3R8/u7mbdfmpX2ItI0VfgMh4BzGEdgCqewx4BjADhfXRurfimuP8P9PLRq89AHX2V+IfeizLZkrnrxKiijjGEz640gORzzwIp2X+bmnBABWzEZjSNOeE3CKVr4ONvH80bYGFFqR4+arOelDqWEgxktM1QBlId7xR7efmtEGAuAhFbZVaqjBNsbqyiR/hlkMQfmWn1bjGSoenUoPojc7UAp9+Xf6ujkhCihRV/O4A69tVvp5E0Qv5MJ1Qj3kzAYbHQcIQ2l47MQq1wdZYxkYBHmH5leAjHgQbbccPalOLSbLRYjF169` | +> | Central US | rsa-sha2-512 | 01/31/2026 | `32PYrgj4NuDRkmx8YFYsHltumXVt1latrxD0JFIA7/s=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDC93zGJh5WJUWl1b7kX89hUDhla14XyiWH5aSiBY39rm2spPCh9kaZZJ20wkLNkUoqKsc8UpD+c7rWlUWKsNlNVhJgTCuvH6CRpZD/BP1qZK0W9NHGDl2VwFdFiVUj0Q4RtI5KzZhY28zo5avq/9FHKEEq+eQxNGz/G9JXmm+R/HjfIF/wfk1MbtISvveCRMyv/6VDCWTlfy5Th25keC+HunvslAfHr+Z1EJp16pOjKWWmKzXyBAOuTPrp8nSjJA9PPBObxzkinBiLsVK7edL3Zej2HPdbqUb959dQtFRqmrG4MKhFcQ8yqBxR1NUoJSwt7sCI4DlBnBjhmJ7By6YV` | +> | East Asia | ecdsa-sha2-nistp256 | 01/31/2024 | `/iq1i88fRFHFBw4DBtZUX7GRbT5dQq4g7KfUi5346co=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCvI7Dc7W3K919GK2VHZZkzJhTM+n2tX3mxq4EAI7l8p0HO0UHSmucHdQhpKApTIBR0j9O/idZ/Ew6Yr4nusBwE=` | +> | East Asia | ecdsa-sha2-nistp256 | 01/31/2026 | `xwUJoTMUBmM81ZmYjjfxfgSE6Yks2woMI2hetcEfU4k=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNlFiBRJEgLR9csCbx7kXJ0G+bPbK0bW09CumJQtdTRVYWKxpMejRY5fY8prqtsQTJ7o5ec2O1Ym4nvjLo2okfA=` | +> | East Asia | ecdsa-sha2-nistp384 | 01/31/2024 | `KssXSE1WC6Oca0dS2CNySgObkbVshqRGE2JcaNsUvpA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNEYGYGolx8LNs5TVJRF/yoxOCal3a4C0fw1Wlj1BxzUsDtxaQAxSfzQhZG+lFCF7RVQyiUwKjCxmWoZbSb19aE7AnRx9UOVmrbTt2PMD3dx8VmPj1K8rsPOSq+XX4KGdQ==` | +> | East Asia | ecdsa-sha2-nistp384 | 01/31/2026 | `gSiSTfoGmkLGgcJ132d+URA3oQ2p/a3pnctN7BC+PJ4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIbUwjm0IuyZV7515jFCyrIsM8KfyBEhT2ZuCASOnMlETbopf/IbFhU/aXkmvUVp81KbcoXQqAiYolDvcnC28HlsXLlYbEQNXVMMNBDJbVAAQv9Odx0+Wn23XHv1bZO6pQ==` | +> | East Asia | rsa-sha2-256 | 01/31/2024 | `XYuEB+zABdpXRklca8RCoWy4hZp9wAxjk50MD9w6UjE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNKlaGhRiHdomU5uGvkcEjFQ0mhmNnWXsHAUNoGUhH6BU8LmsgWS61QOKHf1d3qQ0C9bPaRWMpemAa3DKGGqbgIdRrI2Yd9op+tqM+3hrZ8cBvBCgqKgaj4ZitoFnYm+iwwuReOz+x0I2/NmWUxuQlbiHTzcu8TVIln/5sj+n9PbwXC8Zk6vsCt6aon/P7hESHBJ4yf2E+Io30m+vaPNzxQGmwHjmBrZXzX8gAjGi6p823v5zdL4mq3tT5aPPsFQcfjkSMRDGq6yFSMMEA7i2dfczBQmTIJkYihdS8LBE0Ir5islJbaoPQxeXIrF+EgYgla505kJEogrLprcTGCY/t` | +> | East Asia | rsa-sha2-256 | 01/31/2026 | `Av3JGShpQfhXUp9gKKTqBSVyHZw/+EuGP4Crz9hw1UY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC6MlC6jYSV8yPsEVEi3F15kFdLhcZL5s0LgkoNcNjWL/fEem4i2agaThOJRDI4BEHIsjlQvERxN1UPkQz20LJ208gSfE+VMHg/CbDqWZy2KLWDWF32+/1QizFVfsUv2KEMOce8FohMfqUOfEwrCpGAjvHM+0Fhb2XylELXSHzPntxEop3ZVRv+1HyGIPRF5H5i+FuO4XaWc8COZo6FTnXSeXt/f4nwztPo8pNV2/q3IQWDbQxyhfvmQj6p8ZJyvLZLHd33ouFSvGzYBZwFLzud0l+TMK8nbS1eI24D2GQwhZbdxo/W/X3qkDse2SM4+5VoFRn9w5i96fQ9NALuXX9l` | +> | East Asia | rsa-sha2-512 | 01/31/2024 | `FUYhL0FaN8Zkj/M0/VJnm8jPL+2WxMsHrrc/G+xo5QM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC7x8s74EH+il+k99G2aLl1ip5cfGfO/WUd3foiwwq+qT/95xdtstPYmOP77VBQ4G6EnauP2dY6RHKzSM2qUdmBWiYaK0aaI/2lCAaPxco12Te5Htf7igWyAHYz7W99I2CfJCEUm1Soa0v/57gLtvUg/HOqTgFX44W+PEOstMhqGoU9bSpw2IKlos9ZP87C6IQB5xPQQ1HlnIQRIzluJoFCuT7YHXFWU+F4ZOwq5+uofNH3tLlCy7D4JlxLQ0hkqq3IhF4y5xXJyuWaBYF2H8OGjOL4QN+r9osrP7iithf1Q0EZwuPYqcT1QeIhgqI7OIYEKwqMfMIMNxZwnzKgnDC1` | +> | East Asia | rsa-sha2-512 | 01/31/2026 | `R1a8tq1zGulHLnMhM6C4Ee4Db7s8hjYPeD/ofFLUAvk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCtcwGvbsP+jxy7gsdsXCX2ZAMLsTNE02dWWyFpJPd94BHS8QyU0PLG6iJdNKhhqjeqYVTDOlgSHW405/dl0WGEm7yTmHDR/F3/f/JzxIHNQbSbUJqsyNbWrYb2KMJ2+VEkgrvvkvOIrWafNEnv6gAlj86qNz+WU+ZnDIX48GOrZAKBxmEnv3SzSH/GdnmEcXuOMQlQIxe0JGEl576DHp5yByfzwFcSuwurm+VheWmP4xFihl0fhmeOuRxLO186ERXrqeyzufiRU03jRz4v/pEoh10/TX6A2YHC/kbtGe0KyEkz1l` | +> | East US | ecdsa-sha2-nistp256 | 01/31/2024 | `ixDeCdmQOB9ROqdJiVdXyFVsRqLmJJUb2M4shrWj8gI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNrdcVT12fftnDcjYL8K3zLX3bdMwYLjNu2ZJ1kUZwpVHSjNc+1KWB2CGHca+cMLuPSao4TxjIX0drn9/o+GHMQ=` | +> | East US | ecdsa-sha2-nistp256 | 01/31/2026 | `eMxQHe6f1/jYEKvKWMYQ28EUYrSF5e/km5Nw9mNY9Lc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGqgdtuQlZCFnVoC07xb1yCqS/6ncURKIwHuxgLGjrlXuGqgOwTu0AkfNIXtpe6JHcufVUO77r+KFYFblDfHDrU=` | +> | East US | ecdsa-sha2-nistp384 | 01/31/2024 | `DPTC6EIORrsxzpGt6IZzAN67nlZUXzg5ANQ3QGz987Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEP3CUvPVWNVnFuojR43KRxTQt1xiClbgDzqN/s9F5luivP+Gh0QrK5UHf6diEju4ZQ9k2O10MEDs6c46g4fT56rY8CQkeBsaaBq8WYLRhSQsFZ6SZuw14oFNodniAO33g==` | +> | East US | ecdsa-sha2-nistp384 | 01/31/2026 | `eZl4tJ/efkL0Z5yDapDrvQ6QbEfGWUeHhk4wtIQ0cd4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNPqgUMYmU95Jbd5LP9dBw1leS7Truvk/szkErBIrDH3eJT3AsEQG80Zbd/DysTwx/yRtUg1cmAhgh6GyCIKu842RaWRxeMOHAyOla9FLEEQ9kQdp6ugJed8JGVGi9mVAw==` | +> | East US | rsa-sha2-256 | 01/31/2024 | `F6pNN5Py68/1hVRGEoCwpY5H7vWhXZM/4L442lY4ydE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAiUB94zwLf0e/++OeiAjE0X7Od2nuqyLyAqpOb7nfQUAOWyqgRL04yaan6R2Ir2YtI0FRwA6yRETUBf2+NuVhIONgLNsgPw3RakL1BUqAEzZAyF4sOjWnYE5/s/1KmYOE052SefzMciqjgkBV2+YrPW1CLivNhL4d1vuQh05kADLgHJiAVD6BqSM7Z6VoLhW+hfP4JklyQAojCF6ejXW7ZGWdqQGKLCUhdaOPSRAxjOmr9gZxJ69OvdJT2Cy6KO1YQt2gY2GbPs+4uAeNrz40swffjut4zn1NILImpHi8PTM+wcGYzbW4Nn7t5lhvT9kmX9BkSYXLVTlI9p1neT9t` | +> | East US | rsa-sha2-256 | 01/31/2026 | `ZuntI4L/vzc9NZ1djZKixk7/b/LBTS/QMTewKLlyTtE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCfGNZ6SmAifUduo3pwcbgv/7tDxxluqhIupm2kliXQjfgvQslVHxeBeYwmPk/bxoSRGybLnrIUUtYuxqIeVpWNi2VaFCn0gtcRlJdI8IhKP3d+fq8sw9/FfUQCh6pxvx+BczQSmsIPLGCiMknnSS5ffCtvk3rEYvOpH1T2tmJO6YDqsC1lcJbZPSI5kQttJXw++1xk/67/1KWHYyFTVlOXD4ikfvS7wTjIBbW+jVu2vFPzj+287Zo8oub2nN1HbUNOS1NdlhT1lv4Yg8c8eXyjmHTDanrR0ekjGkxGrnj5mv/GWC1kSzHwStOjip6fXaKFpBgV4iP2uLICLpeHWd7t` | +> | East US | rsa-sha2-512 | 01/31/2024 | `MIpoRIiCtEKI23MN+S2bLqm5GKClzgmRpMnh90DaHx8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Ut7Rq7Vak26F29czig5auq334N9mNaJmdtWoT32uDzWjZNw/N8uxXQS51oSeD7c0oXWIMBklH0AS8JR1xvMUGVnv5aRXwubicQ6z4poG5RSudYDA3BjMs61LZUKZH/DRj7qR/KUBMNieT1X+0DbopZkO9etxXdKx+VqJaK3fRC5Zflxj5Z9Stfx/XlaBXptDdqnInHZAUbZxnNziPYrBOuXYl5/Cd6W4lR7dBsMCbjINSIShvrhPpVfd3qOv/xPpU172nqkOx2VsV4mrfqqg62ZdcenLJDYsiXd/AVNUAL+dvzmj1/3/yVtFwadA2l83Em6CgGpqUmvK6brY3bPh` | +> | East US | rsa-sha2-512 | 01/31/2026 | `VhbsPBUzLUym31p7u74czET3oer59WtFIIgfxFs5ppg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCxCnn/udlkksnGAo7oaReFeIadPCUA+edUXEf4Y/4sUafDdwYmxvm7ryS6DbpbDHDB53Z0iePiKjCuBDe75X7/qulFBx6XIWc9Y6orRaqCj1De7IEHuATyMXBcnY9XZyRvqupLX80nvWcwD4Iiep2DRt4uqP8aLrww3gUv88Oqozy52psmR0RR6p/f63CcuI5G/agD5QzjSKwNmkInelc64pfNJjgOnwOPESf7M9p+GV6xjoS0l9nHMyjz3vh5GXpfUuGtffrpjd8S53jtftloBqdGDT8FBKyP8eWhYj4m2Nb60VqgDUru2L6rkWriJ41wJ60yzy/3TyuJOswnTlal` | +> | East US 2 | ecdsa-sha2-nistp256 | 01/31/2024 | `bouiC5HdtURUU19RJbym8R94fbMOTw/bUxFUkoAByoI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJshJI18IECu6neLrash/Q622MAXO07C+hbIOiVPC6M/ZIJM8HyYvQEh4DKI1CMEaeAIs/HA905QKeU/syvt7QI=` | +> | East US 2 | ecdsa-sha2-nistp256 | 01/31/2026 | `yrYziYjpobvWek9eYu+D8L4hctcCq0VStKtzhB4aUck=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHVF9WzUs5VQm/gWREot7hIKhthQichwFg7TK0bk2itpGZTHZbih1Jq9yZbkWZ+aZdH3wP8DxKJB1W3zFAk3l6E=` | +> | East US 2 | ecdsa-sha2-nistp384 | 01/31/2024 | `vWnPlGaQOY4LFj9XSQ2qN/NMF92+UOfKPjGNSPA2bOg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBByJNAblwxCNVqedg5FcdbdwiuzTMVEWj/uF3uzI8wp890Xv2M4H+aMTpeItxgQsuiQCptgITsO+XCf2dBTHOGWpd90QtvcznzHyy/FEWVAKWs9brvyaNVe82c4TOFqYRg==` | +> | East US 2 | ecdsa-sha2-nistp384 | 01/31/2026 | `CAtRIpdqubfEKm6LDgMHmf70ID4gd6C/eBQ3WVIEdvA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBHynQxaZBSfmU3Irizom4OrhSxqjLn3v3aGqOob2wlqsvbyNQTwuLBvSjJUPLngsuUlQqfrDBTJknPD3VSc9XzNz3QuEcq8/7DfvKxikI4ZiVy1ET/uawH+zox1Y6LokFw==` | +> | East US 2 | rsa-sha2-256 | 01/31/2024 | `K+QQglmdpev3bvEKUgBTiOGMxwTlbD7gaYnLZhPfe1c=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOA2Aj1tIG/TUXoVFHOltyW8qnCOtm2gq2NFTdfyDFw3/C4jk2HHQf2smDX54g8ixcLuSX3bRDtKRJItUhrKFY6A0AfN1+r46kkJJdFjzdcgi7C3M0BehH7HlHZ7Fv2u01VdROiXocHpNOVeLFKyt516ooe6b6bxrdc480RrgopPYpf6etJUm8d4WrDtGXB3ctip8p6Z2Z/ORfK77jTeKO4uzaHLM0W7G5X+nZJWn3axaf4H092rDAIH1tjEuWIhEivhkG9stUSeI3h6zw7q9FsJTGo0mIMZ9BwgE+Q2WLZtE2uMpwQ0mOqEPDnm0uJ5GiSmQLVyaV6E5SqhTfvVZ1` | +> | East US 2 | rsa-sha2-256 | 01/31/2026 | `RZPLfTsRLm+N/RPnXwxR1IFIu9Cv2tPnA9sMYdaOVVo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCyiiKvJPcYD0JV+RSjmTSbsNlJbwtkJAhWlwsM4ENc2HyPVLtIWraA4QPSIo9Mrj4otUS8HXX/NMyCWpMScvZ5igCDcxMGATJo3GZTflAvzX6xomIPiSx+hVBOVUDlxWxoeebv8zqBBK9ZNDUMzZFlqI98X9SmgWGgSAWQLuBl7SamCoc86QlCMRguPEOmOs66tUlKzYL9IhWtKWCfCHYxO9GFQKkW2aVxdWXby8RDhRhtRvZKmU55701Cak9G7iVrdpzw/4jDodJzogjMUpU6dyAFJfDJoeaADnvCuem6LrNrLH/Dw5slOrluwtb7c+vBbPdYBRzh5r9w/gTEscsd` | +> | East US 2 | rsa-sha2-512 | 01/31/2024 | `UKT1qPRfpm+yzpRMukKpBCRFnOd257uSxGizI7fPLTw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC/HCjYc4tMVNKmbEDT0HXVhyYkyzufrad8pvGb3bW1qGnpM1ZT3qauJrKizJFIuT3cPu43slhwR/Ryy79x6fLTKXNNucHHEpwT/yzf5H6L14N+i0rB/KWvila2enB2lTDVkUW50Fo+k5U/JPTn8vdLPkYJbtx9s0s3RMwaRrRBkW6+36Xrh0h7rxV5LfY/EI1331f+1bgNM7xD59D3U76OafZMh5VfSbCisvDWyIPebXkOMF/eL8ATlaOfab0TAC8lriCkLQolR+El9ARZ69CJtKg4gBB3IY766Ag3+rry1/J97kr4X3aVrDxMps1Pq+Q8TCOf4zFDPf2JwZhUpDPp` | +> | East US 2 | rsa-sha2-512 | 01/31/2026 | `ZGPvMmPh7ifSqyxf1Tzbl7yT3oWby5SH5lUghRXwCKs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC/5VjuQpUIDk49mHD6UR4hPUrphDmpDxsWXNI70myr1ExXFPn7U2oTsLU2PXjsPwCt1PnJlNiVp9IsSF99FWyKAfdE13RjuWUckNl+ibYWEGK7JkxXFbWcZtGxUXPa4TopP3mDrOD3ag03uaTBHqJeHjVenLM0yy4uM7uQrrMc+sglGThJ7UNytz7jqS2ZGZ9OSxOFizw9aMc4sIVyqhcjouglrdv0Pp5s1kZ2uHHCf6q9Y67SuumgZ1BNSreSuINhmJsibIWhIaJxh3Z8Yaia6gt8rgVufFI2Xs7ift2QiJLMT4S8Z6stvRKv6sP0bad3jnlQ0nMFKmgOvbR+hBKN` | +> | East US 2 EUAP | ecdsa-sha2-nistp256 | 01/31/2024 | `X+c1NIpAJGvWU31UJ3Vd2Os4J7bCfgvyZGh35b2oSBQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK+U6CE6con74cCntkFAm6gxbzGxm9RgjboKuLcwBiFanNs/uYywMCpj+1PMYXVx/nMM4vFbAjEOA20fJeoQtN8=` | +> | East US 2 EUAP | ecdsa-sha2-nistp256 | 01/31/2026 | `V21Ku/gEEacUyR8VuG5WjVOgBfWdPVPD1KsgCpk8eqI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPd+eEm6eCdZCbpaVGZPvYmetmpOnrDsemOkj9KMmVimESN2k6I0sKNUhwntMTXGx0nPNeKWG3g/ETzKF3VsYn8=` | +> | East US 2 EUAP | ecdsa-sha2-nistp384 | 01/31/2024 | `Q3zIFfOI1UfCrMq6Eh7nP1/VIvgPn3QluTBkyZ2lfCw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDWRjO+e8kZpalcdg7HblZ4I3q9yzURY5VXGjvs5+XFuvxyq4CoAIPskCsgtDLjB5u6NqYeFMPzlvo406XeugO4qAui+zUMoQDY8prNjTGk5t7JVc4wYeAWbBJ2WUFyMrQ==` | +> | East US 2 EUAP | ecdsa-sha2-nistp384 | 01/31/2026 | `Yv87+z8s9fDkiluM3ZkbsgENLGe48ITr+fnuwoG2+kg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAYVtgfJ36apFiv6gIxBa/q4n08flTyA0W0cGTsN0ot59nbl6pPCrRCfSByRtzgRY+id9ZOeuZTvN8VpPsZWOSfUOwxE0/GC2c9kS0F4SrFzTALaMY6pY3/GhMrQelAmFw==` | +> | East US 2 EUAP | rsa-sha2-256 | 01/31/2024 | `dkP64W5LSbRoRlv2MV02TwH5wFPbV6D3R3nyTGivVfk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC3PqLDKkkqUXrZSAbiEZsI6T1jYRh5cp+F5ktPCw7aXq6E9Vn2e6Ngu+vr+nNrwwtHqPzcZhxuu9ej2vAKTfp2FcExvy3fKKEhJKq0fJX8dc/aBNAGihKqxTKUI7AX5XsjhtIf0uuhig506g9ZssyaDWXuQ/3gvTDn923R9Hz5BdqQEH9RSHKW+intO8H4CgbhgwfuVZ0mD4ioJKCwfdhakJ2cKMDfgi/FS6QQqeh1wI+uPoS7DjW8Zurd7fhXEfJQFyuy5yZ7CZc7qV381kyo/hV1az6u3W4mrFlGPlNHhp9TmGFBij5QISC6yfmyFS4ZKMbt6n8xFZTJODiU2mT1` | +> | East US 2 EUAP | rsa-sha2-256 | 01/31/2026 | `0b0IILN+fMMAZ7CZePfSVdFj14ppjACcIl4yi3hT/Rc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDE45HQiHTS8Vxs6ktkHVrDoWFYnDzTOFzVF9IE0EZp/NMVIqRSnveYyFcgWtg7AfG648DiPsEar3lHmcGKT5OxGJ7KGP6Z8Nd1HxWC75j59GDadLfkuJyFLnWuSQIyiLV9nsDgl2e/BQ4owhHZhlSUCBlsWkECBaACptS5AvWG5CQN6AQnR2L0CEEjPPUSPh6YibqHCITsCAAduH1N8S2B+xj+OqPLpEqbIUpF6aEHggMrb9/CKBsaRzN9LXXIyJJ2Rovg54bkTUDhQO80JnGzCWQvqT1JX4KSQcr0KzkzoOoPLwuQ6w0FxP3UD+zPLYi2V8MNlW3Xp86bNHoUDfhR` | +> | East US 2 EUAP | rsa-sha2-512 | 01/31/2024 | `M39Ofv6366yGPdeFZ0/2B7Ui6JZeBUoTpxmFPkwIo4c=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC+1NvYoRon15Tr2wwSNGmL+uRi7GoVKwBsKFVhbRHI/w8oa3kndnXWI4rRRyfOS7KVlwFgtb/WolWzBdKOGVe6IaUHBU8TjOx2nKUhUvL605O0aNuaGylACJpponYxy7Kazftm2rV/WfxCcV7TmOGV1159mbbILCXdEWbHXZkA3qWe4JPGCT+XoEzrsXdPUDsXuUkSGVp0wWFI2Sr13KvygrwFdv4jxH1IkzJ5uk6Sxn0iVE+efqUOmBftQdVetleVdgR9qszQxxye0P2/FuXr0S+LUrwX4+lsWo3TSxXAUHxDd8jZoyYZFjAsVYGdp0NDQ+Y6yOx5L9bR6whSvKE1` | +> | East US 2 EUAP | rsa-sha2-512 | 01/31/2026 | `pv4MPlF/uF1/1qg6vUoCGCTrXyxwTvTJykicv0IIeZA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDu64NcnMdsh2vvxfC/2PtYXRYk5IoGB1PSXkrbqov5VllVbJAF9du9V4ccHoLVppux2W1jDlFQ7E+TdOT/hnwmnQurUTAvW355LPG0MtUFPcVCEfEPbxKuv7pxCPKZAWUpMX1aLbmEjt3CX157dtKMhmOkyExLRWu4Ua65LrqpGlKovg8Pzuxc/k6Bznxmj++G3XbHv82F3UXDsXJvUOxmF6DiuDuRWBUIwLGBNJOw2/ddyan34qK2fPBUP+lPSrucinG4b+X7aJHFhTt1E6h9XBs8fYp/9SIZ6c6ftQ/ZbET66NRSS7H7D72tSFJI5lhrKCeoKU/e0GAplSEiPNLR` | +> | France Central | ecdsa-sha2-nistp256 | 01/31/2024 | `N61PH8SVCAXOq7Z7eIV4mRnotafmNoPrpc+TaLxtPX4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK3UBFa/Ke9y3aLs1q1b8gh/tXiS7lpOTzUiDFpXdbq00/V9Ag+v2z5MIaicFdum9Ih4fls1Mg07Ert16bi5M8E=` | +> | France Central | ecdsa-sha2-nistp256 | 01/31/2026 | `p7eHtX2lbIqu06mDFezjRBf7SxlHokVOC+MdcpdO2bM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKtYOFWJFlknTvpl2XpxYMrkb0ULCF+ZfwVxwDXUY3zIMANy0hmbyZ73x15EwDP3DobilK149W570x3+TAdwE7o=` | +> | France Central | ecdsa-sha2-nistp384 | 01/31/2024 | `/CkQnHA57ehNeC9ZHkTyvVr8yVyl/P1dau2AwCg579k=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBG/x6qX+DRtmxOoMZwe7d7ZckHyeLkBWxB7SNH6Wnw2tXvtNekI9d9LGl1DaSmiZLJnawtX+MPj64S31v8AhZcVle9OPVIvH5im3IcoPSKQ6TIfZ26e2WegwJxuc1CjZZg==` | +> | France Central | ecdsa-sha2-nistp384 | 01/31/2026 | `kbK8Ld5FYOfa+r1PnKooDglmdzLVGBQWNqnMoYOMdGk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBF8e5s445PAyVF3kgnPP6XoBlCUW+I6HCcQcC+xRti9OTciBAQReKX9c39J15Xoa6iSWuQ0ru9ER5UzXS+bjzhXBKXOmgAcR3/XEJMonjS2++XMldlGhgt1c4hEW3QQGVQ==` | +> | France Central | rsa-sha2-256 | 01/31/2024 | `zYLnY1rtM2sgP5vwYCtaU8v2isldoWWcR8eMmQSQ9KQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDCmdsufvzqydsoecjXzxxL9AqnnRNCjlIRPRGohdspT9AfApKA9ZmoJUPY8461hD9qzsd7ps8RSIOkbGzgNfDUU9+ekEZLnhvrc7sSS9bikWyKmGtjDdr3PrPSZ/4zePAlYwDzRqtlWa/GKzXQrnP/h9SU4/3pj21gyUssOu2Mpr6zdPk59lO/n/w2JRTVVmkRghCmEVaWV25qmIEslWmbgI3WB5ysKfXZp79YRuByVZHZpuoQSBbU0s7Kjh3VRX8+ZoUnBuq7HKnIPwt+YzSxHx7ePHR+Ny4EEwU7NFzyfVYiUZflBK+Sf8e1cHnwADjv/qu/nhSinf3JcyQDG1lN` | +> | France Central | rsa-sha2-256 | 01/31/2026 | `j6w0LC+jzdLP0PmukCCModkIXidTNnprrKSTOmTCtQg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCmTBRuLwUDIMWtwgvsmwymYlCEg3N/uO6OpXnLQe59W7zZ1FeMN5uifWGvykHyJnkg15MZyQOsWkzhE3ERijY+iuzAVz8gcYjTlXmKNr3nIqJpC1W8/2OH43zdsxss6qTi0IpOY4ZWKH9Y/tP5ebpT6nzF7n7ETqkvnuFmKtvZgYkbxV8IS65DsRVhaN4FOAR3lVdYyKgkPkxGOaucfR+KOstE48YU8270ivyu2P1cCy2WYXa9ensw8e0VKOyLjPaiK/hFpLreEFBAM37eFeHJui5qha0EWR7byDzo+DXpaKJTd/aIXxBn/alhMoqBYt6A2CeAYEjTEZcQ4tssJ7Ft` | +> | France Central | rsa-sha2-512 | 01/31/2024 | `ixum/Dragma5DAMBzA/c5/MY02FjUBD/gI8+XQDzJvc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDjTJ9EvMFWicBCcmYF0zO2GaWZJXLc7F5QrvFv6Nm/6pV72YrRmSdiY9znZowNK0NvwnucKjjQj0RkJOlwVEnsq7OVS+RqGA35vN6u6c0iGl4q2Jp+XLRm8nazC1B5uLVurVzYCH0SOl1vkkeXTqMOAZQlhj9e7RiFibDdv8toxU3Fl87KtexFYeSm3kHBVBJHoo5sD2CdeCv5/+nw9/vRQVhFKy2DyLaxtS+l2b0QXUqh6Op7KzjaMr3hd168yCaqRjtm8Jtth/Nzp+519H7tT0c0M+pdAeB7CQ9PAUqieXZJK+IvycM5gfi0TnmSoGRG8TPMGHMFQlcmr3K1eZ8h` | +> | France Central | rsa-sha2-512 | 01/31/2026 | `DbtqsAbpqaqaGigg2nSDFt0QvDIwOHh/xiu95Dm+Bu0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCmPUn9acrOhsAEukuCiq8WIJkEOJ/iOvaEvTzp4+UsqljpAgIYsUcPwkBQ3nd+nIcYDEEtzHt7/eHdYa5zETNXcz/EGQevQ2PXbwPB8dEN5L5whCqbwpmPDdLufunlwfV6g1Gkb+WmzNM88fYBObr6rf1xMtZy3mUFak4LH3umPmmMqhFnY9Efu8kP1MQYyZSLUNm0Zr3U8Werv+IJ8Ta2SBSpsoMZLCvuSbk4/o60J9n6XOpxNTitxoWea9lcjEO1TLqeU1G6MN7MpqDxVl21IuSeRS/b+62jYoCUtHxfjvT7Ha7lynJqZp9AzgGMSIS/RUbgToWUXUVbewdSMZN1` | +> | France South | ecdsa-sha2-nistp256 | 01/31/2024 | `LHWlPtDIQAHBlMkOagvMJUO0Wr41aGgM+B/zjsDXCl0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHdj2SxQdvNbizz8DPcRSZHLyw5dOtQbzNgjedSmFwOqiRuZ2Vzu88m2v5achBwIj9gp0Ga14T7YMGyAm04OOA0=` | +> | France South | ecdsa-sha2-nistp256 | 01/31/2026 | `+qtS9kC6bH8V11bQ1q9Zp9cr/gxuBNLenatWKZxOKEY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJS89KMD/L7ufMFlk+LJYWLUc6aHEv/QL3q8xUiqiHHy//Nh2wFyX8GYX0BnFQ3ayR5g6ImuL41up3ndHTWVHgc=` | +> | France South | ecdsa-sha2-nistp384 | 01/31/2024 | `btqtCD/hJWVahHWz/qftHV3B+ezJPY1I3JEI/WpgOuQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBB2rbgGSTtFMciVSpWMvmGGTu8p1vGYfS2nlm+5pAM85A4Em1mYlgHfVZx+SdG5FSYcsX4vTWt4Yw2OnDmxV3W0ycrKBs4Bx3ASX4rx3oZezVafHsUUV0ErM+LmdmKfH8g==` | +> | France South | ecdsa-sha2-nistp384 | 01/31/2026 | `wrbZPGvf6DwF56hIpZqZ90YJli1bTCMg9RgDC1VJtQ8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLkQCx9DbWnJKUN+D6Kw4IaX3bZX6+ggzWFOn+MTf5GI+9musoQOo9s3bpWkl10QJ3H3lwQTbXuYoV7e2m8ZeHwA7P6Ou/ta4TDV02L5lYErcXAbRh2ZtlhLPfHj4ZI65g==` | +> | France South | rsa-sha2-256 | 01/31/2024 | `aywTR4RYJBQrwWsiALXc1lDDHpJ34jIEnq3DQhYny0g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDELY4UcRAMkJpEBZT40Oh5TIxI6o6Enmlv+KxWkkcyFcNJlFtaF2Hl+afWlysrg+lB5Un4XpveWY64pl7a/dSju7aPfujcXowELIPqFSoWW7xQ+jkfJdyI0daa0l2h2oNCPqWnx8+04Vx5kcb2GktlNG4RMLx7Q6COJgQ3pGHtyfZ5fnmrWNBsuv4mvsXp0u1KGWX6s2LZtO+BpKE6DegSNLMVapAZ0ju8pagqtm6aeWEtqmkAvsI0U31qhL25FQX4DzjIbGzXd6I25AJcSXcpnwQefsaOwO/ztvIKeIf3i/h2rXdigXV1wyhvIdKm1uWwj6ph4XvOiHMZhsRUe02B` | +> | France South | rsa-sha2-256 | 01/31/2026 | `FIwqrEbTl1XZIJ66T077NRnLmaQ0d8975yZvTmnjfco=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDN9ZUTUNi9mbqb2UVvOr/DtMiGx70OVWpoYa9jQ5hGklnqo4vy+Yoq3RFhNjHcI7u2jHG3hxvbl` | +> | France South | rsa-sha2-512 | 01/31/2024 | `+y5oZsLMVG6kfdlHltp475WoKuqhFbTZnvY0KvLyOpA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDmsS9WimMMG95CMXFZiStR/peQU1VA6dklMbGmYwLqpxLNxxsaQuQi6NpyU6/TS8C3CX0832v1uutW38IfQGrQfcTGdAz+GjKverzaSXqZGgTMh/JSj06rxreSKvRjYae596aPdxX5P+9YVuTEeTMSdzeklpxaElPfOoZ7Ba5A2iCnB/5l/piHiN8qlXBPmfGLdZrTUFtgRkE4Ie4zaoWo19611XgUDMDX4N4be/qilb95cUBE73ceXwdVKJ3QVQinZgbwWFUq0fMlyd8ZNb9XN6bwXH7K6cLS6HYGgG6uJhkYSAqpAZK2pOFn3MCh8gw2BkM/Rg+1ahqPNAzGPVz9` | +> | France South | rsa-sha2-512 | 01/31/2026 | `aYRboL5Mv0zr/aVeHgcc7NNL4uns0maI42L1dpJtEec=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDyPA0QlBL1HJuH6OlXJfJb9I5vZ3JIw9faZQaRs2PPuOJga53gfXGP04CFeRPcKcXF0lGeqEPOlRwYsZmZzla1+0BhSzuF5kVhMLAG4RCOJeBaQjvqZjud/NSGAoxdg5eB9KaSUTa7BREmErLBpdHQoLtDpD2/bTTKnOU+0tKR7xYlDZ9erHhMCCNYDOrNrTuN4eYldl11UJqUQbdXCXkaMzGVU6r2UmCuS9Iwcv5XywNa1Tz+ff7AjmkKBBwVF0SEvoYMnUIQdDWE/cZEIh21Skha6lXnzb6ll6ZufnXJNwu3i6Sg5tZZBDuB4Y7c2cRzJUqPpn8NrvOO53vdjAn5` | +> | Germany North | ecdsa-sha2-nistp256 | 01/31/2024 | `F4o8Z9llB5SRp0faYFwKMQtNw/+JYFKZdNoIuO7XUU0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMoIo/OXMP7W5a5QRDAVBo+9YQg4YBrl3J7xM91PUGUiALDE1Iw8Uq4e1gLiSNA6A46om5yY/6oGj4iqEk8Ar8Y=` | +> | Germany North | ecdsa-sha2-nistp256 | 01/31/2026 | `odPSs4vy9uet5z7+51SloNw0Ne6wtB3NkRVLjB8r1QM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBYiTtKvQ4VmbpcOL1hyuKJ/oaQc1OIL/OwkG1Gfud9jo47RIvSdykw/xecSuOTpOdTMQMd2gkifTfm8r3ZWLNU=` | +> | Germany North | ecdsa-sha2-nistp384 | 01/31/2024 | `BgW5e9lciYG1oIxolnVUcpdh3JpN/eQxfOyeyuZ6ZjI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJ69kH0urhCdcMMaqpID2m+u8MECowtNlYjYXoSUn6oEhj7VPxvCRZi5R02vHrtrTJslsrbpgYHXz+/jSLplKpccQGJFaZso9WWgEJH1k7tJOuOv0NIjoBTv7fY5IxeAvQ==` | +> | Germany North | ecdsa-sha2-nistp384 | 01/31/2026 | `9mA6c1xpgusDregeaAx1ih62qFnx0N2STx6xnfRjMZs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIDOLp9njrEr4Ophu5Kr0wkUc+IZ/H0GOka9FHmVXALpHTuaquw3ZmRiiG/YjiqCBt6/CQFFvkPwsU1yBpLTKBKF15o+xa1d3wetb67W37UthzwrtIYiN8Z7mZmJT/R7rg==` | +> | Germany North | rsa-sha2-256 | 01/31/2024 | `ppHnlruDLR73KzW/m7yc3dHQ0JvxzuC1QKJWHPom9KU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNNjCcDxjL3ess1QQEkb9n5bPYpxXpekd32ZX4oTcXXFDOu+tz/jpA8JZL8lOBAcBQ5n+mZF0Pot1o+B1JxQOHHiEZdcdKtLtPWrI2OQyxZnvo7sCBeSk+r/j3mjqpvq3+KpwoTZKpYF/oNRXVHU4VFs+MzvqWd6vgLXsDwtJrriojtkrWy0bTa4NjjN/+olsITxDmR0TGAu+epCJptdpKjTcgcn25QuIKy37/zVW8BJ5QsZmIRwvlCYxj11UOAoDcbapJcnzJYpOmQTNpdzkazjViX17DZW17Jmfhc6Dk3H+TEseilkbq1ZjsUyGBBxklWHid7+BgKVXOoIgG6+0x` | +> | Germany North | rsa-sha2-256 | 01/31/2026 | `IUZdXfD1QRH4EQ9QaPlKrPd9/2TTJpPBQfBl4HUhn0g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDIsaKq/gZdm+3+01ASAn7/TBEUkLGD54KRUjdVTcMwM+9i0s30YIC/ikNqoawIeWO7/DbU2DeL4cAarYR83X2QY51JCRVHQ1+jZ533EYcxRgqs5c1sDmIacfvzoingaRL4ZFwLJNkSY0zHfLnxVwm02qPexwTAmcHGqhYdO87uPjwni/sjL5SFnQV4hssBuEd0OFVzcNfkavkWXgLqT9yi8m/bsBVcS/L4slZkLpmgRI8PTdGoIwQGp3mUf81RFZpTm8l0SWQiNIN65a5rRY1nw4DhSlGSoiel0FRm0po7O6qG6MvRnkjj58zKUj0G+Ka19O5rj3/aCgRrT1+LBVLd` | +> | Germany North | rsa-sha2-512 | 01/31/2024 | `m/OFTRHkc3HxfhCKk1+jY1rPJrT9t4FYtQ/Wmo3MOUE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDkN3CN1VITaHy/CduQaZIkuKSC/+oX19sYntRdgCblJlIzUBmiGlhmnKXyhA29lwWWAYxSbUu0jEJUZfQ6xdQ4uALOb815DLNZtVrxqSm4SjvP5anNa7zRyCFfo4V8M4i6ji6NB+u+PwH5DOhxKLu6/Ml9pF8hWyfLRft8cg4wORLLhwGt2+agizq7N7vF2nmLBojmS0MMmpH5ON/NFshYIDNKPEeK9ehpaARf4fuXm440Zqzy/FfpptSspJIhbY2zsg4qGQgYGZyuRxkLzYgtD/uKW5ieFwXPn+tvVeVzezZTmGMoDlkPX18HSsuNaRkdnwpX8yk1/uoBCsuOFSph` | +> | Germany North | rsa-sha2-512 | 01/31/2026 | `KG2CjBBKyCg7Iur1Qt+7y33ELYfF0M6/uHbuuoAJ2YU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDQj4T+NzUUmIKF+N1tKsA44u+Bjsx4nIzwhAJPdq7YzbvtDyVD/Lkm7fCIsVMLcKzRCuIVM/5g+aer4LvfuHtR8jqtZNJvFAbwsBSOat18mzWS+KpB0G9iW8QQlXcCnXKgatUYhAoXabHQDF7Qbv5Ap/ImMyt4Y5wN8OnuSOBU3nPKnDYxt/kfxNoY5F8wVigcT399QwBUnr9l6+cuXJ3janPBfuf9/o1SPvBj4ePg7JoZ8EXM7q8ruRRXv52NmKytFJgntnJvH8nRq0Hz3D3IchXAHhhp1VlmphwVo79f4LWbZtb0dkcDDE9ZjqIX2ozt4jrd8/JiTL4/l8iy13yN` | +> | Germany Westcentral | ecdsa-sha2-nistp256 | 01/31/2024 | `Ce+h+7thT5tt75ypIkWZ6+JnmQMZEl1N7Tt3Ldalb64=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBmVDE0INhtrKI83oB4r8eU1tXq7bRbzrtIhZdkgiy3lrsvNTEzsEExtWae2uy8zFHdkpyTbBlcUYCZEtNr9w3U=` | +> | Germany Westcentral | ecdsa-sha2-nistp256 | 01/31/2026 | `xWozWbLHPncCcUxRb2j/u4l1LDno211Ajbqs0InLmdM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA8dcmahsTDwh9DKlrRp8FeSfkH9Y8RGKtqPrpog4plwRUJPcC8DUzSeZfYEvsgOTPfhvTIrj/jW+VZRjCQ9OPM=` | +> | Germany Westcentral | ecdsa-sha2-nistp384 | 01/31/2024 | `hhQQi2iRjSX5d9c+4714hAFvTA3c63+TGknhuQi7Tss=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDlFF3ceA17ZFERfvijHkPI2Na1wuti9/AOY5E/bDvZfP08kkmYTb9Ma6omhB0dHR6e1CmRJfKmFXfTd81iVWPa7yXCxbS8yG+uNKCuHxuNv8hFhNM84h2727BSBHBBHBA==` | +> | Germany Westcentral | ecdsa-sha2-nistp384 | 01/31/2026 | `xmc+FeL+8s6nBwqEwp5guKLSHYOaWzYvTslXXxUJzfU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNeYkR7pPXK9/7tOyoKEymkz4nGROeqyZN9hWAO/R+0GhTp202EGapq76jCfMx7hv4ZbtLXYjJSSkc+vgVNjCy7ZUy3DAa9j/yv94659nPpRnvJbOcW0F1QzXDS3luhD8w==` | +> | Germany Westcentral | rsa-sha2-256 | 01/31/2024 | `0SKtGye+E9pp4QLtWNLLiPSx+qKvDLNjrqHwYcDjyZ8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDsbkjxK9IJP8K98j+4/wGJQVdkO/x0Msf89wpjd/3O4VIbmZuQ/Ilfo6OClSMVxah6biDdt3ErqeyszSaDH9n3qnaLxSd5f+317oVpBlgr2FRoxBEgzLvR/a2ZracH14zWLiEmCePp/5dgseeN7TqPtFGalvGewHEol6y0C6rkiSBzuWwFK+FzXgjOFvme7M6RYbUS9/MF7cbQbq696jyetw2G5lzEdPpXuOxJdf0GqYWpgU7XNVm+XsMXn66lp87cijNBYkX7FnXyn4XhlG4Q6KlsJ/BcM3BMk+WxT+equ7R7sU/oMQ0ti/QNahd5E/5S/hDWxg6ZI1zN8WTzypid` | +> | Germany Westcentral | rsa-sha2-256 | 01/31/2026 | `e4CL5Qok5VjcACFdiDXM39iG1fo44+YgnnMi3vEx2Yg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC/A1RmHi6Y4m61EAVN7piQKZVs0qvGc2bRd1rhm0ZyRpqYVuxYnHQplw+f2KVlUnceZJq2fd7X0riW8zjY7AU3Xltb7w2j2IRI26Zut/sIm3oFhhYO6mrceqRxTD4pJk9WwjQulrD4TUL8OB34t9Y4Y3Uqd2YPllBiWca3vQS5QWDN78xqZqYpOxqtGExJ87YvJjs0v0sqhsnfOioXhuuD1V6dFIgGG480lhqOX1WUTzF8kU1yOqanbCY4cyZht2++eBQ6OtF7k3fMLjJWxXSwhg5Qlzr0ickpi9mcDYEi6um0hHvI8J3U2vquT+9nMnln2BN7+q5v3TB1O41+QCxJ` | +> | Germany Westcentral | rsa-sha2-512 | 01/31/2024 | `9OYO7Hn5p+JJeGGVsTSanmHK3rm+iC6KKhLEWRPD9ro=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCwrSTqa0GD36iymT4ZxSMz3mf5iMIHk6APQ2snhR5FUvacnqTOHt3xhMF+UwYmGLbQtmr4HdXIKd7Dgn5EzHcfaYFbaLJs2aDngfv7Pd6TyLW3TtSgJ6K+mC1MDI/vHzGvRxizuxwdN0uMXv5kflQvnEtWlsKAHW/H7Ypk4R8s+Kl2AIVEKdy+PYwzRd2ojqqNs+4T2tPP5Y6pnJpzTlcHkIIIf7V0Bk/bFG2B7r73DG2cSUlnJz8QW9pLXIn7268YDOR/5nozSXj7DinVDBlE5oeZh4qkdMHO1FSWynj/isUCm5qBn76WNa6sAeMBS3dYiJHUgmKMc+ZHgpu6sqgd` | +> | Germany Westcentral | rsa-sha2-512 | 01/31/2026 | `sDXbCz8K9IsknWgFHjlZHmhB9ecW65qVdaXNK9Wd/lc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCYVSqdP8Q4I0uY0sNh8BXoB8bDmP5YKH3cfcssdgnB+hSyjVcEkCXWzs2uS36sKPmPSwcIj1jsE2W+r8YNdP8jid82PZYzufWf9WeVMM+vCT91m7Xkugla/pKsLzeua8ZmbBAqIIac7RsPDmNxhcvjNS+NCSzG/dr4y2YIpQ/nXM4w8e/MUqyJDaf8uMkE5/GFUN6l86miqUF4PQzvZlaxcsaB17TMa7y/01tLuHDlBzmnwBss4+5ZJut7qH5w9o2U+n06m6NB0wFpDEfXwPdREICDCBzyMtMeJ7i7Wraop3q2d1YRsjZNIskbbEIIwS/awHi9+6+tkZGOXbgqC6bB` | +> | Japan East | ecdsa-sha2-nistp256 | 01/31/2024 | `IFt/j4bH2Jc0UvhUUADfcy3TvesQO+vhVdY4KPBeZY8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKVq+uiJXmIlYS367Ir9AFq/mL3iliLgUNIWqdLSh7XV+R8UJUz1jpcT1F6sJlCdGovM3R5xW/PrTQOr3DmikyI=` | +> | Japan East | ecdsa-sha2-nistp256 | 01/31/2026 | `hNki347+AC3wa6Yp1qgRfxFQGku65fd3VM13B675RCA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJBYLB2TtVhVnWaLtOUts6Txhtle6v0ws60hXE3NvjFf+vHYh0yhDorQhiMHY6uDjXwS3TUOXQTcjLsBh7Ln9t0=` | +> | Japan East | ecdsa-sha2-nistp384 | 01/31/2024 | `9XLsxg1xqDtoZOsvWZ/m74I8HwdOw9dx7rqbYGZokqA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFh7i1cfUoXeyAgXs+LxFGo7NwrO2vjDwCmONLuPMnwPT+Ujt7xelTlAW72G3aPeG2eoLgr6zkE48VguyhzSSQKy7fSpLkJCKt9s0DZg2w0+Bqs44XuB43ao6ZnxbMelJQ==` | +> | Japan East | ecdsa-sha2-nistp384 | 01/31/2026 | `kQPmkwILyGO/5ejgfg+0D1WeI4Ax+e1UZ31+jKqxclg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGVsoOV31Dv/BYpp8cW+sReXE4nK84wSOhNmK6MmQyTgCSh5msHcnnPBQP0RpptaKUm+qtZSLPXJTEU7AteUm4UllN00YL2uOsgVWC3+oidsq4Tc6jRKp9shY4ivzCb+Cw==` | +> | Japan East | rsa-sha2-256 | 01/31/2024 | `P3w0fZQMpmRcFBtnIQH2R88eWc+fYudlPy7fT5NaQbY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCZucqkz4UicI20DdIyMMeuFs+xUxMytNp7QaqufmA2SgUOoM387jesl27rwvadT6PlJmzFIBCSnFzjWe5xYy3GE59hv4Q3Fp3HMr5twlvAdYc5Ns5BEBEKiU0m88VPIXgsXfoWbF0wzhChx8duxHgG4Cm+F8SOsEw/yvl+Z/d42U9YzliQ1AafNj4siFVcAkoytxKZZgIqIL4VUI322uc93K5OBi9lgBqciFnvLMiVjxTWS/wXtVEjORFqbuTAu/gM4FuKHqKzD1o39hvBenyZF2BjIAfkiE6iYqROd75KaVfZlBSOOIIgrkdhvyj9IfaZFYs3HkLc7XgawYe6JVPR` | +> | Japan East | rsa-sha2-256 | 01/31/2026 | `4NqHhLFmWOkUDU093AFLCRYxx1gp/wIIQQErFkfQuoE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDR8dvjRiVZYNYEemBmSWFdspEs5IwiZ7WB04o4XX8cgnvt0pb9tGxI+KypqcXnocBSZtSTC6dQ+kLVKJJ0AcL7WmCMk98biFj+E87/LQuEU2UifdYygwWqK+9oWtY4drFIPcU8GWWqxf/vhXUAwHf1mFiuEpbO4MHWGZfJTdbU2zlBt1nOj9mftl4s1SeoTzd3ndpja1wnK/wmPTDNbE77eSf6Y52W3p16BjdL76A/7IjZPufPbimNLzyKAkSlXiaZApHMxsb3+RmL9V93c2yGnbZAd27zT8UlDxXM1tIG1/TiKKQvU9ER5l0JU+YKRIMatr5rTOjeGO4ROrGap+El` | +> | Japan East | rsa-sha2-512 | 01/31/2024 | `4adNtgbPGYD+r/yLQZfuSpkirI9zD5ase01a+G7ppDw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCjHai98wsFv0iy+RPFPxcSv8fvTs3hN/YnuPxesS21tUtf0j5t8BTZiicFg6MLOQJxT4jv5AfwEwlfTqvSj3db6lZaUf/7qs/X9aN1gSoQNnUvALgnQDYGjNYO8frhR7S0/D/WggQo2YKMAeNLRScT7Pg/MJaOI12UhoUloCXbTAP1c85hYx0TGKlGWpFjfen/2fwYEKR1vuqaQxj+amRatnG+k18KWsqvHKze8I2D19cn5fp2VkqXzh6zQ1s5AMc5B9qIF48NIec9FAemb9pXzOoYBDFna0qNT4dfeWOQK6tM/Ll10jafaw2P32dGBF8MQKXB2sxtcC0nU4EEtS5d` | +> | Japan East | rsa-sha2-512 | 01/31/2026 | `Y4mVSJoE0kk6/kJ91yxyavlrDpMcB4pbRjk6yn/foHM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQClNQuyH42xrN5BODWQLLTmQZHQsQOqtAJtZ3sq6H/O1WgeFjCYAO0vxtTrtZlD6KO6NIssxZuspomQAcEkJ2mhc0dgtXNLlK2MLdqUElbb9knZR2+2K0+K9uehznRHCPiTxv9q3Dy3IzIb8zA0Ol4kIzo3Px+AkjfQLaLURLM+M5ZnL2CAiYQUrxBIxqO5mCwyLEWrJikwcI87WrkiZ8uorrXbE/ocMuCggTxuuuUUGuGWreHeNd7Cz6AAcdqz50cY7Yd5mm/9nnvpRdYmNjI/so6l9SzXqg6y7+tjEu2IEA4CyPKTg+qIm1tujFjbYs/JlTaOX0VP5fBs4qnED70B` | +> | Japan West | ecdsa-sha2-nistp256 | 01/31/2024 | `VYWgC6A4ol1B7MolIeKuF2zhhgdzQAoGBj5WgnQj9XE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFLIuhTo1et/bNvYUj+sanWnQEqiqs9ArKANIWG19F9Db6HVMtX8Y4i7qX6eFxXhZL17YB2cEpReNSEjs+DcEw4=` | +> | Japan West | ecdsa-sha2-nistp256 | 01/31/2026 | `ybrCO0nkrCspDE3iuezYA12jWmjgD72XcLDIlK3ejZY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNb8liGv9bPJAXwukCHD43nqpax24eQDM31YjEdJ7vhnvpBS3fvtfrth4FLspqGQcnWLZuyI8oZKHLrrg5pXMOE=` | +> | Japan West | ecdsa-sha2-nistp384 | 01/31/2024 | `+gvZrOQRq3lVOUqDqgsSawKvj6v/IWraGInqvqOmC6I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBD3ZiyS1p7F1xdf6sJ3ebarzA5DbQl1HazzLUJCqnrA84U8yliLvPolUQJw4aYORIb5pMgijsN3v9l0spRYwjGHxbJZY/V6tmcaGbNPekJWzgXA1DY35EbFYJTkxh/Yezw==` | +> | Japan West | ecdsa-sha2-nistp384 | 01/31/2026 | `nC2vSR9tS0m6VM8HmfAYIGKLHHATc35MFKtFmqT3JPg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNY0L4vz17bEi6V5ww9oL2YVtJ2yov/xGhKXN7UCiGE+iivz0gkcsCmCgNjE/GjpJ6ClwvOTnKJihnq6n+NDVoshsFO+LfoorwdVMhszhH/fbIV4x09vrNZWl8twA8L5Iw==` | +> | Japan West | rsa-sha2-256 | 01/31/2024 | `DRVsSje7BbYlVJCfXqLzIzncbVU4/ETFGzdxFwocl8E=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDl/rlTgQpomq4FmJKSR2fjgAklV818RcjR/e/C1VUJVpbntJoWUlBhKYDFPTVQaHXDTK5HyJU5APsdy6CJo8ia32qc2E/573LDNk4dgFFrh+KFRiD+ULt3IH15i1DieVw61MAVOvzh+DmTJHPLaTufXoQ62YACm3yC1st1kXv4bawfXs0ssmeqrBcCOQvMvW/DexnnGXO6QXYTcjUktNrO2h2dd355n5FP4fcsBEdGmfT79HYPM6ZoqkItRZEO6Nel65KxtenAwQub8SK3iJgFyJwd3zIH4OCHp3z4tcGXw5yNAX15dJMSnls0zvzhx0f4ThwfgB4t1g9jVb47Ig7B` | +> | Japan West | rsa-sha2-256 | 01/31/2026 | `P1paDhO48HuP5smazNHhse4IOsvNbsXkiX0wCYy7FAE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC8we/tpjgMEjmd+iyVNJWErV69vABxcnEflMamhvyidR4XO1E0xVbCUzLkeMk0h2f6ICXCk6NRpY8A6lPp37QGYY+7gZqyNKXgOO5OBGVyTb1bzafP2q38lEi7LSkcA1fYXRfSlrGFktCFkCa5dpKzWxr3F8jvQPIukWUuvAVVbQpamL93jmlIIewNcqrom6oGgU8ehKPcnhONY84DNMJs0b3krksPOC1lk36QptpZtUCUA112X+XU62f7O+99PKrjVMGzjzrQkjs8dOyVUNc7LACafo9uslxZW8wsaKibuERWunDdXlC4S8pDlfwmXaoJMWlOZXJnUv1uwgc8SaJF` | +> | Japan West | rsa-sha2-512 | 01/31/2024 | `yLl9t2jlkrTVWAxsZ59Wbpq+ZCnwHfdMW8foUmMvGwI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC9zrpnjY7c0dHpE1BMv+sUp+hmvkBl3zPW/uCInYM5SgtViSQqn/DowySeq+2qMEnOpHGZ8DnEjq55PmHEumkYGWUUAs38xVGdvRZk6yU7TxGU42GBz0fT/sdungPHLQ2WvqTZYOFqBeulRaWsSBgovrOnQEa2bNTejK9m353/dmAtKHfu68zVT+XYADrT3PY5KZ1tpKJA0ZO9/ScUvXEAYs20WSYRZBcNDoSC9xz4K8hv9/6w3O3k0LyBKMFM5ZW8WVDfpZx1X0GBCypqS+RNZuVvx81h3nxVAZSx80CygYcV4UHml7wtnWDYEIBSyVRsJWVNGBlQrQ4voNdoTrk5` | +> | Japan West | rsa-sha2-512 | 01/31/2026 | `RWw7+FvEvquzP8KS0w1UrHkrNhmm9OKP12MujEWgpAU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDO3u8afk9VvwkvpebBX5yDl992D7SPS+4Pt5NreLgHY2UBvMEyx79PS9vuQXEE1Iv1dh3adbY15V50ZDEILbRe8DaIPNXRHVj0QK2AOIO3h8MJrsuGQk9c2p8LiJx+lCMzYf0xgD7gbffEwUfUG2d0qBcuomgfBzuX7i1kEJetliwOS79Df2OfeLlFfvPUMO5mSVkd2AF38jyl6aOqDu17yofQxDTHhUdaSpniT+tbc6IJin6WDZFHMipb6FQLmiQcJSbAxaQUzf1/XAbndz6qES5wThm+pg73nYhB6ynPqX5VOVOP/t0ZVkkv9rcQ94c7omY6hSrNhUXWq/VouJLt` | +> | Jio India Central | ecdsa-sha2-nistp256 | 01/31/2024 | `zAZ0A1pk0Xz8Vr/DEf8ztPaLCivXxfajlKMtWqAEzgU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDow29ds+BRDNTZNW70CEoxUjLiUF+IHgaDRaO+dAWwxL13d+MqTIYY4I0D7vgVvh0OegmYLXIWpCdR8LvVT7zA=` | +> | Jio India Central | ecdsa-sha2-nistp256 | 01/31/2026 | `F4I61T+soC7yfrE9ZUPLtRb2ZoQozdboHwP23xQ+Y5g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJFSwEH2udhlvtUayxa++ajapReFdnuqtAzPVZtQa/LDt3Je5J3JW5GUqIUdO3GFAFXss32UAxYOC1teT5B1gew=` | +> | Jio India Central | ecdsa-sha2-nistp384 | 01/31/2024 | `OTG7jxUSj+XrdL28JpYAhsfr6tfO7vtnfzWCxkC/jmQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJ/Bb3/3u/UIcYGRLSl7YvOObb43LO5Ksi0ewWJU+MPsPWZr7OTTPs76TdwXMvD8+QuY8U9JxgQQrNmvbpabmbGENkllEgjGlev5P2mHy/IZZAUQhAeeCinCRvTsiOOoLw==` | +> | Jio India Central | ecdsa-sha2-nistp384 | 01/31/2026 | `HkXwB0/d+gziTWHE9tmdTeXqPOlGU5moOy24VZW/1R4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMjje4Bvw0jMsOUEhkD6mhzaeQILgDpjjkoV/16gqMd+VaMVdMP4fDyBR7cfbTo2N+lZDmdIrbdHfLlKGrNOYoQlSBL/ANBQfpnfyzEX+Z9Bsz5jE7CyXML7SQAVm3YYhg==` | +> | Jio India Central | rsa-sha2-256 | 01/31/2024 | `DmNCjG1VJxWWmrXw5USD0pAnJAbEAVonkUtzRFKEEFI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC/x6T0nye3elqPzK8IF+Q70bLn2zg4MVJpK3P6YurtsRH8cv5+NEHyP0LWdeQWqKa9ivQRIQb8mHS+9KDMxOnzZraUeaaJLcXI0YV512kqzdevsEbH6BSmy8HhZHcRyXqH0PjxLcWJ5Wn9+caNhiVC40Oks7yrrZpAVbddzD9y/eJfguMVWiu1c8iZpYORss1QYo7JqVvEB6pLY03NXWM+xti1RSs+C6IEblQkPvnT3ELni9T1eZOACi12KGZHVLU9n27Nyg/fPjRheYSkw/lkkKDG0zvIQ7jr/k8SCHGcvtDYwRlFErFdGYBlIE888le2oDNNoKjJuhzN6S7ddpzp` | +> | Jio India Central | rsa-sha2-256 | 01/31/2026 | `fZEtfkvGAXf7QhIJWDZB37fRATEkjjebgGDdXZvJTr0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDRGylVPtL0MgUInVkEgS8017YRvo/59b9+Of1weYoOz9ICLlRSuk32X/r8tXnhmWPsai2H/DoLxMTzS/PlvQGJ8jO/46DmL3r8uwkgPR73J/KFMSkg8GDYAWjMRrDs4ezkB+RVgW9iO9R6o6Abqj6yXrhlZ1YRMXCHXrkuI8tDefh8TmV2quxNAn3HM+Q11WqUh9BS7hXcY2J+RUn0R` | +> | Jio India Central | rsa-sha2-512 | 01/31/2024 | `m2P7vnysl2adTz/0P6ebSR7Xx8AubkYkex6cmD9C0ys=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDQHFDt8zTk+Hqh912v0U8CVTgAPUb8Kmuec+2orydM/InG+/zSuqQHsCZaD2mhEg8kevU8k2veF5z2sbko5TR/cghGg5dXlzz4YaKiNdNyKIGm2MdynXJofAtiktGhcB6ummctHqATfGSgkLJHtLvstzTVbVK1zgxXcB8hA52c2EPB1cN1TkAKEyiYNX7fKFe1EEPCxdx3fC/UyApKdD+D432HCW/g8Syj/n7asdB8EQqcoCT3ajh2wG2Qq0ZxjVbbrFImlr0VoTqLImJ4kZ9d2G7Rq2jqrlfESLAxKVDaqj+SjyWpzb3MHFSnwJZybCKXyTt+7BXpKeeGAcHpTs3F` | +> | Jio India Central | rsa-sha2-512 | 01/31/2026 | `TqQRg3js6McwK8pLUIzXtCuCCoDkHFmOJkF0P5Qy2T0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC5gg7SwMc7NaBDbEk5LSHZnfE7mx1qOhs8G5G53lC7A7q8vUF4RzWP0BE9mhKb/Wbx3G5PwgXGqE4yP2J2ohNYRudzB7LJyGNaDSWRkx9n0tyfaza3FuUrUKUTu8UKrMJzsQYhR6/3bNZjFkDTMbrhFmKU9k8/9MmpfAKNt74rAHH9PBVyhXvsFEm84J4wDdfi46gzLksV5XKYEuEz7GpTK4QhdXAYUOq8OOvWiDa2pP/dEiE6DfpPYEMrKtFG58D6hhamXDxo5PK8V1R8NFPQ3VgWZuVhYYwnslDq8a/QhRq3Q8HPUSxRKrwCQ9zs7HZxAtofpE1HTHOD11rcZJG5` | +> | Jio India West | ecdsa-sha2-nistp256 | 01/31/2024 | `mBx6CZ+6DseVrwsKfkNPh9NdrVLgwhHT4DEq9cYfZrg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPXqhYQKwmkGb8qRq52ulEkXrNVjzVU4sGEuRFn4xXK8xanasbEea3iMOTihzMDflMwgTDmVGoTKtDXy8tQ+Y8k=` | +> | Jio India West | ecdsa-sha2-nistp256 | 01/31/2026 | `LKIwML4VmHO7WCRtLKz315NKhUsf3pn9q8UggCsT2ls=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLv40BCM762yvf6z/gbySSUjxvswA3Y4L4kDEENRBu4L/xju3kmN4BiuRVkCVioL4Z3qDRt97wSK4uyMi8E18wY=` | +> | Jio India West | ecdsa-sha2-nistp384 | 01/31/2024 | `lwQX9Yfn7uDz/8gXpG4sZcWLCAoXIpkpSYlgh8NpK1E=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLKY2+wwHIzFOfiKFKFHyfiqjUrscm0qwYTAirNPE1GI6OwAjconeX072ecY3/1G0dE7kAUaWbCKWSO3DqM4r6O+AewzxJoey85zMexW23g2lXFH7HkYn9rldURoUdk31A==` | +> | Jio India West | ecdsa-sha2-nistp384 | 01/31/2026 | `Oh8tm94RmBr3De3CtRgSNYFdCk4GuDu2YEupO+rXV+g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAAfMbIXcSz+/3ZUPhsmjFrdNZJRH5vV3zzAE/O/LEbTA8zZcOD04fhbyEmohk0z6qPQE0tVCp/Xi84gC0LMK7AuaFH4kJmuzh8tC2CbRlpBV0TWK5oVjRjBeLGj2gocTg==` | +> | Jio India West | rsa-sha2-256 | 01/31/2024 | `hcy1XbIniEZloraGrvecJCvlw6zZhTOrzgMJag5b5DA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOBU9e1Ae68+ScLUA5O1gaZ3eq0EGqBIEqL3+QuN8LYpF3Bi/+m43kgjhgiOx5imPK6peHHaaT/nEBQFJKFtWyn8q2kspcDy1xvJfG8Jaks1GQG33djOItiHlKjRWMcyWFvisFE2vVkp3uO0xG4nMDLM2rFazkax+6XA5cf2iW2SfL6Trs4v1waakU/jQLA7vsrx14S+wGEdVINTSPeh5DHqkLzTa3m2tpXVcUA4CG8uQZM8E/3/y0BuIW0Ahl/P6dx35W1Al7gnaTqmx7+idcc/YVe0auorZWWdyclf1sjnAw6U8uMhWmQ0dZgDehDtshlHyx84vvJ1JOJs0+6S2l` | +> | Jio India West | rsa-sha2-256 | 01/31/2026 | `ZD5Vw+3ipQeZYOwHpwIrfJIDBfZcTpydzeq7HSNrmxw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDRX7fdrzYX7M8CRXXZG44+MRP30m42vmzSf0xwugiR05ECtD+rI1VNH4VwhviQ75st+lIU5DzkNzxInZiof0/MgfaOnjzjpHfVV+CERbmbawaMglAz4c5LA9k76TDemRl/367h3PizXW7zVyNj4MKoJLzn+FEq77f9Zeo6TnVW/ZDifsTSyAYfwgJKxRJCHoDi0XZVWpuuLJcV5k28tH4OTBWUE0+lPCuu3e2bPzNKXhm+XzFjShMWUv16pErxBFmkCaGSVpDbeW+I1nIkjQ02dsvrDxyYGOZEbd4cWJX2wgYSD+jt3oiEXCqG2VyX9uVRHCslXu2ezTDUIiCFLs01` | +> | Jio India West | rsa-sha2-512 | 01/31/2024 | `LPctDLIz/vqg4POMOPqI1yD9EE9sNS1gxY6cJoX+gEY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOH+IZFFfJN4lpFFpvp5x1lRzuOxLXs0WfpcCIACMOhCor2tkaa/MHlmPIbAqgZgth5NZIWpYkPAv7GpzPBOwTp3Bg5lUM7MXSayO/5+eJjMhB5PUCJ0We8Kfgf/U+vbaMIg9R8gJKutXrANd3sAWXMwWqKUw+ZX/AC7h58w04gb1s+lNOQbfhpqkw8+mrOj2eKH8zHYUJQBUYEyDHqirj565r7HhBtEZImn/ioJS+nYT5Zl/SNtW/ehhUsARG9p6O4wSy20Ysdk7b9Ur2YL0RyFa6QhWQeKktKPVFQuMMLRkYX7dv35uAKq8YN833lLjGESYNdCzYmGTJXk5KYZ8B` | +> | Jio India West | rsa-sha2-512 | 01/31/2026 | `M/GmNpPBZHx9Gi6prlLDV5NZbknqFvdLPBt3WhGroH4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCaPoHixXf5KMFCIJx5ZIDymatZcqqC+YLz2DpXwvBFiHt2QYQA6w3ZkZNpimjtWJUPyXBLUABMMrnD5WbWfIgYZ/bIsZhsnzMJmcXejD+vOkCoI3iBh2SzlUJodpSj6ahX/9JmWqU8mRB1zITB7XWdvkyjAC3TS2ps6G7wcXHumk9MbuktrbPYNKHj8CBjrFfAEggG2IJ1YTHHmBqV3Gl7+JqFSH5VO+PFnvNSRb0ATurp4GLsOB7syr2hy0sdFG4lLcYSlIAbYgVvT4x2LEpq6HFxxPOCluSgu93Slg9ZBW/z47PSwdGMGkwENyy0Xdltae+OzTxZ4zoimSitRWOp` | +> | Korea Central | ecdsa-sha2-nistp256 | 01/31/2024 | `XjVSEyGlBtkONdvdw11tA0X1nKpw5nlCvN/0vXEy1Gc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPYiomaLB3ROxZvdfqiilpZ+2XJiPDeIIv4/fnQRZxnCBCFrUm7ATB6bMBSUTd00WfMhnOGj4hKRGFjkE+7SPy4=` | +> | Korea Central | ecdsa-sha2-nistp256 | 01/31/2026 | `9HlPpVNUWFMksQe7WrfMKiglruSK/KtPlEV4QgXBv2Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJF52Xf+DqG3cFdeTGRWzhKAd7wRrgOGs6++7K4spCmABa2thto/U1pZdyxZkq48+nk0U717raE4mgN5GkJpWxc=` | +> | Korea Central | ecdsa-sha2-nistp384 | 01/31/2024 | `p/jQTk9VsbsKZYk09opQVQi3HzvJ/GOKjALEMYmCRHw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBN3NA7U4ZC576ibkC/ACWl6/jHvQixx+C6i2gUeYxp7Tq6k4YLn7Gr1GNr+XIitT6Jy5lNgTkTqmuLTOp7Bx9rGIw9Or37EGf7keUM42Urtd+9xF1dyVKbBw0pIuUSSy+w==` | +> | Korea Central | ecdsa-sha2-nistp384 | 01/31/2026 | `vy9cmbZQT0EgwifI+RHoQnGbV3tAjUIFP1Bl8zyZxIU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBTAnIdrs0h9CFZhTOEXmo89VTCOtNl0kxnXGazFpBKAmtPu6TAvdEBlKA3xjppM74h2e7Jv/tnr/SsZJK98BOKrFCPwZC+oFNoZ1SdRYOuoqp9BoXVPS8pAcisS2eFTCQ==` | +> | Korea Central | rsa-sha2-256 | 01/31/2024 | `Ek+yOmuAfsZhTF4w7ToRcWdOevgZPYXCxLiM10q44oA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCyUTae7QtAd3lmH+4lKJNEBNWnPUB+PELE9f4us5GxP8rGYRar1v3ZGXiP2gzPF1km1cGNrPvBChlwFMjW+O5HavIFYugVIe8NzfI7S3t+kgTylXegSo1cWen18MAZe6Q5vxqqFzfs+ZChWEa/P37lTXVkLVOYCe5NJUPm8Zvip7DHB2vk25Fk3HMHG9M50KNj1Hp4etPI7yiLNLNCh5V410mf3xhZChMUrH6PMl/A+sVv68ulcVeIZ68eMuQktxz1ULohBdSExZGmknVrwfF/fLTKWxHlVBjB3yDlLIJO3nTFKaQ4RzPa/0If+FcbY+hIdzSjIAK6W3fRlbVuWHYR` | +> | Korea Central | rsa-sha2-256 | 01/31/2026 | `BWHK5p4dmTUH0NU99TJm/stulp/+yWT26EWaNYddwv0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCfRvjPUGmZEi/70Vl12uUsbpaPd0Rdh8vElRKFpp06Uy3tcYpUdfwHQC5djjBEuniiK6V3BkyZb6/LPwCrxbrwzuUcG7aP929DeSYoe86N5X6vTpU8tyffkotTDxhzXuu5WA11252rgtt3GIOYLOGHR1Itpcl+P4OZ4ELnMrsCXZcewD9YphNEVgi7Ez9yi4rdsulXTk7qdlTj07pOMO+CpTx9H9MHhw0v9JSy2LBxU9bmNFU+megWA9jTnLqSdO+xiLBmlbwEbrPBDuZybbM4Idz+DB45os+NsIbpFTB9XKZ/eP2ijtUoGagytX3yp1DDcdGDg+beOyI3gzxOvR7B` | +> | Korea Central | rsa-sha2-512 | 01/31/2024 | `KAji7Q8E2lT3+lSe7h74L6rfPnLEfGVzYZ/xyM96//0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDxZYb5eIWhBmWSwNU6G9FFDRgqlZjYYorMSXJ4swHm4YYHKGZTf4JOE5d87MNtkVgKe2942TQxA1t2TaENlmNejeVG5QZ4to+nVnwsFov2iqAYChoI6GlhpwzyPsO0RkqLB8mvhoKMel1sNGfmxjxYVFt4OSPHDzNIU4XjGfW24YURx/xRkLU1M9zBNADDx+41EMNRT7aBXrKW9MzsxkfCM3bYwjdBbI2Yi2nUqARm+e/sBPLTqVfjuMFvosacYc43MqepFSQoZE5snwYxkLJzltAbxNUysJs277isnGgezh9p5T2MCxtCERU0lvp7M52hd1p75QEtNrdadfDprzT9` | +> | Korea Central | rsa-sha2-512 | 01/31/2026 | `Lwixdb3Fx5yvcsFkjBMeAVLFTj4ihngqAUvMDKWLrx4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hp87cOOR8dC6B3tjUJIzLu6Ti4LB3jLep921EnhrXjEYwXWsWrEIyacsmoVxfbXJ2NZynzpInaKk2XiK1mQg2raLggao9yJ86NLQKZYQD8s8+74bO6gMoMgsGRRoPSRXv2iis/t5KEpKWAC+fC1qIQnwKOGscIgo5AWMDaWA98RoL+4HnRcQIzNvWwN14lebZ0H39Ijs/D6rMWIWibSXE3OWaJ7200lQ1+oVRmWT+mOo+QtQ0EVOKsFlynEkxgIysqEieED4dT8nE+bnAUrrOFGXjd0WpuHDaaEqldfHkmBX8FGLIei/1+KeVqIiKkeys/vbdyhjpQu5A2pdeDm1` | +> | Korea South | ecdsa-sha2-nistp256 | 01/31/2024 | `XM5xNHAWcYsC5WxEMUMIFCoNJU/g90kjk/rfLdqK7aw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHTHpO85vgsI6/SEJWgEhP5VDTikLrNrSi6myIqoJvRx6x8+doTPkH87L/bOe/pTU/rCgkuPi1kXTC7iUTSzZYk=` | +> | Korea South | ecdsa-sha2-nistp256 | 01/31/2026 | `fOxnPL6yD3NfoubIfYyPCT1/LShV6zOSx/2+swvo5Gc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAKFsE2xKTl5AhlcV7RaVykUTRz5zLNgQomLPNyQoAKrT4sEVUz36e5apDqquC0Xs83Jg3d2by4UQVmYEcSB7f8=` | +> | Korea South | ecdsa-sha2-nistp384 | 01/31/2024 | `6T8uMI9gcG3HtjYUYqNNxi99ksghHvsDitIYpdQ4BL4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAgPPIDWZqvB/kuIguFnmCws7F4vzb6QG7pqSG/L9E1VfhlJBeKfngQwyUJxzS2tCSwXlto/1/W302g0HQSIzCtsR4vSbx827Hu2pGMGECPJmNrN3g82P8M0zz7y3dSJPA==` | +> | Korea South | ecdsa-sha2-nistp384 | 01/31/2026 | `WMARPBxgBRgT+w+qU1USQ7AJv0vVsqUkJl1uDqQ5sAQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBC+3iJNzYWq6KSjd72sIJYQfeoSxF70re24Ps2SLcDLXiK2sZ0qsDSrjG7Yk2qVXYKydLQbUZuokhfQyV5zKYjcNQ5VHIblwd+10GlvZeqyCZibOuoUsMNxhMx1eAlo8KA==` | +> | Korea South | rsa-sha2-256 | 01/31/2024 | `J1W5chMr9yRceU2fqpywvhEQLG7jC6avayPoqUDQTXHtB2oTlQy2rQB` | +> | Korea South | rsa-sha2-256 | 01/31/2026 | `sxw9cyrpek3T3ZcO0+ghUoNn+M9dZD72br4F1GXV3iQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD5wHnNSXU7mmafdb4eSavGZiwaYIweYtGrLSj6IYxDafpk4+RwX9Grr7gG3yAG7wh/t9AzTt7Aj7mh5H2vNkJIkfS8efZgaW+BUJjatQAVu0pXUv0vAbIaioBvUJEeNlCYrOsSvfI+fLP+8JnZWPIkFi8jg/2cePOVFD/ZpTdq/d2b1ifOlEi2EtwkPK4U49asfwfogGpWShoRSufBiGdH5L3Sd157r2wJsUqUyO4x8CPLgT/cRR3HnQxWbGJOwalkb1Da1EX9gnHE639jTv5RPBUEbLA5JfAKWi6W7W4Wp91Se262Qva7fXeJv7lB1aPignIaI7XiZJYMITUAY2wh` | +> | Korea South | rsa-sha2-512 | 01/31/2024 | `sHzKpDvhndbXaRAfJUskmpCCB3HgPbsDFI/9HFrSi3U=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCfGUmJIogHgbhxjEunkOALMjG77m+jgZqujO3MwTIQxQNd/mDeNDQaWDBVb2FJrw15TD3uvkctztGn2ear3lLOfPFt0NjYAaZ8u5g9JYCtdZUTo5CETQFU/sfbu2P2RJ/vIucMMg8HuuuIMO059+etsDZ5dZHu9cySfwbz/XtGA0jDaTlWG0ZDT+evOE0KmFABjgMFWyPnupzmSEXAjzlD/muGeeUhtXUB8F6HVUCXLz7ffzgYiYj+1OB0eZlG/cF8+aW7MOpnWvfpBxwm16soSE1gmZnXhPrz/KXlqPmEhgIhq7Cwk54r3rgfg/wCqFw+1JcbNOv5d4levu/aA7pt` | +> | Korea South | rsa-sha2-512 | 01/31/2026 | `HKrQz+1svxtsfHSYoPt+DK7xN7zI8tCGKqcohLpKiFE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDXjEE9ikBQMHmepDgS7yNbQ7BUEHR/KB5xMUH3+bdmx/YctR0M1cVGKpRDlc6ME4F30cNDayAEwP3kgEUYD8nD8grJhIBg16zb3J3AJF1FaKBjdCG52Az+pbwywnanl+mG+vvvVS4m1gNc/f+blb3hNkgtE2Tk45jlHiPAD671Tj+E5HVZDYoiDaudk8IazT9JqUIKXMcw2HMG8YOwcap21gKedTQoBKGCfgYjrKapbwj8AXbR+TxZ/2fu2YtLk4MYsRxYK2BlgF3GqJKcrCT3FI2fW/1fnP8OI8XKd` | +> | North Central US | ecdsa-sha2-nistp256 | 01/31/2024 | `6xMRs7dmIdi3vUOgNnOf6xOTbF9RlGk6Pj7lLk6z/bM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJw1dXTy1YqYLJhAo1tB+F5NNaimQwDI+vfEDG4KXIFfS83mUFqr9VO9o+zgL3+0vTrlWQQTsP/hLHrjhHd9If8=` | +> | North Central US | ecdsa-sha2-nistp256 | 01/31/2026 | `s/ZY4uDhgUqq1e5mJuKJqnB2tWKrmCSxsDFUdI53crs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIIsskPKndr1JuwN+hz/5EY3EvGrDSbz8kQq+vlzYTm26jiS0Uw7OFBRhaZLMM4Cnh6qT7xQ5aNwnzuVFVCYitc=` | +> | North Central US | ecdsa-sha2-nistp384 | 01/31/2024 | `0cJkHHeTNQpl7ewPTZwug5+/hfebiH6Yxl2rOTtYZQo=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBG8aqja46A9Q5PmhPzhxcklcJGp+CiC3MCjVR6Qdl9oQGMywOHfe+kCD72YBKnA6KNudZdx7pUUB/ZahvI5vwt4bi593adUMTY1/RlTRjplz6c2fSfwSO/0Ia4+0mxQyjw==` | +> | North Central US | ecdsa-sha2-nistp384 | 01/31/2026 | `2vN+aOTY7FunWJ9DjrDCDWYxsr9Wme8hJ5w+Qx54624=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFcdbWr5Q3sOjz3ymMuUEN5W4FV8aYJxf/TeHm1nq2r3S79dX/QyQs2mDUGgkHlZW7oWB6rrDGXDkNI9ur0wMh1gKBS0JgkjzH/B3knAKiPNv8rPtxpI8aMY7RJy/pAGiw==` | +> | North Central US | rsa-sha2-256 | 01/31/2024 | `9AV5CnZNkf9nd6WO6WGNu7x6c4FdlxyC0k6w6wRO0cs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDJTv+aoDs1ngYi5OPrRl1R6hz+ko4D35hS0pgPTAjx/VbktVC9WGIlZMRjIyerfalN6niJkyUqYMzE4OoR9Z2NZCtHN+mJ7rc88WKg7RlXmQJUYtuAVV3BhNEFniufXC7rB/hPfAJSl+ogfZoPW4MeP/2V2g+jAKvGyjaixqMczjC2IVAA1WHB5zr/JqP2p2B6JiNNqNrsFWwrTScbQg0OzR4zcLcaICJWqLo3fWPo5ErNIPsWlLLY6peO0lgzOPrIZe4lRRdNc1D//63EajPgHzvWeT30fkl8fT/gd7WTyGjnDe4TK3MEEBl3CW8GB71I4NYlH4QBx13Ra20IxMlN` | +> | North Central US | rsa-sha2-256 | 01/31/2026 | `AT+uuHy3KWpXQX1o6xvepKloVxWW/hHclRucH3CQ8IU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC1etuSzvJZ1idzgvO4r8kZ0XqGM+AzonnYHMs3CyG9+IuBG4JPRq1cRvj3MkHLt+5V+RXp10c3TSyxit62awNjlWW1e6/v3R1IMjqBh85+biHDIJ7TtaNl8zBOvdzS7jVMXxcOI/2QySEFwZq0Kp19S6HBxVXNYDi0Imccxl6SpU/dLqJcJQpmJjGfOQamO0fVU5kEzNvTy6j1ivLQtdjwnbhJCzohplqMHVm2mzCr9Tl4YPHp2VRdrtH7vLpml/uu27sL9lZKzQMXDc6kQsDoORukblfu2CDhO3x+UL6+5fcbG4gYilt96JJy8JqIUc1FteR+BPpKHuUzM2LmLHb5` | +> | North Central US | rsa-sha2-512 | 01/31/2024 | `R3HlMn2cnNblX4qnHxdReba31GMPphUl9+BQYSeR6+E=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDeM6MOS9Av7a5PGhYLyLmT09xETbcvdt9jgNE1rFnZho5ikzjzRH4nz60cJsUbbOxZ38+DDyZdR84EfTOYR2Fyvv08mg98AYXdKVWMyFlx08w1xI4vghjN2QQWa8cfWI02RgkxBHMlxxvkBYEyfXcV1wrKHSggqBtzpxPO94mbrqqO+2nZrPrPFkBg4xbiN8J2j+8c7d6mXJjAbSddVfwEbRs4mH8GwK8yd/PXPd1U0+f62bJRIbheWbB+NTfOnjND5XFGL9vziCTXO8AbFEz0vEZ9NmxfFTuVVxGtJBePVdCAYbifQbxe/gRTEGiaJnwDRnQHn/zzK+RUNesJuuFJ` | +> | North Central US | rsa-sha2-512 | 01/31/2026 | `KmGVFgihOp7BEJgoOQ28QGCVpivhWOUJVpoWSf1DzLY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNhjttgLAC1yCwlPWPS0Ts2kHQ7RuGvnbZ0yrCTB3URS4SeMSkrQP5H2lBqaj/ZygNeH1JPcy4rsDopP5g9S78tSVUSwwhd/TY1qw2yMQgQKBX2540h2ErLjnW1nqfUliLEGU6lxY2JEui9XfiFjS0ct2LdWzoWk/2rhDLl2CJej1j6u4gopjaLewhndd/yiIwM/tkcMmTUL4zV1X3esbDbKHCKVCOjeVK1KIB7eA6pg9HfBcIFacVUraTsn/curAgsi7Q/X5o7KVHcCGRWGyrHD2qjrPTbGOS9dIBq7hwpBGHi1estt1KiavuHNMCPvwKdhLmIYA+6raz9w4rOSwh` | +> | North Europe | ecdsa-sha2-nistp256 | 01/31/2024 | `wUF5N8VjGTnA/PYBVzQrhcrMgHuCfAYL1tu+p6s28Ms=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCh4oFTmr3wzccXcayCwvcx+EyvZ7yANMYfc3epZqEzAcDeoPV+6v58gGhYLaEVDh69fGdhiwIvMcB7yWXtqHxE=` | +> | North Europe | ecdsa-sha2-nistp256 | 01/31/2026 | `wnIXnbkmXRuxP+60TeN4mn0kplC2Lb+ohnlC9u4cZpk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFIx6kxnNFhCoIC3SdEFUFNZlQA+2Pc1gMMAy59BkCIP7PWhEF8uejxGQOfxwQO17AW0o6anFFWhyWoxTI3vpXw=` | +> | North Europe | ecdsa-sha2-nistp384 | 01/31/2024 | `w7dzF6HD42eE2dgf/G1O73dh+QaZ7OPPZqzeKIT1H68=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLgyasQj6FYeRa1jiQE4TzOGY/BcQwrWFxXNEmbyoG89ruJcmXD01hS2RzsOPaVLHfr/l71fslVrB8MQzlj3MFwgfeJdiPn7k/4owFoQolaZO7mr/vY/bqOienHN4uxLEA==` | +> | North Europe | ecdsa-sha2-nistp384 | 01/31/2026 | `7YPYAsFrQ6BRtsVcL7zXP1IClrfuqi6ruN3w9ri6UmQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFxP4POMxrfU1ca7/LmaMlJY+6gtOGUupVmFj90ZFFGxXEccxknT18phpIy1zu1n+oh0kmyqE3JKac71Jbpt0ypM615lrnC5xH9Ayxvi05nFYA/gXAbC/oAqSMGNtuaNxg==` | +> | North Europe | rsa-sha2-256 | 01/31/2024 | `vTEOsEjvg/jHYH1xIWf2rKrtENlIScpBx450ROw52UI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQChnfrsd1M0nb7mOYhWqgjpA+ChNf7Ch6Eul6wnGbs7ZLxXtXIPyEkFKlEUw4bnozSRDCfrGFY78pjx4FXrPe5/m1sCCojZX8iaxCOyj00ETj+oIgw/87Mke1pQPjyPCL29TeId16e7Wmv5XlRhop8IN6Z9baeLYxg6phTH9ilA5xwc9a1AQVoQslG0k/eTyL4gVNVOgjhz94dlPYjwcsmMFif6nq2YgQgJlIjFJ+OwMqFIzCEZIIME1Mc04tRtPlClnZN/I+Hgnxl8ysroLBJrNXGYhuRMJjJm0J1AZyFIugp/z3X1SmBIjupu1RFn/M/iB6AxziebQcsaaFEkee0l` | +> | North Europe | rsa-sha2-256 | 01/31/2026 | `ai5VaZSIlMqnIjownVEFQqW9U8woOoBGFY3hSbrdnHg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDHFi3P1ykPMMhPNqYLM5l2tTOvC7UXCY635w5SrsL+8rOFTAqNFfwhZrccGgWhuzO0LNt7khMjHgYKn6yG67HyHvL9ZXC5rTS4mDALNDyPNCMzyAI3fuDZOWlGpDTzMhfzTeZzbK5x5T9MSGDfOlsdnQt8p5hEDCAnl5oSOze5k6ZUXV62LNXLEG5+xIYr64Raz3oaOsEVfhzZws18GgdMfCf0Syiw7rqjfPnPWmJnyxzuGvIGDEyitxi5y1WyzBe/Hwko0rFCQLwSFiEEm6ZAMJzvsDWzfKvIowZV8RVw/avN3Yvz6B6VBVbX1fHpMoVqzCdsS/38WwfGbdY0HoqJ` | +> | North Europe | rsa-sha2-512 | 01/31/2024 | `c4FqTQY/IjTcovY/g7RRxOVS5oObxpiu3B0ZFvC0y+A=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCanDNwi72RmI2j6ZEhRs4/tWoeDE4HTHgKs5DRgRfkH/opK6KHM64WnVADFxAvwNws1DYT1cln3eUs6VvxUDq5mVb6SGNSz4BWGuLQ4onRxOUS/L90qUgBp4JNgQvjxBI1LX2VNmFSed34jUkkdZnLfY+lCIA/svxwzMFDw5YTp+zR0pyPhTsdHB6dST7qou+gJvyRwbrcV4BxdBnZZ7gpJxnAPIYV0oLECb9GiNOlLiDZkdsG+SpL7TPduCsOrKb/J0gtjjWHrAejXoyfxP5R054nDk+NfhIeOVhervauxZPWeLPvqdskRNiEbFBhBzi9PZSTsV4Cvh5S5bkGCfV5` | +> | North Europe | rsa-sha2-512 | 01/31/2026 | `ralX3vX5MZc4oSa+vFRXYb57sOw4Q30iZ0jx+s1LbMs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC04Y+mJojbEI6L590NFYLYcWI6Zg+WCVIFSIz2ABoawbKHmQpEh6Gz56dcw8gbv6q9zNn8CVD+i4+k9QLycMhuxoR5kRJO6iJexoasY9W5v7nGnIpp/pg6IfOsQ97nwRtD0dOL3Rg3FuPqXLA9mckhc70gp2I8FK52sfeZvJEUfjRlYzgtsZbFVpj1mLnEr18eLZTUzVAPz2ABHhXNCuBft58iue5dO28a6boR0dVBPTy0wI1hJ3CyiFZj6EQKceK4kxv2b0TQ/H8E3PGb6wh1PoOel4IZ0CiKGCovJhOOfWZX5CYjNW34okNZONYWleI3yYFQetlGTXxvdMEV61sx` | +> | Norway East | ecdsa-sha2-nistp256 | 01/31/2024 | `mE43kdFMTV2ioIOQxwwHD7z+VvI4lvLCYW8ZRDtWCxI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDWP6vJCbOhnvdmr7gPe8awR/E+Bx+c8fhjeFLRwp6/0xvhcywT9a1AFp7FdAhkVahNKuNMU1dZ0WTbOEhEGvdg=` | +> | Norway East | ecdsa-sha2-nistp256 | 01/31/2026 | `LX3xXaXt8vEj9GexgUl5FQPn6kgHgqJyqbyKUUSXI6Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNfWlwwKQz69ViXpaEe923CbQgSMjpxCn0fMQDjdGz42v8mrwBLTNYP48c4pzLm8eiWtb5IU07Au7rl+h2OFAUY=` | +> | Norway East | ecdsa-sha2-nistp384 | 01/31/2024 | `cKF2asIQufOuV0C/wau4exb9ioVTrGUJjJDWfj+fcxg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDGb8w8jVrPU1n68/hz9lblILow6YA9SPOYh5r9ClAW0VdaVvCIR/9cvQCHljOMJQbWwfQOcBXUQkO5yI4kgAN3oCTwLpFYcCNEK6RVug9Q5ULQh1MRcGCy3IcUcmvnYdg==` | +> | Norway East | ecdsa-sha2-nistp384 | 01/31/2026 | `Y1NKi875wtm5Z8fto3UZft09cvoZIE/mbEvVbxEq69o=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBP+K8187kNSjyrGOu9exSmSvVDfRQDHoe7EOpD6JLOhDnT8/UeAQqzaviiVppMF1BqVuBplzNyV6NCQPxwqVlrJsXsvNOnneJOVJf+E4oNz2I6kF5rZbzc53cWUqnD4rAA==` | +> | Norway East | rsa-sha2-256 | 01/31/2024 | `vmcel/XXoNut7YsRo79fP5WAKYhTQUOrUcwnbasj/fQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC4Y1b2Bomv8tc/JwPgW0jR5YQhF031XOk4G0l3FOdZWY31L8fLTW6rOaJdizOnWCvMwYQK39tyHe6deN9TZESobh0kVVuCWaZNI6NUR0PSHi0OfbUkuV0gm/nwtwJkH5G9QbtiJ5miNb4Ys3+467/7JkqFZmqN6vBLhL9RVInO00LPYkUGtGfTv+/hmsPDGzSAujNDCFybti4c+wMgkrIH6/uqenGfA1zW3AjBYN2bBBDZopzysLHNJYQi3nQHQSiD4Mdl7IGZtJQeC/tH9CKH5R4U4jdPN1TmvNMuaBR/Etw4+v0vrDALG1aTmWJ7kJiBXEZKoWq/vWRfLzhxd4oB` | +> | Norway East | rsa-sha2-256 | 01/31/2026 | `+Bf5PY3s9YEjAx4iGC4T2qiuJSpfc+2j9cAH0oz2K+I=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDSpVn1Tw8w4zdnknXitlR2xjrMQzazRDf1PY+jvXUQNdgHBbH0fGE/MQwDQdejngoPijoXm8F43sl0DkEqLwDBDCjiTDBa7jaIZo4xlOBCJ5zmN9/I9rOJgYsk7wF5KHXBLkOXKWh460uerxUj4i9n+NTiJzoV+3x71pE6t7j5Q9TwYA6WlOm0m8ejtmMycuzlG76y5py0EMCF/t5RCk0UPn4PMMt/m+EOARXEv5A/JxSID+tk2xSOtO30PHtQFbKvEG0M4FuawlpWm5hvCT0V9VDRm/X7EH51ivKi2Xu9Hvec2FrIaMLy8a8buC0lhosyubpe9d/lMzs7VE81SPLl` | +> | Norway East | rsa-sha2-512 | 01/31/2024 | `JZPRhXmx44tEnXp+wPvexDys1tSYq9EDkolj9k6nRCM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC11j19LeEqRzJOs8sWeNarue+bknE3vvkvSnsewApVMQH35t9kpqRGMSr6RTU2QCYDiQTCKI2vzLSTLGoizoPBiY/7lvdylDRCbeEpuFUkgvKZrapkJ6JqKOySPpFNhqCs27rdY5dJ2C7/nmTL/kvcyhXFXZT2lJaOIdRSKv/1Q3DAWQ9icNGbDokQDubF5etlkquqTV6r/ioFuh7hdKE+fJooyHa2oYTD+j5cNDKBxrJWBEidOe2HwplR4lYPggUcVtGu9aoSVIMmswztFF6+MNIdOT1kdvHewKLjkVB1hbIHl/E+uexsyMGcCg5fPy7dDIipFi1aED+6R7CnAynJ` | +> | Norway East | rsa-sha2-512 | 01/31/2026 | `+FdWhzWXTs3opklJIbLQeXAWhB8m6SWWY7+FdMzFAiM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDN0QhSmq9RG/FDQu0OhXHP0CKQfR9XRLM+4sK78l8oHGZJUIGPfNuAM4a8rixwwQiJpJHpRTnhjG+8jogdwJaBx6HJIEJCUcorWr2QAwdGq01A4aLcDkhHka9Dw2GYiDCYtJDolSW4n0ir1oWSIetAv0sjkSFMob9AK33P5shQC7OjWBSSAZoDolkIxrLOFQy4KCl5YDO+heUTOaja0ymcCKrDVzWxYaQoonIznYwdzXC1T9YIYjR5FsDp/Wn5OvPFNCe4mdKLasU+pN+kV7oGrPMULvPbOvBzGb4I0ozfShbRMt0H8nPXLXG7+LkD8YM5NTFxiaKiZpNPdThycHQZ` | +> | Norway West | ecdsa-sha2-nistp256 | 01/31/2024 | `muljUcRHpId06YvSLxboTHWmq0pUXxH6QRZHspsLZvs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOefohG21zu2JGcUvjk/qlz5sxhJcy5Vpk5Etj3cgmE/BuOTt5GR4HHpbcj/hrLxGRmAWhBV7uVMqO376pwsOBs=` | +> | Norway West | ecdsa-sha2-nistp256 | 01/31/2026 | `nI5iKgzoS960Hf8VzZ+Z+qJqlhG3We9wUsisCqEv0HE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFYTmlTdycyDk8yLL3HRZFQtk3Zs8iG/IwJJO9LgpDAlr6oxTbHHyLBJnhvAgNl03EfMGMQs5Z0Vx7fcZOL0NzM=` | +> | Norway West | ecdsa-sha2-nistp384 | 01/31/2024 | `QlzJV54Ggw1AObztQjGt/J2TQ1kTiTtJDcxxIdCtWYE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNYnNgJKaYCByLPdh21ZYEV/I4FNSZ4RWxK4bMDgNo/53HROhQmezQgoDvJFWsQiFVDXOPLXf26OeVXJ7qXAm6vS+17Z7E1iHkrqo2MqnlMTYzvBOgYNFp9GfW6lkDYfiQ==` | +> | Norway West | ecdsa-sha2-nistp384 | 01/31/2026 | `9ElS1gKYvwii1fb2GffZ1OI8ge5TQiqAda/CL7N8vgY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBN8A1zgtX4PxY0zkK7YmA4vasazPyPhXMVsXz+bINiscC37R9xePSah2A18uIT8M1s96OMhukXKxQrrcWGAGYIIOlDQ8mjb/HsXu5HZsySTfb81bw0Fq6YVD/8u35ER7Ng==` | +> | Norway West | rsa-sha2-256 | 01/31/2024 | `Ea3Vj3EfZYM25AX1IAty30AD+lhXYZsgtPGEFzNtjOk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDuxOcTdADdJHI8MFrXV00XKbKVjXpirS3ZPzzIxw0mIFxFTArJEpXJeRfb0OZzQ1IABDwoasp1u+IhnY1Uv2VQ8mYAXtC3He08+7+EXJgFU/xQ8qFfM4eioAuXpxR7M7qV/0golNT4dvvLrY4zHxbSWmVB7cYJAeIjDU8dKISWFvMYjnRuiI7RYtxh/JI5ZfImU65Vfxi26vqWm51QDyF5+FmmXLUHpMFFuW8i/g8wSE1C3Qk+NZ3YJDlHjYqasPm4QidX8rHQ1xyMX9+ouzBZArNrVfrA4/ozoKGnPhe4GFzpuwdppkP4Ciy+H6t1/de/8fo9zkNgUJWHQrxzT4Lt` | +> | Norway West | rsa-sha2-256 | 01/31/2026 | `Ok1QW8mYdmM2ydj0kSV0q32mtjj9rWNVKU09EAAl9Tw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDcv8atttWdhSTVwpV6v61hhBlf85e+Uu3Qjpm0Fa09OuUrK69pggYU6JHHv1AHlMMCapuo2ReGc66tv4dmICijxRYuejZG56uproG4rARSK2JioXB4Yq1qTr35+uXaRj+w5G8/T0zxsvE6AliGBbZDoa07+R4ZQ4PLKcZnxdueHiDoNsZQOvfEtqtksK3LpDD4JU5/mzfDkyGaKejFWQ6DnnGxpE1cEnBdae9ETHOFWbbB0sYd3vMRMsyWlQWUX2MZ4NoacwnzMl2mqX3hDIbzlitxeZqRixJitnL0rX1gPpQg9n/RfCaeynsMjKXA0pprylHLywnKzpaj9UjMeGw1` | +> | Norway West | rsa-sha2-512 | 01/31/2024 | `uHGfIB97I8y8nSAEciD7InBKzAx9ui5xQHAXIUo6gdE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDPXLVCb1kqh8gERY43bvyPcfxVOUnZyWsHkEK5+QT6D7ttThO2alZbnAPMhMGpAzJieT1IArRbCjmssWQmJrhTGXSJBsi75zmku4vN+UB712EGXm308/TvClN0wlnFwFI9RWXonDBkUN1WjZnUoQuN+JNZ7ybApHEgyaiHkJfhdrtTkfzGLHqyMnESUvnEJkexLDog88xZVNL7qJTSJlq1m32JEAEDgTuO4Wb7IIr92s6GOFXKukwY8dRldXCaJvjwfBz5MEdPknvipwTHYlxYzpcCtb9qnOliDLD2g4gm9d5nq3QBlLj/4cS1M9trkAxQQfUmuVQooXfO2Zw+fOW1` | +> | Norway West | rsa-sha2-512 | 01/31/2026 | `4OjYruCQ3UATeLz7ZDyXumfZVCvED5stvmAbVeGhYFY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC5SJKaXLtWBtOxSti/Ag6KGC5Gyc2CQMj6lMl8qEUzChtvQrE4a05HNtudc8jS4zbkINtfdZHJ6MvsrhsrKOufTnNlNBbd75lG0KciYVWVXZudFxi9PITMV12lBGRNnKXR9YDY3sQsAF9xVitP8c3qOqX0r4/99KVx0uJg3YrcVmyLQR5it/QLYYV3XHuo1wo705f3EH/uAXrs03b3Mf03XUCk5HguAwyhvB0CIAgI4CALS6mCMKosZ+KVsV50GB9lWsh/bDpAGOLzBon9g/1nilgmL79EbnYtJ1H8Ia5CIjLtkS+qSTeycLjjmGa79Wh9ysWl5ek8WghcK1u+guVR` | +> | Poland Central | ecdsa-sha2-nistp256 | 01/31/2024 | `aX1HJKXvnL8pJ1upt1OnBQT0vLbQXDrBeThar32gyEs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOTFAOA/iJnf5S+3tGqyGEpFspwR86HChkrkloJnehNvYhecP4tGhJx5Z15j9TJqHWEzpBFPIcxF+O9tStiv+oQ=` | +> | Poland Central | ecdsa-sha2-nistp384 | 01/31/2024 | `jNH6sSVNE+1NhyZzA3tzk0RaJpZoLVZHd8yjQG64DDw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFoLS+6QCyjyibWZvldjErzY9ptf+LXhyeQQDu7K+UajFsLk7xzx4vIRLsPJ+UhRyu81Lwo/pxcgoDX6uyB2M82JfQAWF+jniU7RfC/QzO5Jxbsj4mlY1kVO+R7/vdLTyQ==` | +> | Poland Central | rsa-sha2-256 | 01/31/2024 | `Ph2MhHZIZtRk76qOvea61JQGRMyxbHeYqbQYo1bDorc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCplMMhYJaBSEOXRYRvUACL1zoisjy7BRVdsKORsnqKtMimDqvl8UY304znr9Rn2DBT55EzRQIPs4V6tKwUMe4+FBm9Ef32/jxRdlJ7bM/eMRwFwmo4PxJ1pVpP8TYkpLcXXx5T+zCtphkSXUBHrZRas0OLJIw6ooj9rt60PeCvEIl9HBA8sMt8u7882KKGIZra7C1PK/0/rKub+7oRBEgXoxZxKYFmu72CJV4/4FmxQsYpqcwKaFgMnDYEzpJexL+XlGJ+GkeX8tngy38lwlwGdxi6s6w9e20TUSYtbfPJE8OBq08cHN1OhpbL3bS2Ynr5QkFwHIcwa0seSuXJCIj1` | +> | Poland Central | rsa-sha2-512 | 01/31/2024 | `aSOu8q60R2fx2C9eoCX3ReG/wKQbXzHf5XoTaEww6GQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC4c5mGbfEkwSgXnhzF4zrguh9X1aHMn1p6pTwJhCjGTQ54ZIFYgfA294RXTYJdL84Xi++qCXHeENVeTWfD9dRlz+KDCOST4JpHauGKnKUF3udsHNNItai88CpDHj8JM6YYxfUR4/BHCNJQ8BrVnvrljWaj7SYJhyUuwChZkTeycZSQPOVJRoHKAnfI+KVZGfQp6dfJx1M11Ojz6a72E6cDDeu8YBNEGiWfYARTi0FJWpy36CsA6aLjXkWTLgM4ZD7vIhLOCLholei+zR43jpZUNKRe7Ym4nSliRsrlEsYkblxsIxotpLt9Al+ftn7GBAjU4HwhC13o8K3yWw0z3daR` | +> | Qatar Central | ecdsa-sha2-nistp256 | 01/31/2024 | `QOdUXQx3Bi3ss/976Q0n+aIt/vkWjfmGH4fsgk1mBvw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJz1f9SCaXyUAatHKEr/sfY2uRJWtftsigePCckBp+l/VenEVY22vVwstmrIeu02JKz1+IfePfGQ2bWOprpodXA=` | +> | Qatar Central | ecdsa-sha2-nistp256 | 01/31/2026 | `rHB1fi4XAuQvabHUxHlsdxtBgvZur4W5h4SDCM+OaZ4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMsNj0SFCAb8D5igdFlWaeZxYvP2fthgXjb+a+Fb3AcqPIjHFQPX3iImnBW8SHguqTOTi+x08P35/LjXzUSrZEE=` | +> | Qatar Central | ecdsa-sha2-nistp384 | 01/31/2024 | `znqSno+29X1UUZV3ljgE7qSoYZtAybbH4dWNoSZIg6w=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKkIRyyU0RVr0/xTE1pce28UeVStaqyw0daAWkChabp9SQb9ONmJ5UFzZ0p3bvcy2ZWeYiJCvg63qKojPomVCwT8ZtRtgeewRMWPS6kKAJDQfzl8r05dNjwbd8Y+1BerHw==` | +> | Qatar Central | ecdsa-sha2-nistp384 | 01/31/2026 | `HZrKR8HYd2G3Oz7inTYPi26qFPFJvCZLnW13V1U+kIo=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNWGC3x/5+z0aEkRJ7IM1Q1FU360gKtERjFSDiPejwsJVTuvSMrBTFTWYJXeaBoK2rcQUmMBE9KkhlCczQYVanCZc/+qeyuXhdVAsUiTK6Fsj/A/G6Fx26bUFaJ5M+4vEg==` | +> | Qatar Central | rsa-sha2-256 | 01/31/2024 | `iHCboIvdshFEnYt/6+vvLQnjyUZQ550Pm7dkFX/Q43o=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDW+RNosbUkJxEwcZ0i22DPBTOgStdqEdaL+jRzzi8xs6n9hR2I8Mnv6PR+ujaejqAzXVmI5LLnMrQA9efsUR4F0Is5ruJgrK6f2ORiLsaYj7PgTOsoaItdjWxXHFQ7hZA1FmYLgody3Js68akvGkp8NwnW9goFq3qBrtpHRcvxFxWixeNTy4a4azVjmoN8SfZxiPa0mBT61fjpVttUrb+sJeZ3jo6Ox2ZQxc0My8kPY+8J1qNxjsoCUirHZsgsmYTM5F7lWSdszB7h2irIiMEi+cmcowhez6LJd3TcDxnElOz2Wva/wSNo0JJx/VLdZvP06hJTxIw2QsX2uwI7lyF1` | +> | Qatar Central | rsa-sha2-256 | 01/31/2026 | `+MFJZug5lX4udxKKxlBnxX6E/bRmCHgCYX+1k0V7dHU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCtibZZg1XYG6nFP57oOWo75icpoDy8b72OwuCQh2asjrrTxNDpdJPsb8euQc3/p1TrWRR0FBiDB5Dp3uuC8aQKFFc9xfnbzGu+neofM9ndCfItKpJnS7+Hn64SEAowGyZ8PpdBIj5T8ZQ9TgQozWat/JEL0zvcHe6RAfCy17LYOt0VNaEjTN4LNu5NDsuSvdoAtnViLa7sW3bvd8tFrCIAyDfRC7cqsy2ZHQvVsMmj+uRroXFB03AnF0Pg/sUtjTYTWbxj++vxeI/PirKg7yGOawdmbCHka11wBRg4ELcN2I1E+0veXWJZwLJVloAsAnFB5vD7gt5WuntFKXI0HlAp` | +> | Qatar Central | rsa-sha2-512 | 01/31/2024 | `EMxIi2rduXMod/OMKHrHRZKo9t9oYUdnw3sw8Txyaj8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDqTnxkToyGf9z/+6fXJ+DvHvKqADITDu+JqvJX2kaPSbkxEBvR1uW/jFT3DD7SL8ZS8qm8HD1MYyoiHE6yvM+K9md83GMNqBiuxIceHH7uW5mEUt25j519R7a/fQUXApt5ZXZTG5e9eUSP0W9r/HvwA+LkE66gDwamPZrF6OkBQnu3DEK1AcZNufM31lnFBlu0yzdLMFZh/L6yXRi9sh0ATf7aZeR2lgGuTuoaOUAx3F2xTt5lRNGpy8O4HV8uZKW0EsEcGYANguOEqiNEgjiw1sHIZ4XPZSYe+sXAkafVl6X07nu9CpEncrRnTcQIfZXnwbneOetDWlhZH/vk38ZJ` | +> | Qatar Central | rsa-sha2-512 | 01/31/2026 | `j1O37Xflf7LJS5OVx20MVukIxYI81OK8GkbYGVPWxEQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD09DhL3Tj9xPjsKFpO4rAE50nVFvRQ53/a6jZO0mJd/6B6lQ7EiuXnIET/M8IKTzxchfc0CDcuhdVpYQ1oUgh7ZZSPYmdrTE8ouQnJuKhUPFINiARPm97i2huVFK6DNgb23k8N9/TpUN8adrD/jJo+4rwqBF0OBYpjSlzP7j8903FZ8GNvEEZKYVG5xR+73JVzwyBaIBX2Qoj3WnKyctH+XhF80oP/NaaNPpPvtT5YJuHCjgPGodUE9GEuAPGz0PYHKTvt9gFKA7ddKqDxcPZjIxPzjiby0aYbiKuIrkYGmehF+LIZeU4cfzhTA0sx7cKC67L/+1pTTFHvVnWUGrWx` | +> | South Africa North | ecdsa-sha2-nistp256 | 01/31/2024 | `e6v7pRdZE0i1U2/VePcQLguy7d+bHXdQf3RZ4jhae+g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIEQemJxERZKre+A+MAs0T0R7++E6XanZ7uiKXZEFCyDgqjVcjk8Xvtrpk5pqo4+tMWM7DbtE0sgm1XmKhDSWFs=` | +> | South Africa North | ecdsa-sha2-nistp256 | 01/31/2026 | `x6Veo25rnI5ZSlKsrCCSCeY02mf+lAF8mutAOqmqoy8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEnfTZN+LkvW60gdn2uNROCvn1+GpFGTb9hcNha+WaweXzvxusSbpEn/R9BHb30J/LrwlBfxa5IsLXgXdprt2n8=` | +> | South Africa North | ecdsa-sha2-nistp384 | 01/31/2024 | `NmxPlXzK2GpozWY374nvAFnYUBwJ2cCs9v/VEnk0N6Q=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKgEuS9xgExVxicW0HMK4RLO5ZC6S0ZyENe5XVVJY0WKZ5IfIXEhVTkYXMnbtrYIdfrTdDuHstoWY9uu4bS8PtFDheNn3MyNfObqpoBPAh1qJdwfJgzo5e7pEoxVORUMnw==` | +> | South Africa North | ecdsa-sha2-nistp384 | 01/31/2026 | `SSsuQXpWj2Jd0k+pzB6g5Emxfms+/seJ6ONarTSgnL0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBOi9aODZI9qqXCcTq97tCNG/UEuGp1SOzq9zgGBw2dQKIjq+OGpWR5l4SGRHf1g+HYwD/I2pz4aZvGUSOPCi+wfPosbQuPdfCtg2+McgpK7m41/GzZBNYe0KClOaDClQdA==` | +> | South Africa North | rsa-sha2-256 | 01/31/2024 | `qU1qry+E/fBbRtDoO+CdKiLxxKNfGaI9gAplekDpYvk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC2UBC1KeTx8/tQIxVEBUypcu/5n3B/g0zqE7tFmPYMFYngrXqEysIzgAdpiu2+ZX/vY8AF/0UkhYec/X/rwKQL8CCVwYqa2hufbSrX/qSuUHZd/95LFB2Nh+hJ23fn3EK8Gpgo/Xkmx9YVZoaQPGPsWVWVKjU6aVpM54cd6iuDT3y9SAnqbUMqgwwz3mK7bQGFPrbUVOUwVIcYKZD9HMNZhpo8HpjllKYIt1AFy4db8lSrLyuX8Nn/U7XAlPUndUCpKsAfWw8SemyuxSHziFDHF5xo8eLU+QYxdtzirgDAgEYWv9aa0TSx5Q2Mq8XJ7POffQxKj44ocHzmMGq/wPS1` | +> | South Africa North | rsa-sha2-256 | 01/31/2026 | `8DyFjcm9czi/Sa7NNdtb112/PYMQ2HlSfKDNShkZbUA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDW5n33PoUfv3Jii4pNxQAdY1HdzeMbs0zlQUDKU+0c0QrCNHg9bnlJXW+wNVD91suKdy345m50TP+hDB5DbZACGgoAHiMHU/lBDrL1TIIVuQ13LbFx0jBL+SU1qqFwB3U/9ckNLlMe5qM4PB/eZr0tEVQhQL/melYMbyA6s4kX/NFozxiNNR+Yz5fhLjhHz6cwCGN7Zj0js2KLWbhyaKxmmdrv+YN4E0EZ6MYdZwy3iV/lrX/0OlORvOA/ImputAvxJgAxOFLQsbTuIiMm1ccHVRpzBxsslSlgss7GeRCceQl/Kgg9vnInptlD3uqlwWUfYmc6PfPcapn3diLzRVrV` | +> | South Africa North | rsa-sha2-512 | 01/31/2024 | `1/ogzd+xjh3itFg3IpAYA2pwj1o3DprEabjObSpY/DY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDLAkEygbVyp189UwvaslGRgaqcGWXaYJVq+gUB0906xkkjGoJeqSgTW5C/77vOk0zBCZM3yBgtDFZL1d6lze1QJZ6kGGPynJa5SeyydAds9G745yaFFuE53zJUyMy+y5I1ytfx003PKvk8+fHZK3rPYYr+LKm2u+9BmnuDB/0t561oFg1ZiMCPgNnDdUwkya2EtsJAifkUaBlYmzBZAFbIYyGfb898utZHyI+ix2TrMS/RHEDIchG8qSBMpOPmcpa29ADVsmAQDd5ds5D7WjirfMXwBxgJTMyuy+N9rJRgHoqDnt/GsgI2GtoPM7YSET8uYug941hAvFm5TI/dW3YR` | +> | South Africa North | rsa-sha2-512 | 01/31/2026 | `gEIAzMNxs3nDD8FVwhgZvCHxnJ7nGQqwjs0gpcA8fBI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCwaG+2gbF1WVAS14Uxhoq98wdp3U7hFbMnhdDrK4zxAMHojdiVvEj41m8EI1DcDjSRAi9/h7As7SIRQ9/bOXo6E5kiLl0kj4ao2KPtuTobAuj3IiN6iVHAtiCwIEG8I/mtAjGMLBtk3uplSJnCBRiMVduBsV3GpCJKdMkNuntbtzPCntEdpzqtOhxj3wftiaQq8aGomQjFRU6mKScqoDylnZPF19gw2f9XrUwElE4EoeE0V1izNtLmgxbDz2kwpt982fhuLUZgNIHxSU/1SVAwUX1qxH9aTFzjXc5dSFCQHsK4qnLRKNtlXmUosdwk7UjndL/nwUna8p3MuDm1gcZZ` | +> | South Africa West | ecdsa-sha2-nistp256 | 01/31/2024 | `pr1KB8apI+FNQLKkzvUXx0/waiqBGZPEXMNglKimUwA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPvbvOfXQjT+/3+jQtW3FBAnPnaypYSUhZMkTTSfd7RQMmSxsLNmDooERhVuUTa7XCTlpDNTSPdnnaa6P1a+F6A=` | +> | South Africa West | ecdsa-sha2-nistp256 | 01/31/2026 | `2EJmwCnQAIo392472FjThrwXmowmdeNnYZZZR7ttBVE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBGif4uCAd5hx/m9dqrLKCre1ns//8w2mT2i/v5dSu3m4xP9EvFq4FN3w6LlXQwov7BmJPMdZxoDByvQDT3QHO8=` | +> | South Africa West | ecdsa-sha2-nistp384 | 01/31/2024 | `A3RfMOd6dGgUlcrkXL1YRKNXIdAB8M1lF9qwmy6PjFg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNaJmo4QGmo6pbLHOXh06Rz9inntdxmuOtVxlJBO1i/ZK5les/AuaILMW7oQCxOKvZs/xI+P0MWRfrNgWSSapy5hNuTkbl8IqO4pH/lO//zdaHmVBC1kPnujDM9znJs6Rg==` | +> | South Africa West | ecdsa-sha2-nistp384 | 01/31/2026 | `4XfJaEuZWJlIfVh4fHn7UU4kOYA00wQo9HA0ngFYxic=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBK2ek0MyrQfjRM6UERylxjO47fmo91Xk++b4yQhi4BpiWe/7LtYKaz3ggX7OJp2Gjug2Yq53FGyCirfyJYiR0Pck5QNEqSUtH0kpg7E/ULd4HUoJ88zYac4eDQoE5O8fKA==` | +> | South Africa West | rsa-sha2-256 | 01/31/2024 | `aMMzaNmXR+V1NrwLmovyvKwfbKQ6aAKYiA5n8ETYQmU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDGhe98UTnljsYaeJwtP3ABvT/hZP6Mp1r5beyJ2SWpdqZSZaKC+UQlWLu6WhLxLZ+5snB+YAlC56u4qOdDHLoid6vbAR/FPIcJlvQfcFJD88nihv9sq1kUX3JXrh0ZUrl2/Zj71aNlM/RL1OnXK/Pg2E+wu4EfnQTrzlWMhR8bxlQA0jH1zmfFN/6BTwP2if29TNlQkWuW3uq3rccY1GA6n0QtlucanPNRzsBtAzsH5/oFuB5R4sD/Msw0itvWuQP4e0y+Vdov1My/rjK19xLce6AhWmmhwkn5qxHdIy158C4cWnSkQvkYzPnwsi7KT9WRH7vfr8qD9zlA5mO+IDxJ` | +> | South Africa West | rsa-sha2-256 | 01/31/2026 | `pdygRGoDnYZwMvX3uxq02X9KIgrqWHBvkltuMpknXPA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDDDjYrrvYHkbn5zHGLiEv6DuzvK/1oKoRCxPPl35kFMhNAltRyACtvXBeeqxW7KYVLDu6pMSNvqtboaMcSIGxoEfjTsdQrBaZq8GWq7E9VIqXT9wOWLRUG5NnDbH4L47dLNuKQC4s/KBhUC3cF+yQGspK2v5wWHR2FwIhbB1otLcxkj0b2ufAe8FZiPxe/HoMXq36cJ+z/wgYwrB59ZGneJfNG9PVdmk8w+kHr6gqDCPOjU+SKcMNqqJ1PEk9B5b6om7RsInV3cKv6334+s4XYxh/+O3gP2qX9Bfsa7FVRhuGF3TLFJOQjCQ5nXjbFjofqpLnR6ReBdmqrj9aavdvx` | +> | South Africa West | rsa-sha2-512 | 01/31/2024 | `Uc7QB0fT4NGyBp34GCAt8G4j1ZBXh/3Wa2YRlILu818=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCijtmaOHIcXjI07fVugz1M33+amlOEqdqtVgOlLmFRKSehPW2+6iGpAjQVwzsYOx32Hp5O07xj/PhiFsbBBqZXGHmuSIOJYa7tQSFvwclO+JW/kuoELXQLwnHxUfPyq4tYoj83GSZ5k/KRlEtbmjEwcozMQVya/7MzulAeV4nN6PDxoLjXlfGEQU2ZCGz2neeisQEM8+hZNuEH+O9O03g7CW8bwiI1Y70/bnNq95xJ5F7lRpwtJNWlx+kmUiNpfXOUPxZAUsny7z1Ka5XKEB1fDP8E/jAtrSWrRPDJew8lFpQeWukwB5tf3F3bh1SuSKaSQqKBArnSpJizWxp0brZZ` | +> | South Africa West | rsa-sha2-512 | 01/31/2026 | `ojxv106v/Bu1Vkzi1Rp1dIgH66vthYrfAVL58OuYJ2o=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDKRZJEAOvsRRtNNHtloaHBkYpowhSbkUw2ldA4gLeSwScTbWk1vxUqlq5YbTtQRNomnvbMyTvgOItH28zALeooIreQVb4WhixabgI/kr9MY0eoSpK+Tmb6jbyLdNe3GEX6CcltaOpu/9+SvYmWUcet0AtuYo/lSNofEIjd5wFKCtddwXR+4fDHwOc19eXI0Ms1n9ZRtzxSMVf3ieXVnw+JrxC9iJLnHUiWYXNB+BZzVT3xYBFNIxqWAe9RneyP4fCzSL8CmUy/EWQ191kZhBnbBdyrxMJJ9ttb74NZRatSAh+KwlwUnaRu4SzMteLwXSdtQBirnzZyba2L86K1++HF` | +> | South Central US | ecdsa-sha2-nistp256 | 01/31/2024 | `Wg9hTlPmrRH9aC9lTSf8hGFqa85AnW3jqvSXjmHAdg4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJnEz4iwyq7aaBNKiABce+CsVIUfiw9Jw3pp6pGbL6cUaJs9mEVg1RMLHgPg2I+7XV0doisYhYb/XtufxzGCe94=` | +> | South Central US | ecdsa-sha2-nistp256 | 01/31/2026 | `3tB3bjGZghIljXt6ni3ZVBm2s8OyBi1LnsN2XQdWorw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNqW4dj8VbdJuw2hL2LSgU+Z9rIc1C3xD54bzL7+R2cplFQ0CCzvXlMk0lfHU7SFT8jikgvp/yZu2S5diUxA9Rw=` | +> | South Central US | ecdsa-sha2-nistp384 | 01/31/2024 | `rgRhPelmxAix6TBDahmGqXnKjdImdI3MnDPVc6qhF2o=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKXGKbWfVe18G9gbCxFQiBGkGYM9LktSPKkRI18WRQ50qyuxVRXRDoV+iIEJyCQTpuFTPprQ6glQYeF+ztEb4MZaXpVrcs1/Og191dcEtty3UWuJBCrv/t1kezlwBWKyXg==` | +> | South Central US | ecdsa-sha2-nistp384 | 01/31/2026 | `lUCcxfmejqKtJ5F/0KNyGGPOBCTjsARC76RwhwsIXE8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBOXYAeDTv4msUprW8sdbJKfJyUamYjzqw7Y22cmO7sqr+2kHAdGu8oB+geC7gpwLA9PEdZLNJZstAOFzkw5BERULmwb0/cQenJNRLeNk1HVXVGvPTAsm1RHMr2VI1ll3Sw==` | +> | South Central US | rsa-sha2-256 | 01/31/2024 | `n7P8NrxY8pWNSaNIh8tSZxi9rXi11g3JuzWZF93Ws4g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD4PgB8PxPPpGfvrIUGSiiDFIfkRk2/u1DmhcoGoIfW+/KR8KC2JA0kY4Yj+AceGnDUiBbSPz7lcmy2eGATfCCL6fC5swgJoDoYDJiJoaKACuVA0Nk2y0OeO58kS6qVHGX/XHzx8+IkfGdlhUUttcga7RNeppT5iqSz49q9x6Ly42yrV3DIAkOgh+f9SsMMfR6dQQmvWN3HYDOtiO2DvVN+ZenViQVcsynspF3z4ysk53ZYw5YcLhZu8JFw4u0F6QJAznR6TfNqIlhSjR1ub8DiHvIwrmDNf8TgG5kPVGhIcibYPf+y0B0M8nr9OKCxZzUTlXX4Xcnx+VOQ1e1qGHvV` | +> | South Central US | rsa-sha2-256 | 01/31/2026 | `3RetSIyPW4H3vczS8LcAfdVLTnnD+MATFZx0fs9vtnI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC6LnHbAg+pkIxYoEI/UIhC3ko98md1tB/moOLAOGEuZJ90V0DLuqSmp9txhA1/wVk0mepqjsOxtCui42+1iUk7T9ugH8LIFzpqEaBfRlTtjDfmgLcib7ufFBnbIYivdwMcuJtPYJCqtnmjNyehYOHuXbHjeHAeiGGJx4B7kiocYBZELvnIiJuD5hxXcc/t0mWXOI45qGM5eF2MgDiKDkvVdnUWXzHUCUM//OfiCYDZjm3TPRroDqoEJPuyIh1ltZoM6MMqUqhxViAghyDi+N9bh60fHVwbw6W9dZNBIotAruoN06+Z+aizHFTKElIoSopVkkKjXCPVBAwWIaw2kjDd` | +> | South Central US | rsa-sha2-512 | 01/31/2024 | `B2oOtHpXzwezblrKxGcNBc3QJLQG/TiVgOjnmNorqkA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC+LJA8W3BcwITzJv6CAkx/0HBPdy3LjKPK2NQgV9mxSMw8mhz4Ere59u2vRsVFcdW6iAeGrH66VF6mJSCgUKiYnyZAfTp1O6p6DnUg4tktMQFo4BEwSz1S5SGDuRhpWvoKjzvljESf/vZBqgms7nMRWe3MGuvlUWBqB+2CnJ7bxhvGQCdBTQeoPO9EZKYKi/fPlcxBmLFGcZnRRpB6nu/Cxhhj1aHLJdjqCd+4ahtjBHeFrPxeQv9gTJ1B+EipJZu7WgPZOTI8iZaIcnCbhuGOy0iOFXeuexC9/ptHDW9UEgKVLyZ4UIPJkSLFVgW5NRujWyZ/thc5+EfHY9Db3UAl` | +> | South Central US | rsa-sha2-512 | 01/31/2026 | `cQiVt8IzioXXFsxFZUCC1dGG/i2L6+uWgTxnEXI+ya0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDESCWljL0fUj9B5Bvb6kZCqvnOll5UHe2s0Z5rk/9kIOXACIcQ83SdeP/4jqllBFW+XmEp1hlR81BXlxCGYe2mpHWSI0Y2NH8HvUwvuRPX0wsOqNa6HcA27mefmTa+UahJfKRQe/0op/ydPAZ+JbTquEbUHOpnVr2eLmWEfQBGL5HfYdB1SF1ZBgN3Sb+v7SEKR5NYNBUuhMMyV5nK/1thkATxSc9RCvZp8fy5/EXoZshbnvSQ/zH5Y2ct9LCDLuXOx1DJxvCUNX24W8jTELwLqCNigZ21pA6Y0PUSGLWpBSerrBo18AGHh/b6wchuBspYGCuoGu+Me+ZRIu8O0HRJ` | +> | South India | ecdsa-sha2-nistp256 | 01/31/2024 | `7PQhzR5S6sEFYkn2s3GxK6k8bwHgAy0000zb07YvI44=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLgZw/ouE23XQnzO8bBPSCJp/KR+N/xfuJS5QtWU/PzlNLmSYS20b65GRP6ThwZdaigMhwHOEc8twpJ7aA7LBu0=` | +> | South India | ecdsa-sha2-nistp256 | 01/31/2026 | `7jiSfTGnIW0hqUqb/FPYtnriWukXLwTtp8qzMbZBG7k=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJBiyXxWm42lrf8j1/AcTOcpTjADDrckVLQOyM2VY0TNi01Mev+bOm5C3L5MFq1RB049AbponZwkNibyhq25me8=` | +> | South India | ecdsa-sha2-nistp384 | 01/31/2024 | `sXR2nhTTNof58ne5K+Xjm9Pu8miEbKJn4Bo9NYoqQs4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLwbzUI8q9f5YTLIs6ddRTPlHdb35xrbsJeOQII/nEXhlNjzpdL9XnDJjQunQL2vg6XND1pfp3TNBJ9LF3mud442LbpwSt9B7EZD8tQ5u0+2NeNjn8JnCu6/tdvS+xoNiA==` | +> | South India | ecdsa-sha2-nistp384 | 01/31/2026 | `rAy6sokWeYmursG9QRpffxof6p7MAoaxgi5WLvlShzc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAG0ZERy7D4X3KwanylXKnaKHs6Sj1mrAYKV7bEkvApUOk0Bxa8IXr43/UEN0G6fwMc9TLKPl1Q3c7Vp+PcEpKEB8MT5vMTLZM4oQjBPcrXuaWJ/HZb3Q1yObngMtbT6uw==` | +> | South India | rsa-sha2-256 | 01/31/2024 | `5gFLJvQvQodZxKBi3DnGywpf9dliWguiMTqcgkTmtu8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDlxVnaYnmg1cK+g/PI1jB1fgQQJiX39ZmfBss3mSW3kUxP3KWhm7lHBTkrbnfhVHnGpP6GcGFy09YBQa6UiyVpD8p8APtx0j9Jp8m3yhhgqOIjup0C7crl49NqMVryOZmCLOvA7KTyTxxV37GpRI+ffqQ8LOO+anWVWVaJlVCYBMct/OVhA7ePXblcbJg5eu5JjUiWW+cPdVqAqWojNHZzzprCFEBTCvYaZtzBx4kFGiipPmJSN6yvBPEfnA7Lzr/T9iXV/XkmI1txuJRBasoQMt+4jCZG25sCCN8y4iuUJCioUELr//TWaDyTsQAR4MbRW+L/GSIM9VUY4Uc+Impp` | +> | South India | rsa-sha2-256 | 01/31/2026 | `ICVQTm1JPosrx78nPlaWgY0chlk7hIIdJddWAixH5is=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC1BCEpP8RbIYogWsgCEc7w9qkfdoTdVY+gdSYykIIL2qAw018POKZCztD5obn5Kgj3qkbWy7G9RH77Bmz6O1kgbAjReJw/r/NDRW3cb24K6dLem5aWQTTmUu9zk1W3hj7pdFOjXaju485O2G1YAyscE8Awc6mRwI9LJmm6eEBhfsFAKMEPf+TsZ/uxpqoMVk/2XP7GHe8zA2/X83F0wK8OBAW7ImjBEEx8peBY6Dh5LMD+HK//HdRKf+5MkQUGHxRfiWh0l0VItjVsD0tZ4ebyLAgzah0MtsqSj7DRb+HzIOMi/CoL7gPRixxcAPyUb/OO/301m0j0+aHahH5TN/8x` | +> | South India | rsa-sha2-512 | 01/31/2024 | `T4mrHCEHbFNAQSng//m0Viu/hXfi11JMnyA0PqAuTtg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCz9tQa7D4dyrULCLH75yKwH27AQMRNWFUqgUQQXYHR1MYegLf7JEmFn126bxgEHPRO0bNwBM9S626Gcr1R1uDI/luL6uvG0Q57k+Pmv7HNQtv12J3fAuxuhSPcppE5IE5QR94Qgd1RzGXv954TK1Z+kCXHyLA583XTQ4btOEwqUo/16tSCqaoTSdyNp17q8BrOCPaTWMqT774lSGELIDc6RaGKHRu/Qa+F5FRMswdZt5YJDEKtlKdvbyIiSfIP2GZGhWBiSW2D6xpnzSjstR3LfRfFek/ryGkDPu5c5HNaVJwc1fatP6ggAbhVCcyDgWiCCpEBICV2wnPpGfDUdbRh` | +> | South India | rsa-sha2-512 | 01/31/2026 | `ZhFwP+ZtMreoId+Hv8bje290LD9Zq3fLVLnbiIZ2gho=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDTIseic5715ZZm+KtkY2Rjre8E4jSuQKmCTwXhLB0psfOfPRMvZj+sMRdscEyMdathN0Lhte5jiHIVJFplDi0KbA/2PLNDh1kghiJLJUzaC0UHzOOiUgP394iDJhWgYMehdjGvcxE1+JDVtE63na6wKpXvl34lNBAaZ9Mk2lLbWe9iWvM8NZGP9oDqfVNc7+Sin5HfA8aksS8b0SwxdOLFox/4vTF2c9c5O0bhUKOQMYcY+OXMgYuPMpiA+A0GxwbPtFLZdmC2T5ufI2dO+EC0ixG0YXpi8jwgTauiTyf9aqVbdPmB06YQCGaMqLsQ7Qw6/M1oIVU/eckHj1L8IaKR` | +> | Southeast Asia | ecdsa-sha2-nistp256 | 01/31/2024 | `q7OsE02p9SZ6E63b+Mxri1wbI5WfkdWcIJgAP2+WTg8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEbvjkwSA0RQuT2nQf8ABKc21s/kcC/7I5431oNEwQPZQ8S18RAKktv6ti19Ju8op6NOZZ3Up9lOn3iybxHgy+s=` | +> | Southeast Asia | ecdsa-sha2-nistp256 | 01/31/2026 | `1KqLiMUAewB07jisgpX8wsiu9inheicc/vcvCamDupI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKt5joKBVS7qZwmxQfCxzVy1byjEUSGuaSGsqg/ijVOwPY1qKTe09C5c4VfLZs3c1RBNm63o6Nt8peMJaqjCzlI=` | +> | Southeast Asia | ecdsa-sha2-nistp384 | 01/31/2024 | `HpneuSwbRG7eiqHGEAkSXF0HtjvccoT3OIgeQbPDzoE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMGAMUN+0oyuXuf6rkS+eopeoISA2US3UrgAovMwoqAeYSPoHKy9n/WKczsHPy/G+FKsXM4VlMHtNhEAxYwjtueF0Sb2GRZFzngeXMfVZPVL5Twph/pT6ZJnUD8iloW0Mw==` | +> | Southeast Asia | ecdsa-sha2-nistp384 | 01/31/2026 | `R3xeWj9DkW/6Dwxv3eMyraHhhZfoeQ1TODsts2gdM3s=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJBVL9OHUHPAQLDpUZk1cY6OAvATvWr834g83bx40mEHJfxALy1f/EnT5Ihw6r1YDlY4vfUBbm+KZz3MjOiHx4CNHCZc6qRGOUxGd2vWC3yVG5xkEIt3MaxnzDAyP2I4Ig==` | +> | Southeast Asia | rsa-sha2-256 | 01/31/2024 | `f0cyRMVxUgtpsa9J6pwAMysk2MY/sybo5ioPjhy9LZk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDWPK6PAGMTdzNkwKZt+A3Dhbnete6jyLLboOXWdv/QdhvjR2pNCMhGuWUxadaiLUxzZM7IvugSLGexQlZi5aCJ06DpaVYqZk/Q8l+QUydp9TfNg/kP+0OJXCJ6XdsVggboDIfrEN8ku4nfasD4QTo2tnmqZhmbIDUr38SP16PsH2bQAi2lZKg4DfWgnSFyj5sbMSDLljBEY6JQkLGiPcbqlYEN4kjB5mudE9c/ts6Jn1fhizBwJY/pE3kOydq8dCMXYFMZ6NafPacCi7Pe5zcTKfi/daioVlSXQhWK3jNzCVENonF2xWSPH+1T5F2IOV0wb0HL2l8d02x5Bw2Su4aF` | +> | Southeast Asia | rsa-sha2-256 | 01/31/2026 | `tHnkpkRSu9sLkbs3aUQcKYFKAnxRz0b9N8byIPvFjzw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDgvpfP6qoRNZ8FOuauaSDONsbEv4PE6T6EUMZOrCq2gLL64uan9reaYD1c1i52gD1Xyva8SOq4AYMEoCpBuDyVm9PsseuNXXDBH+I1NiKyid+E9UmANYS5a4cV5Eg1fIVyEOl9qDdMLQMXyAhPr1X7ol0/XDZ/CG1fclCKje3oIwLvlKXE/ZLylyKBGr1Kf6vqKVlbIXqhZ25jZ+iMU1w8YDyV5DpZBJFFNT2hitLPj4dKqy1QXkGT6VqZ0T8+q7hwBkS1tU/Ah84ddSuIpaHb4PPQiEtrw/GCTu625QHxAgabE6kuwCuCVRR0vBGss0xFdoJqIMSeivTq/t5DnDHx` | +> | Southeast Asia | rsa-sha2-512 | 01/31/2024 | `vh8Uh40NCD3iHVh5KEcURUZrT3hictlF9pMDEoK5Rxk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCdL+E/W2RpmJiWMRg5EtMs0AE7BF2Qb5jnXXaIbwqr5/BGuUPLm43eVJJt5R0BmEJe2lYfYLAzinC9MhsxKSTHIt5u8QleyIAxI759M3DWZwFSKngjsHFRe/SvZOzc7gvtR7osdnVaXCTXY5NccLT34gDybEbjlmp+SEvSZZmXyy2wmUR3O022euBifKN0t9Tk1mkLYhbfRySQi0ZADWazjd7loM9ZHArVe8y9oDrs7QYX4eHIVRbgtsBbkR3g9zP3VWVMERFyi6cU0Dyvue8DCx9YzNsdmKjkB2dvYTMVcUkad81pbO81jpLb1wL25WPHIPHqTOLZhdn9JxLn245Z` | +> | Southeast Asia | rsa-sha2-512 | 01/31/2026 | `PORwL5d763G7hlwniaxxWV2GnWBwiwvFoCof1ko/I0k=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDBsqpGatUt090vKyIFszT/yKjAkiB7JJ7S+6iHKn/t346XsnDGawWTJGnB7HypYGN5l6SniBlo/+z643xXiM2Z+l12XThuyB3mBRMuVzhaHL2PeJre+W0Usrqm6BkhRFy9x2fbgQjjtC+axGSXR1vfdYX7wELasmM/cxCbBk2o3kogx2WKPm7WMxHPw0yIr+QvDQX2zuNrtpq7GOeih5K6bGCFauB4f8+qEy4LTJC2tJJqposHqtF91O0HO+X3Ek6N2ktkexsmyibyO7QCDUrWZfeXZkPKHyDgk0U8NXEendG8xxGmAEdLh7177iq1BICYqE7MrI1DrnXEn/6/hT4l` | +> | Sweden Central | ecdsa-sha2-nistp256 | 01/31/2024 | `6HikgYBMSL9VguDq9bmwRaVXdOIUKEQUf4hlOjfvv6I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBErZhZNNmDhMKbSUXLB1VcTmR7pXcXWAqfFpdI81OP1FeCxBtpRNpIeWMyVoP3FeO3yWcODLm/ZkK7BICFpjleo=` | +> | Sweden Central | ecdsa-sha2-nistp256 | 01/31/2026 | `xDz64cW31AuzMVItTp3uUcaBXsr1XHTyfebMvYL45AQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGA+cgwzZYKp/Y/kjwdKGWUmZN7wtzDettBJ4G1GfdVSUCvDuHbvdd2TAGOkHrKLtYH8GOzTlDxiZDr/fU2UhXE=` | +> | Sweden Central | ecdsa-sha2-nistp384 | 01/31/2024 | `apRb96GLQ3LZ3E+rt2dyr9imMFDXYbaZERiireEO6ks=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKA5kwsqDKzZWmQCjIFBBjZun3rjg62pv8BOULwvwImaPvMFuR2OipExQZIyKSbR7wS9HA4/QKVA5rLRrSGpYvOBG438/7fwVZy5rOj3GXq6X7Havr1ExRXwsw5rJ56acA==` | +> | Sweden Central | ecdsa-sha2-nistp384 | 01/31/2026 | `N2hag9eHkJ2bNWMXAVEN9i+nuQtmdXgEcnOVGBltoNI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJ5jrcbfIGsC3O38klFCtG8pdqRKfnScEZaTDZLC7QCSbxzHtr3AIiAESerQlsH9mixFZCoEUrqK4ThG5X4x72BQLqR3Y2ybVdN2Dk9y0CWbBS0nwPsqvoRo3E5TN+Wovg==` | +> | Sweden Central | rsa-sha2-256 | 01/31/2024 | `feu0rEf3KhvHGfhxEjcuFcPtIl+f0ZVzOMXyxy+f8f4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOimUzZHr0DxrjdWEPQqkrBudLW2P2dvPE9DoaXSNbehU13bxzsF6lzO65JBPh9rlNwwyt2yWtrR4XI0Qh/QSXmBntefOeH6BZVrN06aHrsd1dQBr4UFT5chCwy6Keu0ARW3fY8kO9lycTmMIeoiaYahicxyRRC8WLs0cSCH8tO0dA2aoaMxafBWqR6D5dNzu00rIcsCxvyjtN3Y8C4fw3YnNvPB/qWHdZ4aNcu7sQMRhCYVNPqX9UNGeXkbw8gHf9uL9dFu1c+P+VFIEs5bIecgT5HiGvtuXsWRdtEcM1v3mrRnNdmeWWQIqXzLrs5svipMIbnYXekhhLYHIlVo4d` | +> | Sweden Central | rsa-sha2-256 | 01/31/2026 | `bUYNGSyu33/3FP/umDeNOjMyyWTH7cS9SN+uNEZAxFM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCiMXkqHOU3fEwKm+vTmV62p/Uougg69HEZGnywRuTjvSVgPOB++q6zPinJGox20fvK0Rbh1hlXw2uXKqv6pgsa/54Cey/IDa0V68+aSdKvT29WNynFw0s4Ba52t5S/GsbwzNxV1pxrXNuv+d9874GrPiOSysPLGJGO6qMZEETzkewhgY0Vx4iSZTclJJvWozfVX+o0NL09c5iTOl6WaHptAMnaQpuuZey1DFTOzLZjYvsXrJtBuSlR2aPfUDxZXZ9IHbaG1/XoDHaK9OLujauXubVWdiPCn2JAHyRn8RHeaQBMXKEIYBjHEdEqnqu2x3x/xgLtcMHvZNtMbSUYa2gp` | +> | Sweden Central | rsa-sha2-512 | 01/31/2024 | `5fx+Ic5p/MMR6TZvjj2yrb4HMHwc1TgM4x1xQw4aD3Y=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC2nRaxWTg4KGLClTZLQ5QgPZPyQ/XYbH4prjhg1uK7m/JKlmJw5LjmIUVKnlXS38qTKpWpJZyGU/eBCa5FPQODvoAXfNncgtIQxd7j00P8aO2tho+uIxSgiTCte8sgrAyx22uIJlORJn2x1cBFBJrlgQDJOKEAs9IakMNdLvlfjJV405gk7pstF4eeIANRWC3eOTrMs0O1gCTt2rnWR5BNQJu8swj9FEWreNQ3PvUliM6Ig6u8b+4d8ryYGuzh5+E8wy/aNxlowkoCI4D/+dBnH43pSYyjhrVx966JMlrJZjDmbgtygkJI+FoEEfBoFlrpIGfisqIX41Np9ZRre4Ux` | +> | Sweden Central | rsa-sha2-512 | 01/31/2026 | `S1u9eFkDBfG+Pi6EwEuXcjHaTKFj5OS5DoDlKMQQgeA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDInv9tOMOI0vEIHPDGgVAjNc6bndxrRCtHoScAiWNdgzUZvsilkiSLyoeQxrZ43yOIazCjjdDCffsGFchCParJeHtAibjuAU9mxPzJ/Bf423TUXpZ1Ue3jzNSGIwDSGT7Zx6FzI7ogAjoksTgbV6xPBs4eNhliYVTpXic7KWrnjIWz78IB0SgXs7QugVufsp0ujOqJAnIJg8WVLidQ7SZb60AeGQZD2WFrSGNBiMVJhv99krHRQav8L1aS9mGG0qJlopbEeaJLrAmuWX8vih2HVERSnZKBHK07L033NzEqKMINKdHsx9i7jjnhbawqVnVcIkFrbt5HsAOMPV5NJnB5` | +> | Sweden South | ecdsa-sha2-nistp256 | 01/31/2024 | `8C148yiGdrJCGF6HpDzINhGkB5AAyWDqkauJClRqCZs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEREKXJT7obM0RXGFrUPmJOoEpJD8T+QT29UEt3/jZrUzVzqXLV/9+VK0xqv1suljhUoUoClBdKqx5E/Sv1kSV4=` | +> | Sweden South | ecdsa-sha2-nistp256 | 01/31/2026 | `CFONQqzubENS+SkpKNt07pdZH4SQFBpSJBzl35MxCDI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDKUwlETDPLRZFPiecD8Ik+RS3gCySkM7xk5ntfBQ3QeKJ6dXZQK3OciXfLaBcX3Nh6kaMvF/lHP2Dxo40aj9oU=` | +> | Sweden South | ecdsa-sha2-nistp384 | 01/31/2024 | `ra8+vb8aSkTBsO0KAxDrl2lN9p41BxymtRU6Seby83M=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIMby6y3wzWnzE304DjregQcSqKTsoMx2vPGk7OlBtjFKoubZlBRQH4jQrtPbJv/Hpf8f+D0JmvPe5G75yZFG1BcP5eB4aonAr0NNCw+3sCb50JVpoT4yoT787KKYf+5qg==` | +> | Sweden South | ecdsa-sha2-nistp384 | 01/31/2026 | `P63Jg3B8b/U+t8MjBWJjkeu0i9a1wB/ua4qSesCfIms=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBXXSBA7P4mqOkXjec9XDJcOk+qS/pEIiAp2KRbHEZGGf0m4NzBGGZyzxSqSDzV4GGIgCvoFTKtYuEt+D5WGpoCmyslD1lSM+GAnLpwbJBnT/Uh8F/uiWuAdmT7RhyMqdg==` | +> | Sweden South | rsa-sha2-256 | 01/31/2024 | `kS1NUherycqJAYe8KZi8AnqIQ9UdDbpoEpcdHlZ702g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDJ+Imy6VuOvZsel9SCoMmej4kFvP8MDgDY9EdgfkgpjEfOSk+vmXBMCFtthI7sHRggkuXQE5v6OkOPwuWuVWjAWmclfFIz+TTNE5dUUY6L+UMipDEcwFxtufnY3AW0v2MW5lOFHWbx3w7605yb2AFQuZjvngkjdelhDpVpX9a0XdPa7zUYBwXdxWeteH+i4ZJ62sjlBGzYRjFhK/y1rUKR3BVR5xtP9ofzqE1n/TRLpViU8iy4bpsQntTWa71xVoTFtE29h3ESw4QG2lRCwk7NIf8efyNdR25+YpVGIysAxXG2smGAi2W/YXUjteCE7k3IU+ehHJdWKB3spUBSoF/V` | +> | Sweden South | rsa-sha2-256 | 01/31/2026 | `jDAz2Lzm0DVWZUuijXfWc1pr7GWKY0Pj8VD/DDSxa5k=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDXFtDF2qY06eUHr2SSo8S6UFZ2X++ZCLn5d8P0q9S23k9bdwx1whNAAu2uqDEr2q4db+bKISHWlahb3dGDhi0FvXsOGTPWrWjjQ13IqyZR+vV/tKkz5ZZ/LKOgSMpNO/phJfToKqk0cF35Ai9L+Gg/vmnTzbaYmLBj0tKKq3d/DN2JX6Fb01mHedHvGLqaJryJX334ZR4QyiLn2Sr0Q9mTtqZibkl50dxYyJSXsHi/W8Sy/cPEpG2z7p/iUwnOzz0yXPR/EMkWwuU2RDWJDCNt4bXKRE6Ox1kbrF` | +> | Sweden South | rsa-sha2-512 | 01/31/2024 | `G+oX014UJXR0t1xHrCi715XuoHBkBxJMdH8hmVMilJc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDCa5Ny0EUd8yLOgzczm6Zge+D39VY7hpG+et2ln0i/HdYLd1aijEiF/0RDgnJYxZM4RhPZHxrVZXJXLsLa2T+ud+cqifvsjudsUSCzWNY3pHAwKBTSuu8Po+TrJXx8b+ogg+EhTh1BZQzIVQbtLwqRFJ3beLtvhp+V1pPWOoXRiN6Rq+x6ciT37jOdp033rbEM3AtzWdRBvRxUiVxKoRXcDYwAAIb3joaZ26p69Vj7HpD0HAf7w9f70zIwIzqrW4RcHcP+RbDVzNukK8gWP66OgSKrAQgRmibS6SEJx4kgkaghiQfm1k1bXkTnlKlz956DHkTkpMQe21/eW1Prs+q1` | +> | Sweden South | rsa-sha2-512 | 01/31/2026 | `anZywk1gGkJMWIN6REl6n2o+1gvpXzJ1tuqpCBi3eGM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDIld4L9tOAD8hutLCAQj5yhFN+01CDMlzAiGfDPZbcJ7Wewm+vSQkz8CDgqLxL6nS5PtCiDIdi66Ogluvh8vURfOOCMOd0FVzVblJnrvHAMp7gBqbSP94obGLNVlvQGMNrKSTr+PMXQ/acRaGgpw66sMx4s+mgkpym12jhHqQHTU2GUf1OQOUz8x6kr8iUr8gxM7u2kdb4JjMBqjp6MjRsC1MErDhP39tgsqa2YuZ1LWHsEApeuiA6OLFeGdt8mCnNqvs7oZSnZ0KgO2EgGYv7SJp/yaWVXV+M7HIKs6/re6KmrFQmLpsSPFaY7KuUE8rBsgwBNlW5anzX+8bZ7BEd` | +> | Switzerland North | ecdsa-sha2-nistp256 | 01/31/2024 | `DfyPsw04f2rU6PXeLx8iVRu+hrtSLushETT3zs5Dq7U=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJICveabT6GPfbyaCSeU7D553Q4Rr/IgGjTMC8vMCIUJKUzazeCeS3q46mXL2kwnBLIge9wTzzvP7JSWf+I2Fis=` | +> | Switzerland North | ecdsa-sha2-nistp256 | 01/31/2026 | `0pZsKdD8Mt2Ycp8eZQP3V7jE/KcVg0G9SHtKB9ZYtp4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMhtGLo1R2YN4YI0+cG7+lkfhsHiOohzccGbvAJL8GDsSQkGT37nv6v0UXwBOK05RqqYbXClQmVlzmeNEj6PlFQ=` | +> | Switzerland North | ecdsa-sha2-nistp384 | 01/31/2024 | `Rw0TLDVU4PqsXbOunR2BZcn2/wqFty6rCgWN4cCD/1Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLLhGaEyHYvfVU05lmKV4Rnrl9YiuSSOCXjUaJjJJRhe5ZXbDMHeiC67CAWW3mm/+c5i1hoob/8pHg7vmeC+ve+Ztu/ww12JsC4qy/CG8qIIQvlnDDqnfmOgr0Svw3/Izw==` | +> | Switzerland North | ecdsa-sha2-nistp384 | 01/31/2026 | `ooXk/r73YrYkElA/yhZktLu+jqjQ1h/Ph1QJGCl8Wwk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGpDYh+kklKbttOEbLJcoclTpIbfybZH20LFSx98stuDwxl02ZMZ5kUR99icKv1a4rLVHE6jhMK7uOA9dpYUob7VOEb+BBNy7zCeEzY9gW6gYLbLx8KHsGVyYJOu0khvkw==` | +> | Switzerland North | rsa-sha2-256 | 01/31/2024 | `4cXg5pca9HCvAxDMrE7GdwvUZl5RlaivApaqz8gl7vs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCqqSS6hVSmykLqNCqZntOao0QSS1xG89BiwNaR7uQvz7Y2H+gJiXhgot6wtc4/A5743t7svXZqsCBGPvkpK05JMNZDUy0UTwQ1eI9WAcgFAHqzmazKT1B5/aK0P5IMcK00dVap4jTwxaoQbtc973E5XAiUW1ZRt6YComeoZB6cFVX28MaE6auWOPdEaSg8SlcmWyw73Q9X5SsJkDTW5543tzjJI5hnH03LAvPIs8pIvqxntsKPEeWnyIMHWtc5Vpg8LB7CnAr4C86++hxt3mws7+AOtcjfUu2LmLzG1A34B1yEa/wLqJCz7jWV/Wm21KlTp1VdBk+4qFoVfy2IFeX9` | +> | Switzerland North | rsa-sha2-256 | 01/31/2026 | `UJCUXnlP5GE7WdONurCmOsBT2dX4EvoNglb0SkNUGVc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDfokyfs8exkQ6lwYhndILtNfJzSgENTP15rxcJ7GUi+GtcwtCrg1SobyH/t2pAkc5NnLn/nc6CZO97+XGsDrNI/A9uyo2FzbUtbMc6orqyjBfmaOb5haoMrkOJ/HzcUBAzRfQgJyGZsjyvPAiG1xpRf7dFjKJ18D38FpJk7jpZTdEBdeMkFpvi509ASrn+htnOLLSkIDOJRinnMapp+g4dOa99+rQgmfOb0U/8FUuS68cBetbwbdRrQhxqwQleZ0F9wJM66slb4R3dXKr9uPZy5nNxXnxTicfZTgEUdcBxs0PfNVzJ9NS408aRftnxmBpE8vHO20fJpKW+VbAkkHfF` | +> | Switzerland North | rsa-sha2-512 | 01/31/2024 | `E63lmwPWd5a6K3wJLj4ksx0wPab1lqle2a4kwjXuR4c=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCtSlbkDdzwqHy2C/pAteV2mrkZFpJHAlL05iOrJSFk0dhq8iwsmOmQiF9Xwth6T1n3NVVncAodIN2MyHR7pQTUJu1dmHcikG/JU6wGPVN8law0+3f9aClbqWRV5tdOx1vWQP3uPrppYlT90bWbD0IBmmHnxPJXsXm+7tI1n+P1/bKewG7FvU1yF+gqOXyTXrdb3sEZOD6IYW/PusR44mDl/rV5dFilBvmluHY5155hk1O2HBOWlCiDGBdEIOmB73waUQabqBCicAWfyloGZqB1n8Eay6FksLtRSAUcCSyBSnA81phYdLiLBd9UmiVKPC7gvdBWPztWB+2MeLsXtim9` | +> | Switzerland North | rsa-sha2-512 | 01/31/2026 | `xqR6ZvYjMlFYY7lQWQSe+jVasTn/Z1dj1YZ1VVilPCo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDI1WEVac58t60BTau8gagXm18Wsqdw58Qj9YIJ5FiREJVgNu77S94bdp8uDiHD5pcucMtf1piaExEhNj5cJccbz7ZsXyKpp3ElZIxQFofGKwwLbgeyAuNenufnGd+1deN3ubVFbcuV8Fzw8XlQUJt/2mFzWj+c9F4619XheailZGKnRdj+8vEaoAHlUGy0xeTqr09vDwNJrkJHksCdRK2+vu7OOGTY684oi1zEKXVZeMIuu0Aowk4Z8Uh+7emfq2MRCr+sjZreMdxcSbGqQAeIHGJQLtdnf89pEm6UrXDyzmQSD8WGlHkivICPGctKhNPsrgcC3oCMSD5vQUD/AECh` | +> | Switzerland West | ecdsa-sha2-nistp256 | 01/31/2024 | `5MyZiuHQIMDh/+QEnbr3Zm6/HnsLpYT2GXetsWD6M8Q=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEj5nXHEjkVlLcf9R9fPQw9k2QGyUUP6NrFRj1gbxKzwHsgG2YKWDdOJiyguiro0xV9+JRdW3VC49/psIYUFDPA=` | +> | Switzerland West | ecdsa-sha2-nistp256 | 01/31/2026 | `SrAdmOe1SSj0aFzfwLaLgRdqhkqk44Q3ffJ8Qv7dunI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAi1QaagaxBduq+yLgr68/MIwaYmaFzV84v5PyZfNP/MM3d2xCnY4w3FFxte1Np97D6f+J9bzufxzCxU/CVKZbg=` | +> | Switzerland West | ecdsa-sha2-nistp384 | 01/31/2024 | `nS9RIUnm5ULmNIG+d7qSeIl/kNzuJxAX9/PcwfCxcB0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBB/Ps4Wp15xhNenavSHZijwVXdZcvhzVq8IcfHR3+Gz3tKLed36OdHRTdWpvjrg0mENw4L1mEZnHnDx96WMtA+FfagGWXMVMMfcyM4riIedemHsz45KAR2suqcdkNHfdVA==` | +> | Switzerland West | ecdsa-sha2-nistp384 | 01/31/2026 | `3c8hd5migbtN7TxKAAcCvHZ0s/sB33vs9KZcUODIr/I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAcy8+3i9w8SPJfdqyxXrt4OuuQMkY9wUN1V1F9yDDt3HhOfZOUj5AHMnwRqC8qwkiC2QqQyx2JqugInqjxDEmTtE9x+Soaye38a/u7WjHIfr3gM5NvqnPy7sQ1ZlTdLAw==` | +> | Switzerland West | rsa-sha2-256 | 01/31/2024 | `yoVjbjB+U4Cp/ZpMgKKuji9T2pIFtdeXnJudyeNvPs0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDFl9NO3CJyKTdYxDIgCjygwIxlT1ppJQm/ykv2zDz6C7mjweiuuwhVM3LRua3WyP5mbgl3qYm+PHlA7UyIMY5jtsg7GaSfhiBSGZAdfgfDgOp3qRkgyep84P69SLb2b0hwgsPVkx8eWLDDVbOEdQLLx7TVndyxtdw+X4bZs6UdEcLMvLUWl7v3SoD5oiuJN6vOJPQl0VBeEaK/uhujjFgnlEu7/31rYEKQ8vQBbx22a4kIyBtUSAGo/VfKGRWF9oXL7Umh2xHAPwNbGwP+DdCKUY27wWG7Qe18O+QS9AOu0yL4+MRIHZg8ODLQsk0Hp3q8Iw2JjohSkk4lcjHYgb69` | +> | Switzerland West | rsa-sha2-256 | 01/31/2026 | `7ND7kGDrt9lN5QLEOCrZuRPh8QiKNaO3Up2yCU+8Q/I=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCiAmb+xePomfMqT6MLZxoPMxUL8dyXuF6JgF6QI0NC05tEilsv7og35mgLlDug+/QrAQVrNq9uFdVWA4YZgQXc8dY+QKHcv4PoDUnYKkRQLij1n9GttQPnAf+MOTrN4Ws07zeiespjsgjfpOz3LFS6GF8H/3qVWcFgAyiJqmV53dDvtFMQMYrek6scuVxOwZ2HP2U6KXjuBe+Xa8uifoLkLtxFcNivDxuDoMnch0d149HtMOwr98IjHCDbizUGvPObKQL9YLsFvk7IY11JB2jdX+I2So9bfOLvR64vC4NqXuI39VJUBQy4/devmY1+43GWqXCQ6YCIPjZJ1OM/kAoN` | +> | Switzerland West | rsa-sha2-512 | 01/31/2024 | `UgWxFaVY0YYMiNQ82Wt3D1LDg3xta1DfRUUKWjZYllk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC6svukqfg7147raZZrA1bZFOO/EDFgi+WRsxoOfH/EEWGmZ89QQ5m855TpsTPZ5ZARQD9kxrYEtqefcSPuWgth4Ze5PNVwRfAwedsSfnYwHZqHRlRM54bOQ6Img7T292ERl4KNJUI7SLyF+kKB7eXqp5nMBrTZ4rSHXoeibv2yZAph0cyf4V/NnfRj6KZSf6YDs0LW1VuovWAC6S7mpBjwtabBmd1gIiJleWhB7Jj48yiyh0m7L9oIoR4NRiuFC535JwqCYhrgFwujuk6iIR9ScRdayEr6gVcv6tBms3MyR16ytA/MHRxYHfPKb1kHUrpFjDQZZZswoDJDnhQGOm8Z` | +> | Switzerland West | rsa-sha2-512 | 01/31/2026 | `5vdBLwM+FAi6sDgIA9/k6uBRA8/XiMpD23sgxfHIILE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDBwwQq9f6JcSO8+03rBQlSswX4M5ZtoIdHvdPkSeUFm2hyZaDR4oEyI93ZupPDF6T7kq9z7WrjbrmgN8KmNP09fw3I9K750CETUSvB4tUgRNF0v9I15fdvvrTG28pQaxhYGcE7+WIOMvLpHmYQdLtgK5tmSPmivPJ8BkgVCMm+YDEJ8dWIx3sQUgk1Yn5LcBhPgmamQQZPbeOOL35MZVexKsePY2TzpQzSL3mWAxKvCzNY/lBogqPnOnoeziUYO0YXdnJTpPuCqt8odfapomRN8AGAt3uWANG/lxRYanFF1b7K8Z2ktjc9up9cx84WisD9f4FD3UTn2nlnxOYw3pj5` | +> | UAE Central | ecdsa-sha2-nistp256 | 01/31/2024 | `P3KxgoZgjHHxid66gbkRETjPsHUsNiPt5/TFU0Kby6I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOvHAXCWC9HGJnr5SRW8I1zZWsyHIczEdPpzmafrU8drYmhpRxlD6HlKnY7iXqfq8bOIK063tpVOsPbrVevAKPs=` | +> | UAE Central | ecdsa-sha2-nistp256 | 01/31/2026 | `eLseSgVB/Uy8v71xNcS1RTPs3Dalv/NP94UqWiXArmg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNZ7GKKOuBg1epk1QSkoewctpPA9cJXwnEtHW6SOyJvXxdim3QhGDe35m8S2hXQftBAHKfvs234t10fWGHL75ls=` | +> | UAE Central | ecdsa-sha2-nistp384 | 01/31/2024 | `E+jKxd6hnfVIXPQYreABXpZB7tppZnWUxAelvEDh874=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMDLyroqceuIpmDQk/gvHHzFup7NZbyzjXMdGrkDvZDE2H+6XTthCGSVNVmwqdyHE4yGw88jgW1TfWTAZxCxTfXD+xF72iYyBAsejgiyYY/0x9NKM/lrtw8mnRtkZzLyrA==` | +> | UAE Central | ecdsa-sha2-nistp384 | 01/31/2026 | `lO3lSaBB3hriPePQ3Gy/S5xoNrbw3tIjfFRIgogq+lU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNepTdgyzOXRje4JSY+mzB/k/HAmsKw8PyJFWR7tUdY5rPNghGg0pH9pos/CrynXq30lhBSS5bVA7Gy74AjjUQdWCM7/oOu97jJWkfYJzSvLIAJ8WN4H/PchBcKUex1Cpg==` | +> | UAE Central | rsa-sha2-256 | 01/31/2024 | `GW5lrSx75BsjFe4y4vwJFdg454fndPjm4ez2mYsG3zs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAQiEpj9zkZ8F3iDkDDbZV4A3+1RC/0Un6HZVYv5MCVYKqsVzmyn+7rbseUTkZMO/EqgF8+VWlwSU5C2JOesZtKXAgNzXBSOER3NbiucB5v1b1cC+8Qo4C2+iTHXyJSKxV0bTz55crCfhKO1KTQw3uZoYh6jE9xI1RzCI1J4qP+afZQQhn3H+7q+8kTMhmlQrfKuMWennoWZih+uTe9LPHjlvzwYiXkS2sOIlKtx8eLDJJg2ONl7YKSE4XVq7K33807Gz5sCD/ZV+Bn+NyP2yX14QKcyI97pkrFdcJf2DZi7LdTuEVPx3qK/rHzmzotwe6ne6sfV+FJpowUUTbKgT5` | +> | UAE Central | rsa-sha2-256 | 01/31/2026 | `1CPpQFd1HDc1TVCnaktsKgKewrTBvoISkyDpte/rDOo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDHSU17nm3EBbLChzISwQ6GhCNWyk7dxOYyLa8GUNLDRrlEkbEgcAPpfRosf/D60oCFCKRV9ZAKopiTN3ZFSyxmErzSB2+xxaC/P0OyIV6Iy+tJIhc6daNI0s1Dr02yideftrt7IOVegjhkkE26l7lcgrBoHjF5DFjJqJGD/f8fjtKeTJbsMUKAwPQZ7ZvRzoel6u4gDZcLS9HjekFAUWKakh0qsnajsmBK/wOd87eMYle6o0rVen8GbxvLpbjwW1ZqLYiKU6aNx8wSWA4Ax7N4DJXrd7Wq5sxYoS2HcLcEkZho6dk0S0Dn2jax7hDbHbj8EB3dbXhmAGgWFWqvW3CB` | +> | UAE Central | rsa-sha2-512 | 01/31/2024 | `zflL4olL2bga9JCxPA/qfvT2jSYmIfr2RY6GagpUjkE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAtxSG7lHzGFclWVuErRZZo6VG5uaWy1ikhb67rJSXdTLuSGDU+4Boj4wKxK0EyVKXpdQ3VrIwC4rOEy/lKAlnI2PrkrMjluau2aetlwW0hCBKAcgEOpMeMJJxCvv9EVatmEhvCe0ARyVM539058da9LzoZ2geFnFIbh3t8fNCaJZTNSS5PW1SLkspSqYXUYJWzu8Kx9l3LTzlmJT1DukKLIKj5ZDwuzOIN5m1ePYp4MzfIeBN6ys8df8HqXLoEXE+vOZWOzwkPVWoTsYvwB8j9+FHECAVf4Gcm8sPvRZA/RKDn1dGW2THzVw/VI/F87fFC7stLmZJ1v+a9TTFE649` | +> | UAE Central | rsa-sha2-512 | 01/31/2026 | `gUrg5GpMevHc+oY/6e5zf3v/QAUs7LfQPDuJzPDvCj4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAJnedb7pHRHXfKMPJvF8AwEydvhLJ/n7NNdxWEGM3LjKMehDVVthzt09Z2NUpw3oPBOq0D7onxohoxLVKuPPk7shs23fVV0lyBnTehYKHvVkLpTsBd2E6JEXzTRoT7LWJWJr5WWjnUagn8HprOiBLYo7kW8g0iidfzaYUSKvtz3j4iYCCogjqTgsxF1wBn/R8LM1kpZw75ym9VWmeP430ov7fyKxho+EG9Xf2ta0E1AKrkJoTo/I2PY6/44Uhxf65afApGGbQOnuAuJsSQRfTs4f1Potuv4leDo6p1awLbYAiDjdky7QNbjmznDu8J+O+F28HNI/E4WrMgmM9xsQZ` | +> | UAE North | ecdsa-sha2-nistp256 | 01/31/2024 | `vAuGgsr0IQnOLUaWCCOBt+Jg0DV9C6rqHhnoJnwORM8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEYpnxgANJNJ4IIvSwvrRtjgbejCpTc3D+l5iob7dBK4KQ7MB40rq+CtdBDGZ1J7d6oCevW6gb1SIxU/PxCuvMI=` | +> | UAE North | ecdsa-sha2-nistp256 | 01/31/2026 | `CG5AfI2DZM9CuJahiKljc5R7r1fFuFk7on/fpxraX5k=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBND/xbpRM4gkyWzkPTqJ0gT43sKGDpboZnor6arGO19aT7rUvwvvrDavj6+tHQ4rspF61evvqNwgex2jXfjZl4c=` | +> | UAE North | ecdsa-sha2-nistp384 | 01/31/2024 | `A5fa4Pzkdl0H2kVJxlNiEQkOhPzBYkrfQrcviQUUWUA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBOz4ENDgFpo0547D5XCRCJLg8brp+iUyId2IdEhZAhuNX9spxlVe6uSkiQbd+8D5hHPVNuLFTFx7v2wXObycM8tr/WGejn/934BvSUhM6lDpU+d5n+ZcxEEhp4gDiy1l+Q==` | +> | UAE North | ecdsa-sha2-nistp384 | 01/31/2026 | `ZKSbth32z81WlOVHmZQXMgKKpZtoKM51iQlppBjIEsg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLVt41XkHBVdtvDrzNdTwH358z8nuYKXsbhOXSC5y5vO/G1lEnWXdpDhKMf6Gai0BDRkoiTg8UPeduAJhJMS5R0aptOVEHqcUoByQydX787Xzs1zkb7R9HroAQqxZkN76Q==` | +> | UAE North | rsa-sha2-256 | 01/31/2024 | `Vazz+KIADh85GQHAylrlI1tTY8/ckoRqTe/kbLXPmd0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDRGQHLLR9ruI0GcNF2u3EpS2CbHdZlqcgSR1bkaOXA9ZufHyxuhIpzG2IgYQ8wrjGzIilYds6UIH7CAw9FApKLNpLR6qdm8qjM0tJiyHLm3KloU27FfjCQjE9JhmsbTWCRH3N52A9HXIdiVCE3BBSoXhg/mF+3cvm1JvabKr1twoyfbUgDFuF7fDyhSxJ/MTig8SpgzWqcd5J+wbzjXG0ob2yWVhwtrcB6k97g25p77EKXo3VhSs0jN7VR+SAHupVwWsUgx4fZzi2I5xTUTBdOXW+e3EiXytPL2N5N/MtFKVY/JVhFkKkcTRgeuOds51tkByteSkc32kakcUxw6CjJ` | +> | UAE North | rsa-sha2-256 | 01/31/2026 | `xkPKadBhJcbriHJ7u9rysvVUYJJ3BgmJ/tVmZ6Pdh9E=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCg0BnGxp2p73iSfklsC7oXdXMSwwl6ZWBXRbLOb50Q+Be/SXFm8i5pbQCoWQTV02/5zQIRjyPhHNrDLGgQG3FqpTWMe47T1OdMMYvBIzaI2KFvSRnKWPy0dGw9nowmwDUsHPR+I/MO0D6x1NgYwNmcIPzMzN81XnXB+U9yBCIR/dwgaUrw2LHE1gL4JDhIXGM7dZWpnoWtLtjjqJuoTy0CgL+sxsexRDXmpE0LujyzA2xWNWo7suF1HZmVPI1cFa8+UC+o24BlBtd4IU7otIX2qgkXyeMIJuRnT+THbEAvz7U9/QH1+WDC4Jy+vlitlulz2VHyf37cXQaq949UO1VB` | +> | UAE North | rsa-sha2-512 | 01/31/2024 | `NDeTZPUor2OuTdgSjLLhSaqJiTJUdfwTAzpkjNbNQUY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAx9LfiyVmWwGD/rjQeHiHTMWYaE/mMP6rxmfs9/I4wEFkaTBbc4qewxUlrB1jd7Se2a0kljI3lqQJ9h+gjtH/IaVTZOKCOZD8yV9Dh4ZENRqH/TOVz6LCvZifVbjUtxRtbvOuh1lJIVBSBFciNr0HThFMnTEIwcs5V48EFIT6eS9Krggu+cWAX2RbjM0VQnIgkA5BeM33MjSjNz86zhO+e7e1lhflPKL5RTIswtWbwatgkyvfM33pJql/zJz+3/usSpIA/pgWw23c8WziYXiHPTShJXN+N+9iLKf9YUkpzQUZSaRw8XDPyjJNx327Lot0Bh4YLpe37R0SrOvitBsN` | +> | UAE North | rsa-sha2-512 | 01/31/2026 | `WW8903bkfHA2Gn59xbpwus4rOy//t2ND6iarME8FoX8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCnVyU5nye5iPn93/4jxtW2Jwjm4qtFZ3EfIuAOR9p59Td6f1uz4+TkTdernYFZFs+2VYJaniX1YiugyGhfNCcxjl3kdE3uRsaDUswKuTgwVbHdD1eatOC9dMKaFDMyuJ9l3GY31+hvurmOxSWAMbr4EVWBiHIJFhRcp6PXh8U3Q3TcSw+hf4+XM+9+ffChn7m6jxkb6hCmGWmQeSLz16hUCtt4QD5UrZ7kWlTWek0MDtCDVcds86CDACopkLUuSxc1l7KmESnV2zl5E4A337RWhSxueSEpO+pPaMEwLDySKy4QWpuD1A6lUWMjCrYY+enPNOqWZOmG4UHtRz3SuR2d` | +> | UK South | ecdsa-sha2-nistp256 | 01/31/2024 | `weMVzOmQnlMdMp5XBoU9SdN5meBbx/8nvA8dB45w8Ck=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEnBllEm4/HsTP+ZMhlc8YnSAYWF23tibZDqGxf0yBRTU/ncuaavuQdIJ5TcJb0NcXG7skEmq3StwHT0FPMWN8Y=` | +> | UK South | ecdsa-sha2-nistp256 | 01/31/2026 | `O/fVBsiwFR71jWIDIR8kY8UeT3NVfyr3F5O7Zgd9kwg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO1pIStRDeGkyH3Qx+A6Uyoknzu3miYLzYYgDlsByz3TfuLmEheHtD/QnBRvPWF5IqmLZn/dz3xUJQi04lwrfok=` | +> | UK South | ecdsa-sha2-nistp384 | 01/31/2024 | `HpsZ8zoOCCsUbpD3nAOtxpuKIvn0L8KGyg1KMLuMUqU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGd/672brwX1kOhH31ZTdBRj+bcEmemcdmTEe0J88cJ3RRQy7nDFs25UrnR+h3P0ov9Uq24EJQS8auxRgNCUJ3i3ZH9QjcwX/MDRFPnUrNosH8NkcPmJ/pezVeMJLqs3Qw==` | +> | UK South | ecdsa-sha2-nistp384 | 01/31/2026 | `2waT1L91yV7OgudDQ7yfA9sk9jSmqrSX3cy9uA6MahM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBETAKzK2eYy1m0LxYvnGtu564RmVIgkYBfY8aBSbHUUikdAQLdfEDbDO4CaReHGMJpZk3CY/gGMcSjxmazpJq0B9L56Hj/Kp8uRciVJq9wEeRUML2Mh8cuz/JBwX9eVdYA==` | +> | UK South | rsa-sha2-256 | 01/31/2024 | `3nrDdWUOwG0XgfrFgW27xhWSizttjabHXTRX8AOHmGw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCdLm+9OROp5zrc6nLKBJWNrTnUeCeo8n1v9Y3qWicwYMqmRs/sS9t5V3ABWnus4TxH3bqgnQW3OqWLgOHse/3S+K1wGERmBbEdKOl7A7kQ9QgDkWEZoftwJ9hp+AMVTfCYhcOOsG+gW021difNx+WW2O5TldL31pk+UvdhnQKRHLX31cqx5vuUmiwq4mlbBx+rY8B/xngP2bzx/oYXdy1I9fZbWWAQ6FwJBav1sSWL0l7snRdOsy5ASeMnYollEw1IATwYeUv8g3PzrryZuru+7gu/Ku9w8d5jbFyI6Up4KLwjs/gZNuqQ5dif7utiQYbVe4L0TPWOmuLA25JJRZaF` | +> | UK South | rsa-sha2-256 | 01/31/2026 | `Ntdjy7uYiI3L1G+QeDK2UhrsLj4H4cLEF5GPFzwqqQk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Z3tBtO24z3kg76jT+sS7Np6cmvcSFLFTyDO1z28Ury1cnIk5WK9OjRuwlDhIfnR4mSMmcA1OuPzIGK4jIdMuj/Hy+YUF2D+jR8oUBCqZocbUH0rYEOCEo9U1n2vly5oYGTU3COqHId67eCQOs3C0hXU0Dpso+cidX0QkLArvmYvErpmg8a9EG+2Sbl4DQjAXY3HYBafl/2jkOcIVPW5Fw7Pdql/fWRC6CsinobdCaoFuqR5+VwMQPftKdD+HfykV38gjvUaNVIRyEfFkbMo1HQ+vTU04Bw612ka+xTf/npu/1g3AV9Tb3Xlr0gqoU5p7W1hAqJAZ1td9oTgE247x` | +> | UK South | rsa-sha2-512 | 01/31/2024 | `Csnl8SFblkdpVVsJC1jNVSyc2eDWdCBVQj9t6J3KHvw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDIwNEfrP6Httmm5GoxwprQ57AyD6b3EOVe5pTGQWIOzxnrIw2KnDPL07KNa33xZOmtXro5PYyhr5eNXUkFiQMEe+RblilZSNAvc4MHbp2TVD0L9N7Pdy2SetoF4m5BCXdC48kZntqgkpzXoDbFiaAVln5zQCHB5fOuBPS1id8+k3zqG0o+K0MHb6qcbYV8gdQeOn/PlJzKE4M0Ie8na3aWHdGvfJjDdK/hNN0J+eUK8qIb9KCJkSMDj/l3rnue9L8XgeKKA2Pkvh3nch4VBXCcCsDVhgSf+aoiJ0Fy8GVOTk2s7QDMzD9y37D9V2OPl66q4pjFGOfK0mJmrgqxWNy5` | +> | UK South | rsa-sha2-512 | 01/31/2026 | `tS7jt1nZRrT+zXYm2U5uftS9o5l/ca53XWBFHYJrLAA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDXaUQJ4GSVIs/tdFCts+bOmOBEeJ85bMAt3A3u3G4IKa1N7rrzZEJOS6MGluyX9ldjihwHLrOQsce8W5Mb/I2iv84ywo8sE+OlgArvpydO9TaSMQU0/pXgxRn9BP3cfUxyvl5RZw+54Y5rQpP/cQZFjC9OpBRZhiaq8GiNbWwrvk3Zwo1eT8B7BEs4pLPEQpnGnicAywY1Dyk3cBIRNR8FFlK1by1OXr+ZpTWx6RX4WxMvmg6EHNqOUvls0G3/1oDq8Ap55DwXFI1aNCTLevJrf+N61rlJrzF5vRj3OFL7JgPyafXPRmMlgRX81K6La9oFWOk9oPSLvW2XD7YcM/dV` | +> | UK West | ecdsa-sha2-nistp256 | 01/31/2024 | `bNYdYVgicvl1yaOR/1xLqocxT8bamjezGFqFdO6Od0I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKWKoJuxB3EO5bKjxnviF+QTv3PBSViD1SNKbfj0qYfAjObQKZuiqcFYeDoPrkhk9jfan2jU6oCEN4+KDwivz3k=` | +> | UK West | ecdsa-sha2-nistp256 | 01/31/2026 | `Y+t6kUTkav589Ri4L1AVG64Ugkf2g0XnHAkkQFE6+0o=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOypY+rnYWZPtUYshSwOxCr/HO5f8FrTayhjuqu5SIr6beRrNmI/5mg5V7mK75rbxzkDQBtdOg0UY5afhd12VBI=` | +> | UK West | ecdsa-sha2-nistp384 | 01/31/2024 | `6V8vLtRf6I5BjuLgToJ1cROM72UqPD+SC0N9L9WG6PA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBA+7R/5qSfsXACmseiErhfwhiE7Rref/TNHONqiFlAZq2KCW3w3u8+O4gpJEflibMFP/Mj5YeoygdPUwflFNcST9K+vnkEL3/lqzoGOarGBYIKtEZwixv3qlBR+KyoRUkw==` | +> | UK West | ecdsa-sha2-nistp384 | 01/31/2026 | `js1uEKB1mrXNBzdNuMS5kdCxLpAkcmhNLhSxbboWey4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBCDTQUgC8WbfDZYtQYBCwjcyw69DUduYXmedfRS1sEKfVvQ6WIC3NmimGQ0l3hZqykOVIYZSmpoKZgbsJwuTbVQE3M+vu9ZElhyrds8QWMm0iNVKZCJwn5oxdLk+KPEe+w==` | +> | UK West | rsa-sha2-256 | 01/31/2024 | `2NQ5z6fQjt4SZKdViPS+I2kX7GoXOx3fVE81t8/BCVE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNq0xtA0tdZmkSDTNgA05YLH5ZuLFKD7RbruzuL4KVU2In0DQUtJkVqRXIaB3f+cEBTs9QrMUqolOdCCunhzosr5FvCO3I6HZ8BLnVNshtUBf2C1aT9yonlkdiIyc2pCHonds8vHKC4SBNu3Jr584bhyan8NuzJqzPCnKTdHwyWjf8m5mB4liK/ka4QGiaLLYTAjCCXmaXXOVZI2u0yDcJQXAjAP5niCOQaPHgdGk6oSjs0YKB29V+lIdB8twUnBaJA9jgECM2brywksmXrAyUPnIFD6AVEiFZsUH3iwgFAH7O6PLZTOSgJuu994CNwigrOXTbABfpH2YMjvUF///5` | +> | UK West | rsa-sha2-256 | 01/31/2026 | `x3DuKaxnJ4GPXUY3+TS6U+Y4MwI/er1315Wtf+GSiYg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDD5+oajaLstTLolvR2fWrU57xcIE0Ho64SXtj5rWJZmk/BlSwwNOKwYiNSSDgcQFYxKc9F/zudD/o55qj6NqHUurwtsXBKzUWZpb02yYsSu0S9BMym205LUIH5zOe/+t9BiILkoATLjxOMWmp0TDIEHMky6WiUKaCQM7JPdOnp6xaAM4ZSJNe0ut0TPRgof4zD0QbQ58TpJ8bIdD2YDnAdSj697cmyNwt4gDMv3YunG1A5KDYNmZe+BVBO8m8sbL0RwZ4LwfCSkorTNyQlIG684K9v4Awx1k+VDoi9hOXyCT+IvyhkZBtljKWTnhPESiI/sjdpz6MVQK3HUw70pQsV` | +> | UK West | rsa-sha2-512 | 01/31/2024 | `MrfRlQmVjukl5Q5KvQ6YDYulC3EWnGH9StlLnR2JY7Q=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQClZODHJMnlU29q0Dk1iwWFO0Sa0whbWIvUlJJFLgOKF5hGBz9t9L6JhKFd1mKzDJYnP9FXaK1x9kk7l0Rl+u1A4BJMsIIhESuUBYq62atL5po18YOQX5zv8mt0ou2aFlUDJiZQ4yuWyKd44jJCD5xUaeG8QVV4A8IgxKIUu2erV5hvfVDCmSK07OCuDudZGlYcRDOFfhu8ewu/qNd7M0LCU5KvTwAvAq55HiymifqrMJdXDhnjzojNs4gfudiwjeTFTXCYg02uV/ubR1iaSAKeLV649qxJekwsCmusjsEGQF5qMUkezl2WbOQcRsAVrajjqMoW/w1GEFiN6c70kYil` | +> | UK West | rsa-sha2-512 | 01/31/2026 | `xS56JtktmsWJe9jibTzhYLsFeC/BlSt4EqPpenlnBsA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDE7OVjPPfsIrmrg/Ec0emRMtdqJQNQzpdX1e8QHKzjZKqELTDxZFoaa3cUCS/Y+y6c/xs/gZDv0TU/CLGxPCoOyz2OhhTQnzRuWQRzgsgpEipHXHbHp3/aL0I346MmsEx8KmrrIootcP+K5RLDKlRGb62tOCEX+rls4EjAbNZBOnFAytg9h5L6crV4iGeRf0tAxh0VzYze5QmelWBViVfejV99e091CAU7SnBX5FUvuvgil03sZQz4lH2qdOwKBEpVuzSkueJWMIm+EpWwVcfqoPnwB+J4Srr4qIPdJk9FkSGF5E+8VtqTGe8I+3sNxUg1iwpUOtq+G3q6ueb5h4M5` | > | US DoD Central | ecdsa-sha2-nistp256 | 01/31/2024 | `03WHYAk6NEf2qYT62cwilvrkQ8rZCwdi+9M6yTZ9zjc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCVsp8VO4aE6PwKD4nKZDU0xNx2CyNvw7xU3/KjXgTPWqNpbOlr6JmHG67ozOj+JUtLRMX15cLbDJgX9G9/EZd8=` | > | US DoD Central | ecdsa-sha2-nistp256 | 01/31/2026 | `Vt1V5RbKs/mbJOltNUEvReuUxCnCy3h++kHOoTlNlHw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOPTY29ayZ7682lA9zMdmD1brEePkc3D56LJp4a4K8PjVL29ECYL9JY1oCMil4wso+46InClt9dUISoGkBJDzOw=` | > | US DoD Central | ecdsa-sha2-nistp384 | 01/31/2024| `do10RyIoAbeuNClEvjfq5OvNTbcjKO6PPaCm1cGiFDA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKYiTs82RA54EX24BESc5hFy5Zd+bPo4UTI/QFn+koMnv2QWSc9SYIumaVtl0bIWnEvdlOA4F2IJ1hU5emvDHM2syOPxK7wTPms9uLtOJBNekQaAUw61CJZ4LWlPQorYNQ==` | When you connect to Blob Storage by using an SFTP client, you might be prompted > | US Gov Virginia | rsa-sha2-256 | 01/31/2026 | `sBTwe1dh/jNye1AkWayiQJa+aNuwPXzaC5YytXmKms8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQClYWOwQbWvAr73EGSWPqAtUMb2zEQZhPr37mty1TIs+0260Ik7G+7ZhR+3dmWUYcO38ohYH1j/YqIoMHlGnesOEO+ILk8O8X6G/sNS6czH6SsykbFkttWNBe7u22JBT53+3uI9rwOfQmxWR43biMkKoZf/WULJVAsUw1pQJEEPH1U31Us8Cz+Odnz5YsWIoALqhHZyJehYGb9wsSNQzGnwMr9HWNN0yaAzICaTOQYp8E37bhv5btgE1/1i75IagSCkggFv74MTQDK8VsNduUFrCirQTJShiK5c+7+BBO7e8KxFkEPNtHwfdERsaC9mcpRsxvUeHDXEfwO5TnRbFHZp` | > | US Gov Virginia | rsa-sha2-512 | 01/31/2024 | `0SbDc5jI2bioFnP9ljPzMsAEYty0QiLbsq1qvWBHGK4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNu4Oori191gsGb8rlj1XCrGW/Qtnj6rrSQK2iy7mtdzv9yyND1GLWyNKkKo4F3+MAUX3GCMIYlHEv1ucl7JrJQ58/u7pR59wN18Ehf+tU8i1EirQWRhlgvkbFfV9BPb7m6SOhfmOKSzgc1dEnTawskCXe+5Auk33SwtWEFh560N5YGC5vvTiXEuEovblg/RQRwj+9oQD1kurYAelyr76jC/uqTTLBTlN7k0DBtuH305f7gkcxn+5Tx1eCvRSpsxD7lAbIoCvQjf95QvOzbqRHl6wOeEwm03uK8p9BLuzxlIc0TTh4CE8KrO5bciwTVi1xq7gvqh912q0OvWpg3XBh` | > | US Gov Virginia | rsa-sha2-512 | 01/31/2026 | `yqbLRrPZQwc/4i0U8AY66gRkRfhFk5mHuO39JtvKo28=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCuPlNV10NkFendL2SCdcyYYeaadxPcH7owF6ZWhZgS7uRcMLyuc2RZ7y7ctLlIPCj20nkyB2kcvY7QZwvhTOtIJhg7VtRDaKQmJJPiVgumEManP2TvUBa+ve31O05m7fjH0xE56gHENXLzoNntwhMEgkNVKY/nT/KFspBP4N/N7TeokoBGSPtY+Fclg1cAPbQ/B0z7Ao5QJoYYO1FRllZ8sec25lu/S5rdVQxKhut2iBwVTUBQkl+0ceu6T6kVvqRNybql6I72IwjWf4rX+rG4Bp8cCv9PEtWZMIlB3EVnzKYIVTncDiV/g3WfUDqknct/hshecxZDqDkekTu3csRN` |-> | West Central US | ecdsa-sha2-nistp256 | 12/31/2023 | `rkHjcTK2BvryQAFvjugTHdbpYBGfOdbBUNOuzctzJqM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKMjEAUTIttG+f5eocMzRIhRx5GjHH7yYPzh/h9rp9Yb3c9q2Yxw/j35JNWxpGwpkb9W1QG86Hjt4xbB+7q/D8c=` | -> | West Central US | ecdsa-sha2-nistp256 | 12/31/2025 | `9LD9RF5ZMvHPpOVy6uQ8GjM7kze/yn9KL2StDZbbWQs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA3aUdy4Z/P7X+R+BxA6zbkO96cicb9n+CjhB+y12lmF8vRLxfX03+SmiCul6+TTyuQYaW0AN9bcKDK4udy/H2s=` | -> | West Central US | ecdsa-sha2-nistp384 | 12/31/2023 | `gS9SYvaH6dCqyugArvFb13cwi8q90glNaK+fyfPie+Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBD0HqM8ubcDBRMwuruX5zqCWSp1DaLcS9cA9ndXbQHzb2gJ5bJkjzxZEeIOM+AHPJB8UUZoD12It4tCRCCOkFnKgruT61hXbn0GSg4zjpTslLRYsbJzJ/q6F2DjlsOnvQQ==` | -> | West Central US | ecdsa-sha2-nistp384 | 12/31/2025 | `8+sQzfhwPUFU8FsRTXr94dU9+RQ1Y+WSsRnAW2avOlA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBK5YEuLSqd+FiuaJDVa0+YvluAjxJGGy2hhcTaSQYXKUG6UMpBWgvYN3yf7wT7JetiUcLc/LcGe1/V2gtZHMCOpYABumkWXVOfl98UDfzyHh+p6yn872y6v9KuVJjN/LJA==` | -> | West Central US | rsa-sha2-256 | 12/31/2023 | `aSNxepEhr3CEijxbPB4D5I+vj8Um7OO6UtpzJ/iVeRg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDDWmd8Zd7dCfamYd/c1i4wYhhRnaIgUmK7z/o8ehr4bzJgWRbjrxMtbkD2y7ImjE2NIBG5xglz6v9z4CFNjCKUmoUl7+Le3Rsc5sJ/JmHAmEXb0uiDMzhq9f6Qztp+Pb9uqLfsPmm6pt1WOcpu+KNpiGtPWTL21sJApv6JPKU+msUrrCIekutsHtW6044YPXNVOnvUXv08BaPFhbpeGZ4zkrji0mCdGfz2RNcgLw0y3ZzgUuv0Lw+xV0/xwanJu4IOFI1X9Ab7NnoGMkqN/upBLJ4lRhjYVTNEv01IX2/r5WZzTn4c38Nfw4Ma3hR0BiLMTFfklFVGg2R64Z7IILoB` | -> | West Central US | rsa-sha2-256 | 12/31/2025 | `GOVwLTexmpNcGW0BJ5vXcM7K4Dy8OyLtFHEKSOFU2Vk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC12vm3S6iVMKIGxwRyaaEr5NI7EG5ttvB8gvq03LAs0WRXlSUxswM85GlbSS40OKZWe3SxEuu5uc9mL908ilVi7YQqw11ZK+7P+tljIMMmirFoeQlCdJzVjbhqgS/xe9tsKvDxOch2IBpJTEqbA6FgI2+kS0gVR1a4NehhWdm3wEcCsFEbe/tRAKrlWHPq2+bGyZIOQkArANX9CMkMUT0d2fORyl8eH0vU9w3Pg6RdHpRBPPgGcmHpv0cxE8l8rbGyM4+tx+stmnJpjF92HWPEDb1crtatPQvRkXeP+qJIHvUD1USdeEBo2bJBPpNfHqNZ/x+0TDanpYwdzFuc52zB` | -> | West Central US | rsa-sha2-512 | 12/31/2023 | `vVHVYoH1kU1IZk+uZnStj3Qv2UCyOR9qVxJfmTc20jQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC9Q8Tvvnea8hdaqt+SZr4XN1JIeR43nX6vrdhcS6yyfRgaTcEdKbAKQbwj9Fu3kq80c4F+SNzh1KQWlqLu3MJHSaSdQLN9RaHO1Dd+iVK1WgZtsPM9+6U7wupMZq8Hdmao5sqaMT5lj7g+win2J+Wibz7t8YwS7g2Xi+ode8tFPFKduZ5WvKLjI0EiAS4mvcyWEWca142E8fxV9TobUjAICfgtL4vCpmLYKnSL/kUgplD0ow86k/MHp9zghDLVSVDj8MGMra+IJEpgHOUrFNnuyua2WSJVuXR2ITfaecRKrGg7Z4IJzExPoQzDIWdCHptiGLAqvtKT0NE2rPj9U4Rp` | -> | West Central US | rsa-sha2-512 | 12/31/2025 | `105lnhGDVhkt7/KbNWNW1sMT6ezj6HYdGedf2a8tzLo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDvHbPUEzQXOZzJI2lGWDKHXztBsdwleqeQKGKfJzPlZBDtfPakRWs5BhkXBYm6hqGDO4k1huAZKqS+C1Xv/rbaY+8NkC66NLw2VyhxRLzNvOAUWcEiMji6Q7mErii0cZsjNNtnsQZj36iFGHcSihjeU55EOPt1mvo8QquqNdvBKApQ96fqy0xLoQv1JVg/CgQxv4hVkq4/yPfHZWyU29EjhHZdYwIDU6DFn1UwQw0pixnB31sFTQhYnxpMAk1xj2qkh0UiNMZThRVy/giE3OzzVcDD7bH1bZmFSAX29f8EiUEMeisHEKsQsjjGyPSQD544U4vXIznbgdHKvHNhFluJ` | -> | West Europe | ecdsa-sha2-nistp256 | 12/31/2023 | `0WNMHmCNJE1YFBpHNeADuT5h+PfJ/jJPtUDHCxCSrO0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBANx85rJLXM8QZi33y8fzvUbH+O5Cujn0oJFDGQrwhGJQTHsjIhd5bhFFgDvJ64/4SGrtP1LHDKLwr9+ltzgxIE=` | -> | West Europe | ecdsa-sha2-nistp256 | 12/31/2025 | `7Lrxb5z3CnAWI8pr2LK5eFHwDCl/Gtm/fhgGwB3zscw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE/ewktdeHJc4bH41ytmxvMR3ch9IOR+CQ2i2Pejbavmgy6XmkOnhpIPKVNytXRCToDysIjWt7DLVsQ1EHv/xtg=` | -> | West Europe | ecdsa-sha2-nistp384 | 12/31/2023 | `90g+JfQChjbb3OOV0YIGSVTkNotnefCV2NcSuMdPrzY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNJgtrLFy2zsyhNvXlwHUmDBw1De++05pr1ZTxOIVnB17XZix0Euwq/wZTs0cE01c5/kYdAp+gQHEz594e7AQXBTCTqUiIS1a4+IXzfiCcShVfMsLFBvzjm9Yn8qgW9Ofg==` | -> | West Europe | ecdsa-sha2-nistp384 | 12/31/2025 | `UpzudqPZw1MrBiBoK/HHtLLppAZF8bFD75dK7huZQnI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEDYr3fSaCAcTygFUp7MKpND4RghNd6UBjnoMB6EveRWVAiBxLTsRHNHaZ+jk3Q8kCHSEJrWKAOY4aZl78WtWcrmlWLH8gfLtcfG/sXmXka8klstLhmkCvzUXzhBclBy7w==` | -> | West Europe | rsa-sha2-256 | 12/31/2023 | `IeHrQ+N6WAdLMKSMsJiML4XqMrkF1kyOiTeTjh1PFyc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDZL63ZKHrWlwN8gkPvq43uTh88n0V6GwlTH2/sEpIyPxN56/gpgWW6aDyzyv6PIRI/zlLjZNdOBhqmEO+MhnBPkAI8edlvFoVOA6c/ft5RljQOhv+nFzgELyP8qAlZOi1iQHx7UeB1NGkQ5AIwNIkRDImeft9Iga+bDF6yWu60gY43QdGQCTNhjglNuZ6lkGnrTxQtPSC01AyU51V1yXKHzgaTByrA4tK6cGtwjFjMBsnXtX2+yoyyuQz/xNnIN63awqpQxZameGOtjAYhLhtEgl39XEIgvpAs1hXDWcSEBSMWP4z04U/tw2R5mtorL3QU1CmokWmuAQZNQcLSLLlt` | -> | West Europe | rsa-sha2-256 | 12/31/2025 | `m/p8MR6TSI/yjFpm0REBHzb+8MtSOKLhqgijeVFKX54=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCdC6asS58EMYOBJe6HXlOIeVdKIQ0MI7ZxUVrFIc7wylNm5d0dEQUrg6hpq7m4jFPY08TptGf0AAd75JqDDyXeVv6p78NclbYiFESc8HsDhM5gc0Co+qjQRXzrfhFa4o/BJQ9V/MIo0Ir4RfFMkjFVrZSa/IS3DFvjZkmcP1oGumJ0re1pZK2dHoxH9foEbqG2j93XclQECm/RYmaobJ6DwXWhWuFTgu2C+GE2yvi3lP1NZPrROR2VVA3xRNfPeBSsxNyEVI5EpDfAIMfUGzB1uH6Hb4P2wQmTtiDOY4hBWYNzwJyllSiGNJ26ZETgK7uy6rwCPj75NnY1hFF7wM89` | -> | West Europe | rsa-sha2-512 | 12/31/2023 | `7+VdJ21y+HcaNRZZeaaBtk1AjkCNK4weG5mkkoyabi0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDYAmiv6Tk/o02McJi79dlIdPLu1I5HfhsdPlUycW+t1zQwZL+WaI182G6SY728hJOGzAz51XqD4e5yueAZYjOJwcGhHVq6MfabbhvT1sxWQplnk3QKrUMRXnyuuSua1j+AwXsm957RlbW9bi1aQKdJgKq3y2yz+hqBS76SX9d8BxOHWJl5KwCIFaaJWb0u32W2HGb9eLDMQNipzHyANEQXI9Uq2qRL7Z20GiRGyy7VPP6AbPYTprrivo3QpYXSXe9VUuuXA9g3Bz3itxmOw6RV9aGQhCSp22BdJKDl70FMxTm1d87LEwOQmAViqelEeY+DEowPHwVLQs3rIJrZHxYV` | -> | West Europe | rsa-sha2-512 | 12/31/2025 | `UOJXkaV/Dphq7zGqbzdcMhKBYg5PKVoDA9d3FKoxoWI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDFkp12XZbCzf2hNsxHuiPErkpOaEy89scBSZWZqIQdh2oEXuIS5IgxLkgcZ1oYaNh8QCHiKFH1d8TkYn37OqGGeRhHeshiusU7e6e3az4vcotyYs9vgJIkLkH+lbPL1u6AbnrT58CP/3hAgRX9OAsQiyNcK+9zmlV0wNhp8HlLSpV7EkLcD4HGMsy8h+TIczzM3PA20aRQQH1pcF55u+oULVR4bETJ2ZjQgW/Op90oagdtvNGyIlEKzHD2O8i+mW0OuMoMq1lRUEsL436MZ5h1EnolstvFZqGo2SUM6LTyNHYVDAxuzBAqG11XymsGJSGah46HrHzEKDHALm2DT0X1` | -> | West India | ecdsa-sha2-nistp256 | 12/31/2023 | `t+PVPMSVEgQ3FPNploXz7mO25PFiEwzxutMjypoA2DM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCzR5dhW3wfN5bRqLfeZ2hlj7iRerE4lF5jk+iQl6HJHKXIsH6lQ63Wyg7wOzF65jNnvubAJoEmzyyYig+D3A+w=` | -> | West India | ecdsa-sha2-nistp256 | 12/31/2025 | `fqnnguov0esOCv5kzyNu+QB/OdgLfJRFQiX1ZcBL9zk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJerCcVxwdgkwow5l62SLJdDGAkLU5274U+3Y0KXtn5jMffsvVPbYBp+xpzV7C/9hGvSjarTA2zZS+x9mmINLKs=` | -> | West India | ecdsa-sha2-nistp384 | 12/31/2023 | `pLODd+3JNeLVcPYYnI0rSWoemhMWws0jLc3J8cV6+GU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBL2PEknfZpPAT4ejqBJW8InHPELP1G7hGvroW5J3evJr8Qrr//voa6aH8ZF7Ak0HcVVOOCSzfjcEpZYjjrXrzuCOekU48DkSF8i1kKqV4iXejNNQ1ohDCbsiAyoxQMY9cA==` | -> | West India | ecdsa-sha2-nistp384 | 12/31/2025 | `UjeoSwhOAV7RXh9oyGDVn9SLqKYkP7yeQR1V7uQozrg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGs53qZH59WZCV1Cyk6qCHhGZOvwRLQxrl20t9D1Xit2dzM5LxJTmUHWx0iiCetUu2+btDi3QVoU4RjUkC6gVNV997fPhaCPwtskXVEfwUjGDn2lKo/5Zz6jg3hWbV4C2g==` | -> | West India | rsa-sha2-256 | 12/31/2023 | `Fkh7r/tOJy1cZC6nI75VsO1sS3ugMvJ56U02uGGJHFo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDHCzLI51bbBLWK7TcXvXvEHaLQMzuYKEwyoS1/oC5EN3NsLZl4BV5d2zbLETFDjsky/btWiAkCvHuzxealxGgzw69ll90aWSOEY/epaYJvueOTvGy4+rJY8Xyc64VdHml8n3EEZTQmBEi3Tn6bViLwvC0iT2/noLeYGXh0/NL0T3BeblwSm3cNXyemkBQO/zyYcchqRtKJu8w8brYVZYFINlTeBu4LyDP1k9DMtuewGoeH8SmvDxUmiIGh2VDlPmXe3IkMR0nSgz10jMl3F0fei7ZJ+8zdCVbBuIqsJf+koJa/q9npstWGMFddMX3nR0A3HnG4v5aCAGVmfl11iC0J` | -> | West India | rsa-sha2-256 | 12/31/2025 | `6o6rED61qGbOmiYN+2ZwFqhKy7yYACvHKEchCDE5DQ0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCpdKbl4v4dOTnRaSv/Y+d/yZVgg6841dCembUsn9SZ/oTGeNojSqf52qDYpeTosWBXzFBhVVldeXU8F6lEIMaHXmWMtqgcXkEGj/dteA+CNWiP96PFGp2Ea6YQk7EDanEeG8VJnCbdXuhMlx/f1+evZKAradA5tBQsx8o/KcqlVj7YRcwVcuT7uCd3E8IEqfUkxixP/60of7UrP1e5n8FW+7yN6BOW/DI8hXPEGt30xW1cb2m+sYY7wKbPElJ35XSwji2UOUrH0EQxCHvUiXi/y27Js7bB0iMb/acEUseEnewOWg24766FeGsI5hFI/gMEwmo7LOiIK48pbhrR0evh` | -> | West India | rsa-sha2-512 | 12/31/2023 | `xDtcgfElRGUUgWlU9tRmSQ58WEOKoUSKrHFDruhgDIM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCXehufp18nKehU4/GOWMkXJ87t22TyG5bNdVCPO2AgLJ88FBwZJvDurLgdPRDRuJImysbD7ucwk2WoDNC39q0TWtCRyIKTXfwvPmyG+JZKkT+/QfslMqiAXAPIQtVr2iXTeuHmn3tk+PksGXnTwb3oFV4wv40Wi1CbwvtCkUsBSujq4AR7BqksPnAqPrAyw+fFR3w4iD3EdtHBdIVULez3lkpMH/d04rf2bjh6lpI9YUdcdAmTGYeMtsf/ef8z0G2xpN2aniLCoCPQP85cooKq7YEhBDR8Lzem3vWnqS3gPc4rUrCJoDkGm0iL/4GCWRyG+RPi70WSdVysJ+HIm0Ct` | -> | West India | rsa-sha2-512 | 12/31/2025 | `MhWWguOBOabnBUZj7sfAi/bjlt+FLnbpdveOo8a55RA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDD/dgokjPgehyaJKnjsKwHVuiq6vAkdEYIhe4Ug7Cxw+yfSdH53mXZEtMHK8aCWqR1RDq9tJDlJMTIQbTJzRN0btX4uYT2UD4TU/nG3IpZhtebTFIbf6Gc76jN91jpkZhwQ9LBtf53KFwgHb1Ll2mwROVblDOmVN335kxyz1xTnHzNYZgMLxyIyihPlipbUkiAwXAm5Vsfpj/eHlcTINZUZUAP0bRTRrqWPpjJY92am0plMn0rqxhCeiUDApXzOSzxoFEqShcBGAEecR1DlvXTDwBLsY2ZAp2G52BhWzppHmfwzc0wH1O3QvzghwJ0erx4VatorLtUiSvq+Nc7caT5` | -> | West US | ecdsa-sha2-nistp256 | 12/31/2023 | `peqBbfcWZRW4QzLi69HicUUTwdtfW7/E9WGkgRMheAo=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBcTos/zmSn15kzn1Lk8N8QQh9hzOwqOSOf/bCpu6AQbWJtvjf1pHMuZlS2PpIV7G+/ImxXGpqpHqQlcD+Lg8Ro=` | -> | West US | ecdsa-sha2-nistp256 | 12/31/2025 | `wperGSrWWXuMxThLydo9c1vl9FBXDsJndwHu8x2qx+s=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKW5TfLgVBOzf/MlenMuKtG/Es1rejUEQr1OQqf/IrKUSt5dijkoCJpxlRupa8DTZHM+6SzUZ4DyHhi2KLXLr3E=` | -> | West US | ecdsa-sha2-nistp384 | 12/31/2023 | `sg63Cc3Mvnn9hoapGaEuZByscUEMa+xgw/3ruz49szk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGzX2t9ALjFwpcBLm4B0+/D47PMrDya0KTva5w4E5GZNb5OwQujQvtUS2owd8BcKdMBeXx2S7qbcw6cQFffRxE+ZTr4J+3GoCmDM0PqraXxJHBRxyeK6vlrSR8ojRzIApA==` | -> | West US | ecdsa-sha2-nistp384 | 12/31/2025 | `x7dfHFGCUko41YObPl0UTf11dd6rcl96gdzhBGsRqKI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMz4aRR1X8ft8T6/oUNuCRNXbajgaSyKxKOe3OlkHHWGxu1vP0h9I8dHPzlG/yB796xg2ygFe/h3TaFVujYZNmP4M5uWmhxahJ6hceYRQp7EKv4n3SR2kNGSngRkj3EdZw==` | -> | West US | rsa-sha2-256 | 12/31/2023 | `kqxoK1j6vHU8o8XyaiV87tZFEX9nE6o/yU0lOR5S6lE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAd7gh0mFw3iRAKusX3ai6OE0KO5O2CMlezvZOAJEH88fzWQ/zp0RZ1j7zJ8sbwslA6v3oRQ7Cx9ptAMTrL8SW4CZYcwETlfL3ZP39Llh+t7rZovIgvCDU0tijYvsa1W0T9XZgcwWEm6cWQzdm+i9U0KUdh7KgsubPAhGQ7xrOVEqgB9MYMofSSdIfKMt8K7xOSam6mhWiTSSIEGgeMTIZ9TgXkgAEJ8TNl3QHRoM8HxMnRFjtkXbT3EeSg6VOqi69Cei3hrmS64qvdzt2WwoTQwTFjxHocWGgA+Ow53wqWt8iYgOudpoB1neXiIcF4p0CN8zjvXNiRbZPg9lXFM9R` | -> | West US | rsa-sha2-256 | 12/31/2025 | `/0XElvAnzA260jbgxbbbW4ZktmIJBTR/I/8r+ap7d5g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDctdy9TQF` | -> | West US | rsa-sha2-512 | 12/31/2023 | `/PP9B/9KEa+QUyump1Yt05Lfk0LY/eyQhHyojh5zMEg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC8R8bFe8QSTYKK+4evMpnlB8y0rQCqikTyviqD4rva7i4f1f/JxmptJQ/wkipHPXk6E7Du6oK/iJaZ+wjZ03tNIWwAGn0SdlTvWuwQwigK9k3JRlLYO+Uj/SSnBQWf8Dmp+cA6RDalteHpM2KwaUK65BHYC75bWKHaNntadTIU4kQ0BvFzmNRcJWL6otd5RkdYXjJWHu21zcv4EpRHGmVCD0na+UWce6UGDbLDtsZVJd2Q7IyeTrXpWxEO0fFN2Gu9gINfWC1FpuffGaqWSa4nK69n39lUKz4PUdu6Owmd9aNbLXknvtnW4+xGbX6oQa8wYulINHjdNz8Ez6nOiNZ9` | -> | West US | rsa-sha2-512 | 12/31/2025 | `SWWxUUOar1u0jPPi4XjB5Ml8LVRI8FWCMKVR+vN3uKs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDWNjo16W9rd72PATIzhqQfGdzY/3YkuPRtmHa0VashniM2Edqmqtjn/8Z/CFmWA1wS0CulgqLvZ9UdtHUegiJdrrY++HBGCv4DC6YcXAMczhlYDB1qMap0ELFVjqVdGe1w8tzhO02q5hhn9LdaDkyGVuaEPkzVYbRoGEYpTszFcLUJ1isCDRX/41Ek7ELyHUgv8TEyMMZ5ndqB9xuA2BcwR+8U0+3iHY0JhwAQZvRyzeipUh0S3eEF96IraMvMCAg6hA5axlEZYC/t1ZoRnmdAuNpFwRCQTd0tNL8g+nTE1GK7SoITSl1/YVfTqtiisFCoDrEHWanrdFiBogZQB1mh` | -> | West US 2 | ecdsa-sha2-nistp256 | 12/31/2023 | `rt5kaA0neIFDIWTP2MjWk9cOSapzEyafirEgPGt+9HM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKEKP+1QZf3GfEvkNZtzoKr05iAwGq+yPhUsVdyA7uKnwvTwZAi7NBr4hMkGIIdgQlGrMNNXKS0V+rhMNI1sH48=` | -> | West US 2 | ecdsa-sha2-nistp256 | 12/31/2025 | `68JQ/P3TUrEAk2hMHXUF12kiH+J1s4wNbw2QsGHiX6g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKVvUWrwtZRU8DdawVrzYz6zLkmjC/I+chcu4KxSwUnHP/QyEcKJHbP45XU5dQ884MKKV4jo+8jXwjdzOx/f/kk=` | -> | West US 2 | ecdsa-sha2-nistp384 | 12/31/2023 | `g0vDKd4G5MKnxWewbnCYahCv1lZgfnZeEXfPAhv+trs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBB1+/Qu9Y1BqqV3seN0+0ITYCueuv0TFAnfG9z1Io8VYjmxLvdmaDvTi9kJ0ShjFJRKjbCfYKNekqYZDW4gBfmE9EyvMPI6VXPVLNY3TQ/z+Y7qO/oa28cSirW9fhp7vbA==` | -> | West US 2 | ecdsa-sha2-nistp384 | 12/31/2025 | `uUGvuCxgDLpe1SHg7gwm98iqzdw3NBKcg2UWPhfZ5hE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYPlipfp0E7RMEm+82OTZDCRM2Ll7Ag9g0o/RFzNNs5KbSbwjfBFSq8W1+DM/m1s45I+LY12jxPNs+8tRbNMARl3rnG8ZC5oSDPtQNsedIhkNzFvaMl9DVSdfWJ/1nflg==` | -> | West US 2 | rsa-sha2-256 | 12/31/2023 | `ktnBebdoHk7eDo2tvJuv36XnMtfauhvF/r0uSo6DBfk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDoskHzExtM+YSXGK6cBgmnLlXsZLWXkEexPKC7wHdt0kSqkIk9F31wD+2LefZzaTGfAmY5/EWrOsyBJvIgOoksH+ZPMnE9+TOWqy6vsS+Ml/ITvUkWajS1bKDPDSoIrCM1rQ9PlbgMQFg4o0FfyxLVCP7hcgvHO+aycOxkiDqtvwANvIn2Qwt7xwpIv1Mnc4OpcBSxbigb7ISlrvR9XWivE/piWjXS3IEYkGv7VitAlmWEoTt9L7K94bYol2nCXSXJ33X6xVVwVNpdxVtnUQBIRinN+vkOccgG0jvWtWPtrMjyDg/lyvr6lBdO/CQy4VO4VrIBuL6pjsS8KfIfTxKd` | -> | West US 2 | rsa-sha2-256 | 12/31/2025 | `WOdi+FVzlkWLhCdljVB8m5QUGP7i9BQv+TX5dRflO64=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC9FWlQHNtLZy21Wfi9I8t721lWp30x5TjvfmoMAO/wc/ktmoQySpUJltSgGTR+LCbCvgdKE98AxoRaJS/9x4HFW6/amYIy53F/YKgybul6udkoqWQ1mdul6y4BeLjKyZs6wW9H1NwCDIBApgVfQCpIbenZ7xeiz8z4lZeYxFcHWqR6FfrTztTwx+6cuwu0276piJ4TZCj4aCt8AZSR8nsQy6Plrcti1BMKzbkqSa5pwSIxiKyUATW2enQAVz6hINPw6tr/J7/IlW3612YwgnpR1/qedpUDkrYw34O2slfOXz4d7bSbWD+WoRXMT1bGuqXzgvtQH7MDrZ2q1w4nNfqZ` | -> | West US 2 | rsa-sha2-512 | 12/31/2023 | `i8v3Xxh/phaa5EyZEr5NM4nTSC/Rz7Nz0KJLdvAL0Ls=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOOo5f0ACypThvoDEokPfzGJUxbkyMoQKca9AgEb3YkQ/lsYCfLtfGxMr2FTOGQyx5wfhOrN0B2SpI4DBgF3B0YSLK0omZRY7fpVPspWWHrsbTOJm/Fn7bWCM+p63xurZ6RUPCA6J1gXd3xbdW7WQXLGBJZ6fjG7PbqphIOfFtwcs/JvjhjhvleHrXOtfGw9b4Jr8W1ldtgKslGCU1mnUhOWWXUi+AhwGFTI0G/AShlpX8ywulk2R+fxet3SNGNQmjydnNkcsrBI/EMytO1kwoJB3KmLHEeijaQzK7iJxRDZEHlHWos6G7jwaGPI4rV5/S1N+xnG+OhCDYAUbunp5R` | -> | West US 2 | rsa-sha2-512 | 12/31/2025 | `tIgpJAxfZKsvi3k9uaw7+ZjBnjATmwh5gP4PEhv1/o4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCukOsbGJpfRbExD2qR7RjjSNYuN0gGKTT9bkFQ24zZ+rqNCpLbg6PDISfVbPGs6rC4nwL4IaUySgmN8F/8Im0A1czVtnSsL2k0kdpVCQAaH1E8fV1lqKphKayZ3b4zzfuA9+DKQ06yPr0PmO3mUOVAv/CCBxRNpVj92P9f/CTY9wQpBSsJhl5XTAQhgTlQLcPmP9JMrSavMCnx3ablh8xrAwGcsNUBHc43KmA3CMTD3+MF4eAWmWxvzdNzrSVu3pta2yz1N8vnP0WGUBM6kY8KB2KClKkzms2kIFx2Fe2pfn1LU/SYX0MGuhKc0n/CWhzmckSDIOyWcYsTpiqwsAoV` | -> | West US 3 | ecdsa-sha2-nistp256 | 12/31/2023 | `j4NlZP/wOXKnM3MkNEcTksqwBdF0Z46+rdi2Ic1Oj54=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBETvvRvehAQ2Ol0FfTt649/4Xsd0DQQ7vyZ666B92wRhvyziGIrOhy8klXHcijmRYRz3EjTHyXHZ4W8kcSKB4Lo=` | -> | West US 3 | ecdsa-sha2-nistp256 | 12/31/2025 | `6p/fmVisz/bHbuWC7UucbAnBdgK4WQVkw6zzhvFhHFY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHpgzFgmBhkzPGtDbZDxFkPf5002g5lNWvDTlmwr0w9iFcZpFo3nmb7P8hwmM1fuIIY3TP975fdWQksb0BalCVQ=` | -> | West US 3 | ecdsa-sha2-nistp384 | 12/31/2023 | `DkJet/6Pm6EXfpz2Ut6aahJ94OvjG3R7+dlK0H4O1ts=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEu+HpgDp0a02miiJjD5qVcMcjWiZg5iIExECqD/KQVkfyraJ3WZ8P28JwB+IYlEGa2SHQxScDjG2t3iOSuU9BtpA0KK5PGtu3ZxhN1UmZbQgz6ANov7/+WHChg7/lhK0Q==` | -> | West US 3 | ecdsa-sha2-nistp384 | 12/31/2025 | `IOHDwYcDq5ViVX2BntqQIr97N4H2EHpnJj6VYSxvU/g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBL2+D84rmQmiBXCyc3gEfLILeR1uZ47BSs0iPqr81qwVnbkhKgNu9yvBwEg+nzbNTK+po/3RSvHau3OGhkJpyP8V9WPPvSaJ/LwK7snZCxdP1ikGBD1sNlZuR/vjgFiVaw==` | -> | West US 3 | rsa-sha2-256 | 12/31/2023 | `pOKzaf3mrTJhfdR/9dbodyNza30TpQrYRFwKAndeaMo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC0KEDBaFSLsI28jdc854Rq6AL9Ku8g8L+OWQfWvb1ooBChMMd/oqVvFF9hkLzJ8nFPQw7+esVKys5uFwRTpBNuobF/RVtY0zLsNd+jkPxoUhs7Yl0hI2XXAPdp3uCsID56O+OrB7XbOsPCrJ2aXfiaRheRQg84/92c357uQ/epsva8XCMjIIGOAyEL6d4mnCNJ2Y0mXPJT1lfswoC8i2GSUKdJZhTLCe9zVDvTCTWuZJSH3A8nM3RVtnNgMXfNjh2blwW9YFv5BrMOXA205fahuDcPjwvXo9OMfEneDsrODmiEGYzbYLby/5/KPzz5OVn7BDJma6HL0z07i3PmEzXN` | -> | West US 3 | rsa-sha2-256 | 12/31/2025 | `WhO1GOFFnv576OFBhEkwtMbBgJdT3FYJeSJzkhEHk6c=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNFP6+UHbTOg4y0RuFS7R/Oqfag5Z7oWy5Q4//saANnPR7387auC1MGHuMAiP++LHlJTTL6/6nwL0gGnhE4ax6eOMj6TP+UnNfSgAmovhnBs0BULnIEpQkCBqawX5llUPYoG1mx9hXW+QPwpsEeK9USMz1uO2O3owTasnIhs0mJuEJVxRK+7bqDjY2+SsKnrMFO/nf62tHr/UfQ1bruCkznkpFctXbdCT6Tg8J2dO1KAIjqq2GiH/dtrS2hGTLdWgVZ1Pqt7b1Gebmeqm3jKK9Z2WaczhA+C3UF6MTCTsatf3Qv5mVnc8ZM5ggK3RsLQJ4zVxy+v7sqwSXjteVVIHN` | -> | West US 3 | rsa-sha2-512 | 12/31/2023 | `KKcoWCeuJeepexnJCxoFqKJM88XrpsPKavXOoNFEGuY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNzhiVgDjCIarGEjKgmSxRh4vWjV6PxFbNK3cD0M4jWGlxPx/otJNEXCMee0hW29b7bwo2+aiyv3AEt7JYTeM/G9SHmenU6MTpqD/lC/LABtqTB7EV9FIFkc8MbbOvEkdTnRJw1d09MTqqwbkR9wq297AWggSzCuPDqMq+268UzsthMzODRVqW3yTr3M6vhlBCPfN5ptcvYwqRaa7Yhe4bdRZ+xYB5I2+ZMkalfn7SQiySSgAGjUJxrxK+LnJKSi32CfqTU8KjWNjCc40eAqexLFjg6AN9BtC0+ZYcD2KQmeqJ8oRCWw9r4CsaduSmcjc7XD75RKGdArjYzjeiVSlt` | -> | West US 3 | rsa-sha2-512 | 12/31/2025 | `cscyajoE/dnuL7mKJItZIPne/VJeChRoNXKtt8pbniE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDMvb8yWNpx/F1X9ufh1kspD9nlNHJjx9KRbD5qNnk0g+dRgh0NurDdrP6GbEX+MtxbniVxyQd5lW97quIZWhsy94cWO7yAefJzH6LL5ZoBKftt24W/dRBAz6A2RNy5CcRD3H+5beTX3wiM5PaeTvPb2n3k3S/kv5dx3CDZyThKNQlWw957HrqWXBw5Y/urjaFoMc2zykbuYfHDWweD6XhsD+KHDUfvx6LyhrPy35Ur0dwS1V+2RQn9GK1cT7JhjTqLtH6LT9wvN223EwmmMR9MOzt0PFM82KPmTPAYgh0pYsiCyebm7D9lfEKCf2V53xzsfMd5PyNFLUwX3UtibfIh` | +> | West Central US | ecdsa-sha2-nistp256 | 01/31/2024 | `rkHjcTK2BvryQAFvjugTHdbpYBGfOdbBUNOuzctzJqM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKMjEAUTIttG+f5eocMzRIhRx5GjHH7yYPzh/h9rp9Yb3c9q2Yxw/j35JNWxpGwpkb9W1QG86Hjt4xbB+7q/D8c=` | +> | West Central US | ecdsa-sha2-nistp256 | 01/31/2026 | `9LD9RF5ZMvHPpOVy6uQ8GjM7kze/yn9KL2StDZbbWQs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA3aUdy4Z/P7X+R+BxA6zbkO96cicb9n+CjhB+y12lmF8vRLxfX03+SmiCul6+TTyuQYaW0AN9bcKDK4udy/H2s=` | +> | West Central US | ecdsa-sha2-nistp384 | 01/31/2024 | `gS9SYvaH6dCqyugArvFb13cwi8q90glNaK+fyfPie+Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBD0HqM8ubcDBRMwuruX5zqCWSp1DaLcS9cA9ndXbQHzb2gJ5bJkjzxZEeIOM+AHPJB8UUZoD12It4tCRCCOkFnKgruT61hXbn0GSg4zjpTslLRYsbJzJ/q6F2DjlsOnvQQ==` | +> | West Central US | ecdsa-sha2-nistp384 | 01/31/2026 | `8+sQzfhwPUFU8FsRTXr94dU9+RQ1Y+WSsRnAW2avOlA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBK5YEuLSqd+FiuaJDVa0+YvluAjxJGGy2hhcTaSQYXKUG6UMpBWgvYN3yf7wT7JetiUcLc/LcGe1/V2gtZHMCOpYABumkWXVOfl98UDfzyHh+p6yn872y6v9KuVJjN/LJA==` | +> | West Central US | rsa-sha2-256 | 01/31/2024 | `aSNxepEhr3CEijxbPB4D5I+vj8Um7OO6UtpzJ/iVeRg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDDWmd8Zd7dCfamYd/c1i4wYhhRnaIgUmK7z/o8ehr4bzJgWRbjrxMtbkD2y7ImjE2NIBG5xglz6v9z4CFNjCKUmoUl7+Le3Rsc5sJ/JmHAmEXb0uiDMzhq9f6Qztp+Pb9uqLfsPmm6pt1WOcpu+KNpiGtPWTL21sJApv6JPKU+msUrrCIekutsHtW6044YPXNVOnvUXv08BaPFhbpeGZ4zkrji0mCdGfz2RNcgLw0y3ZzgUuv0Lw+xV0/xwanJu4IOFI1X9Ab7NnoGMkqN/upBLJ4lRhjYVTNEv01IX2/r5WZzTn4c38Nfw4Ma3hR0BiLMTFfklFVGg2R64Z7IILoB` | +> | West Central US | rsa-sha2-256 | 01/31/2026 | `GOVwLTexmpNcGW0BJ5vXcM7K4Dy8OyLtFHEKSOFU2Vk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC12vm3S6iVMKIGxwRyaaEr5NI7EG5ttvB8gvq03LAs0WRXlSUxswM85GlbSS40OKZWe3SxEuu5uc9mL908ilVi7YQqw11ZK+7P+tljIMMmirFoeQlCdJzVjbhqgS/xe9tsKvDxOch2IBpJTEqbA6FgI2+kS0gVR1a4NehhWdm3wEcCsFEbe/tRAKrlWHPq2+bGyZIOQkArANX9CMkMUT0d2fORyl8eH0vU9w3Pg6RdHpRBPPgGcmHpv0cxE8l8rbGyM4+tx+stmnJpjF92HWPEDb1crtatPQvRkXeP+qJIHvUD1USdeEBo2bJBPpNfHqNZ/x+0TDanpYwdzFuc52zB` | +> | West Central US | rsa-sha2-512 | 01/31/2024 | `vVHVYoH1kU1IZk+uZnStj3Qv2UCyOR9qVxJfmTc20jQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC9Q8Tvvnea8hdaqt+SZr4XN1JIeR43nX6vrdhcS6yyfRgaTcEdKbAKQbwj9Fu3kq80c4F+SNzh1KQWlqLu3MJHSaSdQLN9RaHO1Dd+iVK1WgZtsPM9+6U7wupMZq8Hdmao5sqaMT5lj7g+win2J+Wibz7t8YwS7g2Xi+ode8tFPFKduZ5WvKLjI0EiAS4mvcyWEWca142E8fxV9TobUjAICfgtL4vCpmLYKnSL/kUgplD0ow86k/MHp9zghDLVSVDj8MGMra+IJEpgHOUrFNnuyua2WSJVuXR2ITfaecRKrGg7Z4IJzExPoQzDIWdCHptiGLAqvtKT0NE2rPj9U4Rp` | +> | West Central US | rsa-sha2-512 | 01/31/2026 | `105lnhGDVhkt7/KbNWNW1sMT6ezj6HYdGedf2a8tzLo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDvHbPUEzQXOZzJI2lGWDKHXztBsdwleqeQKGKfJzPlZBDtfPakRWs5BhkXBYm6hqGDO4k1huAZKqS+C1Xv/rbaY+8NkC66NLw2VyhxRLzNvOAUWcEiMji6Q7mErii0cZsjNNtnsQZj36iFGHcSihjeU55EOPt1mvo8QquqNdvBKApQ96fqy0xLoQv1JVg/CgQxv4hVkq4/yPfHZWyU29EjhHZdYwIDU6DFn1UwQw0pixnB31sFTQhYnxpMAk1xj2qkh0UiNMZThRVy/giE3OzzVcDD7bH1bZmFSAX29f8EiUEMeisHEKsQsjjGyPSQD544U4vXIznbgdHKvHNhFluJ` | +> | West Europe | ecdsa-sha2-nistp256 | 01/31/2024 | `0WNMHmCNJE1YFBpHNeADuT5h+PfJ/jJPtUDHCxCSrO0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBANx85rJLXM8QZi33y8fzvUbH+O5Cujn0oJFDGQrwhGJQTHsjIhd5bhFFgDvJ64/4SGrtP1LHDKLwr9+ltzgxIE=` | +> | West Europe | ecdsa-sha2-nistp256 | 01/31/2026 | `7Lrxb5z3CnAWI8pr2LK5eFHwDCl/Gtm/fhgGwB3zscw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE/ewktdeHJc4bH41ytmxvMR3ch9IOR+CQ2i2Pejbavmgy6XmkOnhpIPKVNytXRCToDysIjWt7DLVsQ1EHv/xtg=` | +> | West Europe | ecdsa-sha2-nistp384 | 01/31/2024 | `90g+JfQChjbb3OOV0YIGSVTkNotnefCV2NcSuMdPrzY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNJgtrLFy2zsyhNvXlwHUmDBw1De++05pr1ZTxOIVnB17XZix0Euwq/wZTs0cE01c5/kYdAp+gQHEz594e7AQXBTCTqUiIS1a4+IXzfiCcShVfMsLFBvzjm9Yn8qgW9Ofg==` | +> | West Europe | ecdsa-sha2-nistp384 | 01/31/2026 | `UpzudqPZw1MrBiBoK/HHtLLppAZF8bFD75dK7huZQnI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEDYr3fSaCAcTygFUp7MKpND4RghNd6UBjnoMB6EveRWVAiBxLTsRHNHaZ+jk3Q8kCHSEJrWKAOY4aZl78WtWcrmlWLH8gfLtcfG/sXmXka8klstLhmkCvzUXzhBclBy7w==` | +> | West Europe | rsa-sha2-256 | 01/31/2024 | `IeHrQ+N6WAdLMKSMsJiML4XqMrkF1kyOiTeTjh1PFyc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDZL63ZKHrWlwN8gkPvq43uTh88n0V6GwlTH2/sEpIyPxN56/gpgWW6aDyzyv6PIRI/zlLjZNdOBhqmEO+MhnBPkAI8edlvFoVOA6c/ft5RljQOhv+nFzgELyP8qAlZOi1iQHx7UeB1NGkQ5AIwNIkRDImeft9Iga+bDF6yWu60gY43QdGQCTNhjglNuZ6lkGnrTxQtPSC01AyU51V1yXKHzgaTByrA4tK6cGtwjFjMBsnXtX2+yoyyuQz/xNnIN63awqpQxZameGOtjAYhLhtEgl39XEIgvpAs1hXDWcSEBSMWP4z04U/tw2R5mtorL3QU1CmokWmuAQZNQcLSLLlt` | +> | West Europe | rsa-sha2-256 | 01/31/2026 | `m/p8MR6TSI/yjFpm0REBHzb+8MtSOKLhqgijeVFKX54=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCdC6asS58EMYOBJe6HXlOIeVdKIQ0MI7ZxUVrFIc7wylNm5d0dEQUrg6hpq7m4jFPY08TptGf0AAd75JqDDyXeVv6p78NclbYiFESc8HsDhM5gc0Co+qjQRXzrfhFa4o/BJQ9V/MIo0Ir4RfFMkjFVrZSa/IS3DFvjZkmcP1oGumJ0re1pZK2dHoxH9foEbqG2j93XclQECm/RYmaobJ6DwXWhWuFTgu2C+GE2yvi3lP1NZPrROR2VVA3xRNfPeBSsxNyEVI5EpDfAIMfUGzB1uH6Hb4P2wQmTtiDOY4hBWYNzwJyllSiGNJ26ZETgK7uy6rwCPj75NnY1hFF7wM89` | +> | West Europe | rsa-sha2-512 | 01/31/2024 | `7+VdJ21y+HcaNRZZeaaBtk1AjkCNK4weG5mkkoyabi0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDYAmiv6Tk/o02McJi79dlIdPLu1I5HfhsdPlUycW+t1zQwZL+WaI182G6SY728hJOGzAz51XqD4e5yueAZYjOJwcGhHVq6MfabbhvT1sxWQplnk3QKrUMRXnyuuSua1j+AwXsm957RlbW9bi1aQKdJgKq3y2yz+hqBS76SX9d8BxOHWJl5KwCIFaaJWb0u32W2HGb9eLDMQNipzHyANEQXI9Uq2qRL7Z20GiRGyy7VPP6AbPYTprrivo3QpYXSXe9VUuuXA9g3Bz3itxmOw6RV9aGQhCSp22BdJKDl70FMxTm1d87LEwOQmAViqelEeY+DEowPHwVLQs3rIJrZHxYV` | +> | West Europe | rsa-sha2-512 | 01/31/2026 | `UOJXkaV/Dphq7zGqbzdcMhKBYg5PKVoDA9d3FKoxoWI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDFkp12XZbCzf2hNsxHuiPErkpOaEy89scBSZWZqIQdh2oEXuIS5IgxLkgcZ1oYaNh8QCHiKFH1d8TkYn37OqGGeRhHeshiusU7e6e3az4vcotyYs9vgJIkLkH+lbPL1u6AbnrT58CP/3hAgRX9OAsQiyNcK+9zmlV0wNhp8HlLSpV7EkLcD4HGMsy8h+TIczzM3PA20aRQQH1pcF55u+oULVR4bETJ2ZjQgW/Op90oagdtvNGyIlEKzHD2O8i+mW0OuMoMq1lRUEsL436MZ5h1EnolstvFZqGo2SUM6LTyNHYVDAxuzBAqG11XymsGJSGah46HrHzEKDHALm2DT0X1` | +> | West India | ecdsa-sha2-nistp256 | 01/31/2024 | `t+PVPMSVEgQ3FPNploXz7mO25PFiEwzxutMjypoA2DM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCzR5dhW3wfN5bRqLfeZ2hlj7iRerE4lF5jk+iQl6HJHKXIsH6lQ63Wyg7wOzF65jNnvubAJoEmzyyYig+D3A+w=` | +> | West India | ecdsa-sha2-nistp256 | 01/31/2026 | `fqnnguov0esOCv5kzyNu+QB/OdgLfJRFQiX1ZcBL9zk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJerCcVxwdgkwow5l62SLJdDGAkLU5274U+3Y0KXtn5jMffsvVPbYBp+xpzV7C/9hGvSjarTA2zZS+x9mmINLKs=` | +> | West India | ecdsa-sha2-nistp384 | 01/31/2024 | `pLODd+3JNeLVcPYYnI0rSWoemhMWws0jLc3J8cV6+GU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBL2PEknfZpPAT4ejqBJW8InHPELP1G7hGvroW5J3evJr8Qrr//voa6aH8ZF7Ak0HcVVOOCSzfjcEpZYjjrXrzuCOekU48DkSF8i1kKqV4iXejNNQ1ohDCbsiAyoxQMY9cA==` | +> | West India | ecdsa-sha2-nistp384 | 01/31/2026 | `UjeoSwhOAV7RXh9oyGDVn9SLqKYkP7yeQR1V7uQozrg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGs53qZH59WZCV1Cyk6qCHhGZOvwRLQxrl20t9D1Xit2dzM5LxJTmUHWx0iiCetUu2+btDi3QVoU4RjUkC6gVNV997fPhaCPwtskXVEfwUjGDn2lKo/5Zz6jg3hWbV4C2g==` | +> | West India | rsa-sha2-256 | 01/31/2024 | `Fkh7r/tOJy1cZC6nI75VsO1sS3ugMvJ56U02uGGJHFo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDHCzLI51bbBLWK7TcXvXvEHaLQMzuYKEwyoS1/oC5EN3NsLZl4BV5d2zbLETFDjsky/btWiAkCvHuzxealxGgzw69ll90aWSOEY/epaYJvueOTvGy4+rJY8Xyc64VdHml8n3EEZTQmBEi3Tn6bViLwvC0iT2/noLeYGXh0/NL0T3BeblwSm3cNXyemkBQO/zyYcchqRtKJu8w8brYVZYFINlTeBu4LyDP1k9DMtuewGoeH8SmvDxUmiIGh2VDlPmXe3IkMR0nSgz10jMl3F0fei7ZJ+8zdCVbBuIqsJf+koJa/q9npstWGMFddMX3nR0A3HnG4v5aCAGVmfl11iC0J` | +> | West India | rsa-sha2-256 | 01/31/2026 | `6o6rED61qGbOmiYN+2ZwFqhKy7yYACvHKEchCDE5DQ0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCpdKbl4v4dOTnRaSv/Y+d/yZVgg6841dCembUsn9SZ/oTGeNojSqf52qDYpeTosWBXzFBhVVldeXU8F6lEIMaHXmWMtqgcXkEGj/dteA+CNWiP96PFGp2Ea6YQk7EDanEeG8VJnCbdXuhMlx/f1+evZKAradA5tBQsx8o/KcqlVj7YRcwVcuT7uCd3E8IEqfUkxixP/60of7UrP1e5n8FW+7yN6BOW/DI8hXPEGt30xW1cb2m+sYY7wKbPElJ35XSwji2UOUrH0EQxCHvUiXi/y27Js7bB0iMb/acEUseEnewOWg24766FeGsI5hFI/gMEwmo7LOiIK48pbhrR0evh` | +> | West India | rsa-sha2-512 | 01/31/2024 | `xDtcgfElRGUUgWlU9tRmSQ58WEOKoUSKrHFDruhgDIM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCXehufp18nKehU4/GOWMkXJ87t22TyG5bNdVCPO2AgLJ88FBwZJvDurLgdPRDRuJImysbD7ucwk2WoDNC39q0TWtCRyIKTXfwvPmyG+JZKkT+/QfslMqiAXAPIQtVr2iXTeuHmn3tk+PksGXnTwb3oFV4wv40Wi1CbwvtCkUsBSujq4AR7BqksPnAqPrAyw+fFR3w4iD3EdtHBdIVULez3lkpMH/d04rf2bjh6lpI9YUdcdAmTGYeMtsf/ef8z0G2xpN2aniLCoCPQP85cooKq7YEhBDR8Lzem3vWnqS3gPc4rUrCJoDkGm0iL/4GCWRyG+RPi70WSdVysJ+HIm0Ct` | +> | West India | rsa-sha2-512 | 01/31/2026 | `MhWWguOBOabnBUZj7sfAi/bjlt+FLnbpdveOo8a55RA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDD/dgokjPgehyaJKnjsKwHVuiq6vAkdEYIhe4Ug7Cxw+yfSdH53mXZEtMHK8aCWqR1RDq9tJDlJMTIQbTJzRN0btX4uYT2UD4TU/nG3IpZhtebTFIbf6Gc76jN91jpkZhwQ9LBtf53KFwgHb1Ll2mwROVblDOmVN335kxyz1xTnHzNYZgMLxyIyihPlipbUkiAwXAm5Vsfpj/eHlcTINZUZUAP0bRTRrqWPpjJY92am0plMn0rqxhCeiUDApXzOSzxoFEqShcBGAEecR1DlvXTDwBLsY2ZAp2G52BhWzppHmfwzc0wH1O3QvzghwJ0erx4VatorLtUiSvq+Nc7caT5` | +> | West US | ecdsa-sha2-nistp256 | 01/31/2024 | `peqBbfcWZRW4QzLi69HicUUTwdtfW7/E9WGkgRMheAo=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBcTos/zmSn15kzn1Lk8N8QQh9hzOwqOSOf/bCpu6AQbWJtvjf1pHMuZlS2PpIV7G+/ImxXGpqpHqQlcD+Lg8Ro=` | +> | West US | ecdsa-sha2-nistp256 | 01/31/2026 | `wperGSrWWXuMxThLydo9c1vl9FBXDsJndwHu8x2qx+s=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKW5TfLgVBOzf/MlenMuKtG/Es1rejUEQr1OQqf/IrKUSt5dijkoCJpxlRupa8DTZHM+6SzUZ4DyHhi2KLXLr3E=` | +> | West US | ecdsa-sha2-nistp384 | 01/31/2024 | `sg63Cc3Mvnn9hoapGaEuZByscUEMa+xgw/3ruz49szk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGzX2t9ALjFwpcBLm4B0+/D47PMrDya0KTva5w4E5GZNb5OwQujQvtUS2owd8BcKdMBeXx2S7qbcw6cQFffRxE+ZTr4J+3GoCmDM0PqraXxJHBRxyeK6vlrSR8ojRzIApA==` | +> | West US | ecdsa-sha2-nistp384 | 01/31/2026 | `x7dfHFGCUko41YObPl0UTf11dd6rcl96gdzhBGsRqKI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMz4aRR1X8ft8T6/oUNuCRNXbajgaSyKxKOe3OlkHHWGxu1vP0h9I8dHPzlG/yB796xg2ygFe/h3TaFVujYZNmP4M5uWmhxahJ6hceYRQp7EKv4n3SR2kNGSngRkj3EdZw==` | +> | West US | rsa-sha2-256 | 01/31/2024 | `kqxoK1j6vHU8o8XyaiV87tZFEX9nE6o/yU0lOR5S6lE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAd7gh0mFw3iRAKusX3ai6OE0KO5O2CMlezvZOAJEH88fzWQ/zp0RZ1j7zJ8sbwslA6v3oRQ7Cx9ptAMTrL8SW4CZYcwETlfL3ZP39Llh+t7rZovIgvCDU0tijYvsa1W0T9XZgcwWEm6cWQzdm+i9U0KUdh7KgsubPAhGQ7xrOVEqgB9MYMofSSdIfKMt8K7xOSam6mhWiTSSIEGgeMTIZ9TgXkgAEJ8TNl3QHRoM8HxMnRFjtkXbT3EeSg6VOqi69Cei3hrmS64qvdzt2WwoTQwTFjxHocWGgA+Ow53wqWt8iYgOudpoB1neXiIcF4p0CN8zjvXNiRbZPg9lXFM9R` | +> | West US | rsa-sha2-256 | 01/31/2026 | `/0XElvAnzA260jbgxbbbW4ZktmIJBTR/I/8r+ap7d5g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDctdy9TQF` | +> | West US | rsa-sha2-512 | 01/31/2024 | `/PP9B/9KEa+QUyump1Yt05Lfk0LY/eyQhHyojh5zMEg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC8R8bFe8QSTYKK+4evMpnlB8y0rQCqikTyviqD4rva7i4f1f/JxmptJQ/wkipHPXk6E7Du6oK/iJaZ+wjZ03tNIWwAGn0SdlTvWuwQwigK9k3JRlLYO+Uj/SSnBQWf8Dmp+cA6RDalteHpM2KwaUK65BHYC75bWKHaNntadTIU4kQ0BvFzmNRcJWL6otd5RkdYXjJWHu21zcv4EpRHGmVCD0na+UWce6UGDbLDtsZVJd2Q7IyeTrXpWxEO0fFN2Gu9gINfWC1FpuffGaqWSa4nK69n39lUKz4PUdu6Owmd9aNbLXknvtnW4+xGbX6oQa8wYulINHjdNz8Ez6nOiNZ9` | +> | West US | rsa-sha2-512 | 01/31/2026 | `SWWxUUOar1u0jPPi4XjB5Ml8LVRI8FWCMKVR+vN3uKs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDWNjo16W9rd72PATIzhqQfGdzY/3YkuPRtmHa0VashniM2Edqmqtjn/8Z/CFmWA1wS0CulgqLvZ9UdtHUegiJdrrY++HBGCv4DC6YcXAMczhlYDB1qMap0ELFVjqVdGe1w8tzhO02q5hhn9LdaDkyGVuaEPkzVYbRoGEYpTszFcLUJ1isCDRX/41Ek7ELyHUgv8TEyMMZ5ndqB9xuA2BcwR+8U0+3iHY0JhwAQZvRyzeipUh0S3eEF96IraMvMCAg6hA5axlEZYC/t1ZoRnmdAuNpFwRCQTd0tNL8g+nTE1GK7SoITSl1/YVfTqtiisFCoDrEHWanrdFiBogZQB1mh` | +> | West US 2 | ecdsa-sha2-nistp256 | 01/31/2024 | `rt5kaA0neIFDIWTP2MjWk9cOSapzEyafirEgPGt+9HM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKEKP+1QZf3GfEvkNZtzoKr05iAwGq+yPhUsVdyA7uKnwvTwZAi7NBr4hMkGIIdgQlGrMNNXKS0V+rhMNI1sH48=` | +> | West US 2 | ecdsa-sha2-nistp256 | 01/31/2026 | `68JQ/P3TUrEAk2hMHXUF12kiH+J1s4wNbw2QsGHiX6g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKVvUWrwtZRU8DdawVrzYz6zLkmjC/I+chcu4KxSwUnHP/QyEcKJHbP45XU5dQ884MKKV4jo+8jXwjdzOx/f/kk=` | +> | West US 2 | ecdsa-sha2-nistp384 | 01/31/2024 | `g0vDKd4G5MKnxWewbnCYahCv1lZgfnZeEXfPAhv+trs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBB1+/Qu9Y1BqqV3seN0+0ITYCueuv0TFAnfG9z1Io8VYjmxLvdmaDvTi9kJ0ShjFJRKjbCfYKNekqYZDW4gBfmE9EyvMPI6VXPVLNY3TQ/z+Y7qO/oa28cSirW9fhp7vbA==` | +> | West US 2 | ecdsa-sha2-nistp384 | 01/31/2026 | `uUGvuCxgDLpe1SHg7gwm98iqzdw3NBKcg2UWPhfZ5hE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYPlipfp0E7RMEm+82OTZDCRM2Ll7Ag9g0o/RFzNNs5KbSbwjfBFSq8W1+DM/m1s45I+LY12jxPNs+8tRbNMARl3rnG8ZC5oSDPtQNsedIhkNzFvaMl9DVSdfWJ/1nflg==` | +> | West US 2 | rsa-sha2-256 | 01/31/2024 | `ktnBebdoHk7eDo2tvJuv36XnMtfauhvF/r0uSo6DBfk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDoskHzExtM+YSXGK6cBgmnLlXsZLWXkEexPKC7wHdt0kSqkIk9F31wD+2LefZzaTGfAmY5/EWrOsyBJvIgOoksH+ZPMnE9+TOWqy6vsS+Ml/ITvUkWajS1bKDPDSoIrCM1rQ9PlbgMQFg4o0FfyxLVCP7hcgvHO+aycOxkiDqtvwANvIn2Qwt7xwpIv1Mnc4OpcBSxbigb7ISlrvR9XWivE/piWjXS3IEYkGv7VitAlmWEoTt9L7K94bYol2nCXSXJ33X6xVVwVNpdxVtnUQBIRinN+vkOccgG0jvWtWPtrMjyDg/lyvr6lBdO/CQy4VO4VrIBuL6pjsS8KfIfTxKd` | +> | West US 2 | rsa-sha2-256 | 01/31/2026 | `WOdi+FVzlkWLhCdljVB8m5QUGP7i9BQv+TX5dRflO64=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC9FWlQHNtLZy21Wfi9I8t721lWp30x5TjvfmoMAO/wc/ktmoQySpUJltSgGTR+LCbCvgdKE98AxoRaJS/9x4HFW6/amYIy53F/YKgybul6udkoqWQ1mdul6y4BeLjKyZs6wW9H1NwCDIBApgVfQCpIbenZ7xeiz8z4lZeYxFcHWqR6FfrTztTwx+6cuwu0276piJ4TZCj4aCt8AZSR8nsQy6Plrcti1BMKzbkqSa5pwSIxiKyUATW2enQAVz6hINPw6tr/J7/IlW3612YwgnpR1/qedpUDkrYw34O2slfOXz4d7bSbWD+WoRXMT1bGuqXzgvtQH7MDrZ2q1w4nNfqZ` | +> | West US 2 | rsa-sha2-512 | 01/31/2024 | `i8v3Xxh/phaa5EyZEr5NM4nTSC/Rz7Nz0KJLdvAL0Ls=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOOo5f0ACypThvoDEokPfzGJUxbkyMoQKca9AgEb3YkQ/lsYCfLtfGxMr2FTOGQyx5wfhOrN0B2SpI4DBgF3B0YSLK0omZRY7fpVPspWWHrsbTOJm/Fn7bWCM+p63xurZ6RUPCA6J1gXd3xbdW7WQXLGBJZ6fjG7PbqphIOfFtwcs/JvjhjhvleHrXOtfGw9b4Jr8W1ldtgKslGCU1mnUhOWWXUi+AhwGFTI0G/AShlpX8ywulk2R+fxet3SNGNQmjydnNkcsrBI/EMytO1kwoJB3KmLHEeijaQzK7iJxRDZEHlHWos6G7jwaGPI4rV5/S1N+xnG+OhCDYAUbunp5R` | +> | West US 2 | rsa-sha2-512 | 01/31/2026 | `tIgpJAxfZKsvi3k9uaw7+ZjBnjATmwh5gP4PEhv1/o4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCukOsbGJpfRbExD2qR7RjjSNYuN0gGKTT9bkFQ24zZ+rqNCpLbg6PDISfVbPGs6rC4nwL4IaUySgmN8F/8Im0A1czVtnSsL2k0kdpVCQAaH1E8fV1lqKphKayZ3b4zzfuA9+DKQ06yPr0PmO3mUOVAv/CCBxRNpVj92P9f/CTY9wQpBSsJhl5XTAQhgTlQLcPmP9JMrSavMCnx3ablh8xrAwGcsNUBHc43KmA3CMTD3+MF4eAWmWxvzdNzrSVu3pta2yz1N8vnP0WGUBM6kY8KB2KClKkzms2kIFx2Fe2pfn1LU/SYX0MGuhKc0n/CWhzmckSDIOyWcYsTpiqwsAoV` | +> | West US 3 | ecdsa-sha2-nistp256 | 01/31/2024 | `j4NlZP/wOXKnM3MkNEcTksqwBdF0Z46+rdi2Ic1Oj54=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBETvvRvehAQ2Ol0FfTt649/4Xsd0DQQ7vyZ666B92wRhvyziGIrOhy8klXHcijmRYRz3EjTHyXHZ4W8kcSKB4Lo=` | +> | West US 3 | ecdsa-sha2-nistp256 | 01/31/2026 | `6p/fmVisz/bHbuWC7UucbAnBdgK4WQVkw6zzhvFhHFY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHpgzFgmBhkzPGtDbZDxFkPf5002g5lNWvDTlmwr0w9iFcZpFo3nmb7P8hwmM1fuIIY3TP975fdWQksb0BalCVQ=` | +> | West US 3 | ecdsa-sha2-nistp384 | 01/31/2024 | `DkJet/6Pm6EXfpz2Ut6aahJ94OvjG3R7+dlK0H4O1ts=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEu+HpgDp0a02miiJjD5qVcMcjWiZg5iIExECqD/KQVkfyraJ3WZ8P28JwB+IYlEGa2SHQxScDjG2t3iOSuU9BtpA0KK5PGtu3ZxhN1UmZbQgz6ANov7/+WHChg7/lhK0Q==` | +> | West US 3 | ecdsa-sha2-nistp384 | 01/31/2026 | `IOHDwYcDq5ViVX2BntqQIr97N4H2EHpnJj6VYSxvU/g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBL2+D84rmQmiBXCyc3gEfLILeR1uZ47BSs0iPqr81qwVnbkhKgNu9yvBwEg+nzbNTK+po/3RSvHau3OGhkJpyP8V9WPPvSaJ/LwK7snZCxdP1ikGBD1sNlZuR/vjgFiVaw==` | +> | West US 3 | rsa-sha2-256 | 01/31/2024 | `pOKzaf3mrTJhfdR/9dbodyNza30TpQrYRFwKAndeaMo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC0KEDBaFSLsI28jdc854Rq6AL9Ku8g8L+OWQfWvb1ooBChMMd/oqVvFF9hkLzJ8nFPQw7+esVKys5uFwRTpBNuobF/RVtY0zLsNd+jkPxoUhs7Yl0hI2XXAPdp3uCsID56O+OrB7XbOsPCrJ2aXfiaRheRQg84/92c357uQ/epsva8XCMjIIGOAyEL6d4mnCNJ2Y0mXPJT1lfswoC8i2GSUKdJZhTLCe9zVDvTCTWuZJSH3A8nM3RVtnNgMXfNjh2blwW9YFv5BrMOXA205fahuDcPjwvXo9OMfEneDsrODmiEGYzbYLby/5/KPzz5OVn7BDJma6HL0z07i3PmEzXN` | +> | West US 3 | rsa-sha2-256 | 01/31/2026 | `WhO1GOFFnv576OFBhEkwtMbBgJdT3FYJeSJzkhEHk6c=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNFP6+UHbTOg4y0RuFS7R/Oqfag5Z7oWy5Q4//saANnPR7387auC1MGHuMAiP++LHlJTTL6/6nwL0gGnhE4ax6eOMj6TP+UnNfSgAmovhnBs0BULnIEpQkCBqawX5llUPYoG1mx9hXW+QPwpsEeK9USMz1uO2O3owTasnIhs0mJuEJVxRK+7bqDjY2+SsKnrMFO/nf62tHr/UfQ1bruCkznkpFctXbdCT6Tg8J2dO1KAIjqq2GiH/dtrS2hGTLdWgVZ1Pqt7b1Gebmeqm3jKK9Z2WaczhA+C3UF6MTCTsatf3Qv5mVnc8ZM5ggK3RsLQJ4zVxy+v7sqwSXjteVVIHN` | +> | West US 3 | rsa-sha2-512 | 01/31/2024 | `KKcoWCeuJeepexnJCxoFqKJM88XrpsPKavXOoNFEGuY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNzhiVgDjCIarGEjKgmSxRh4vWjV6PxFbNK3cD0M4jWGlxPx/otJNEXCMee0hW29b7bwo2+aiyv3AEt7JYTeM/G9SHmenU6MTpqD/lC/LABtqTB7EV9FIFkc8MbbOvEkdTnRJw1d09MTqqwbkR9wq297AWggSzCuPDqMq+268UzsthMzODRVqW3yTr3M6vhlBCPfN5ptcvYwqRaa7Yhe4bdRZ+xYB5I2+ZMkalfn7SQiySSgAGjUJxrxK+LnJKSi32CfqTU8KjWNjCc40eAqexLFjg6AN9BtC0+ZYcD2KQmeqJ8oRCWw9r4CsaduSmcjc7XD75RKGdArjYzjeiVSlt` | +> | West US 3 | rsa-sha2-512 | 01/31/2026 | `cscyajoE/dnuL7mKJItZIPne/VJeChRoNXKtt8pbniE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDMvb8yWNpx/F1X9ufh1kspD9nlNHJjx9KRbD5qNnk0g+dRgh0NurDdrP6GbEX+MtxbniVxyQd5lW97quIZWhsy94cWO7yAefJzH6LL5ZoBKftt24W/dRBAz6A2RNy5CcRD3H+5beTX3wiM5PaeTvPb2n3k3S/kv5dx3CDZyThKNQlWw957HrqWXBw5Y/urjaFoMc2zykbuYfHDWweD6XhsD+KHDUfvx6LyhrPy35Ur0dwS1V+2RQn9GK1cT7JhjTqLtH6LT9wvN223EwmmMR9MOzt0PFM82KPmTPAYgh0pYsiCyebm7D9lfEKCf2V53xzsfMd5PyNFLUwX3UtibfIh` | |
storage | Storage Blob Copy Url Python | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/storage-blob-copy-url-python.md | description: Learn how to copy a blob from a source object URL in Azure Storage Previously updated : 08/02/2023 Last updated : 11/20/2023 ms.devlang: python This article shows how to copy a blob from a source object URL using the [Azure The client library methods covered in this article use the [Put Blob From URL](/rest/api/storageservices/put-blob-from-url) and [Put Block From URL](/rest/api/storageservices/put-block-from-url) REST API operations. These methods are preferred for copy scenarios where you want to move data into a storage account and have a URL for the source object. For copy operations where you want asynchronous scheduling, see [Copy a blob with asynchronous scheduling using Python](storage-blob-copy-async-python.md). +To learn about copying blobs using asynchronous APIs, see [Copy a blob from a source object URL asynchronously](#copy-a-blob-from-a-source-object-url-asynchronously). + ## Prerequisites - This article assumes you already have a project set up to work with the Azure Blob Storage client library for Python. To learn about setting up your project, including package installation, adding `import` statements, and creating an authorized client object, see [Get started with Azure Blob Storage and Python](storage-blob-python-get-started.md).+- To use asynchronous APIs in your code, see the requirements in the [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming) section. - The [authorization mechanism](../common/authorize-data-access.md) must have permissions to perform a copy operation. To learn more, see the authorization guidance for the following REST API operation: - [Put Blob From URL](/rest/api/storageservices/put-blob-from-url#authorization) - [Put Block From URL](/rest/api/storageservices/put-block-from-url#authorization) You can perform a copy operation on any source object that can be retrieved via :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-copy-put-from-url.py" id="Snippet_copy_from_external_source_put_blob_from_url"::: +## Copy a blob from a source object URL asynchronously ++The Azure Blob Storage client library for Python supports copying a blob from a source URL asynchronously. To learn more about project setup requirements, see [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming). ++Follow these steps to copy a blob from a source object URL using asynchronous APIs: ++1. Add the following import statements: ++ ```python + import asyncio ++ from azure.identity.aio import DefaultAzureCredential + from azure.storage.blob.aio import BlobServiceClient, BlobClient + ``` ++1. Add code to run the program using `asyncio.run`. This function runs the passed coroutine, `main()` in our example, and manages the `asyncio` event loop. Coroutines are declared with the async/await syntax. In this example, the `main()` coroutine first creates the top level `BlobServiceClient` using `async with`, then calls the method that copies a blob from a source URL. Note that only the top level client needs to use `async with`, as other clients created from it share the same connection pool. ++ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-copy-put-from-url-async.py" id="Snippet_create_client_async"::: ++1. Add code to copy a blob from a source URL. The following code example is the same as the synchronous example, except that the method is declared with the `async` keyword and the `await` keyword is used when calling the `upload_blob_from_url` method. ++ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-copy-put-from-url-async.py" id="Snippet_copy_from_azure_put_blob_from_url"::: ++With this basic setup in place, you can implement other examples in this article as coroutines using async/await syntax. + ## Resources To learn more about copying blobs using the Azure Blob Storage client library for Python, see the following resources. The Azure SDK for Python contains libraries that build on top of the Azure REST ### Code samples -- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-copy-put-from-url.py)+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-copy-put-from-url.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-copy-put-from-url-async.py) code samples from this article (GitHub) [!INCLUDE [storage-dev-guide-resources-python](../../../includes/storage-dev-guides/storage-dev-guide-resources-python.md)] |
storage | Storage Blob Delete Python | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/storage-blob-delete-python.md | +To learn about deleting a blob using asynchronous APIs, see [Delete a blob asynchronously](#delete-a-blob-asynchronously). + ## Prerequisites - This article assumes you already have a project set up to work with the Azure Blob Storage client library for Python. To learn about setting up your project, including package installation, adding `import` statements, and creating an authorized client object, see [Get started with Azure Blob Storage and Python](storage-blob-python-get-started.md).+- To use asynchronous APIs in your code, see the requirements in the [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming) section. - The [authorization mechanism](../common/authorize-data-access.md) must have permissions to delete a blob, or to restore a soft-deleted blob. To learn more, see the authorization guidance for the following REST API operations: - [Delete Blob](/rest/api/storageservices/delete-blob#authorization) - [Undelete Blob](/rest/api/storageservices/undelete-blob#authorization) The following code example gets the latest version of a deleted blob, and restor :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-delete-blobs.py" id="Snippet_restore_blob_version"::: +## Delete a blob asynchronously ++The Azure Blob Storage client library for Python supports deleting a blob asynchronously. To learn more about project setup requirements, see [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming). ++Follow these steps to delete a blob using asynchronous APIs: ++1. Add the following import statements: ++ ```python + import asyncio ++ from azure.identity.aio import DefaultAzureCredential + from azure.storage.blob.aio import BlobServiceClient + ``` ++1. Add code to run the program using `asyncio.run`. This function runs the passed coroutine, `main()` in our example, and manages the `asyncio` event loop. Coroutines are declared with the async/await syntax. In this example, the `main()` coroutine first creates the top level `BlobServiceClient` using `async with`, then calls the method that deletes the blob. Note that only the top level client needs to use `async with`, as other clients created from it share the same connection pool. ++ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-delete-blobs-async.py" id="Snippet_create_client_async"::: ++1. Add code to delete the blob. The code is the same as the synchronous example, except that the method is declared with the `async` keyword and the `await` keyword is used when calling the `delete_blob` method. ++ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-delete-blobs-async.py" id="Snippet_delete_blob"::: ++With this basic setup in place, you can implement other examples in this article as coroutines using async/await syntax. + ## Resources To learn more about how to delete blobs and restore deleted blobs using the Azure Blob Storage client library for Python, see the following resources. The Azure SDK for Python contains libraries that build on top of the Azure REST ### Code samples -- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-delete-blobs.py)+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-delete-blobs.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-delete-blobs-async.py) code samples from this article (GitHub) [!INCLUDE [storage-dev-guide-resources-python](../../../includes/storage-dev-guides/storage-dev-guide-resources-python.md)] |
storage | Storage Blob Download Python | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/storage-blob-download-python.md | +To learn about downloading blobs using asynchronous APIs, see [Download blobs asynchronously](#download-blobs-asynchronously). + ## Prerequisites - This article assumes you already have a project set up to work with the Azure Blob Storage client library for Python. To learn about setting up your project, including package installation, adding `import` statements, and creating an authorized client object, see [Get started with Azure Blob Storage and Python](storage-blob-python-get-started.md).+- To use asynchronous APIs in your code, see the requirements in the [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming) section. - The [authorization mechanism](../common/authorize-data-access.md) must have permissions to perform a download operation. To learn more, see the authorization guidance for the following REST API operation: - [Get Blob](/rest/api/storageservices/get-blob#authorization) The following code example shows how to specify data transfer options when creat :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-download.py" id="Snippet_download_blob_transfer_options"::: +## Download blobs asynchronously ++The Azure Blob Storage client library for Python supports downloading blobs asynchronously. To learn more about project setup requirements, see [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming). ++Follow these steps to download a blob using asynchronous APIs: ++1. Add the following import statements: ++ ```python + import asyncio ++ from azure.identity.aio import DefaultAzureCredential + from azure.storage.blob.aio import BlobServiceClient, BlobClient + ``` ++1. Add code to run the program using `asyncio.run`. This function runs the passed coroutine, `main()` in our example, and manages the `asyncio` event loop. Coroutines are declared with the async/await syntax. In this example, the `main()` coroutine first creates the top level `BlobServiceClient` using `async with`, then calls the method that downloads the blob. Note that only the top level client needs to use `async with`, as other clients created from it share the same connection pool. ++ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-download-async.py" id="Snippet_create_client_async"::: ++1. Add code to download the blob. The following example downloads a blob to a local file path using a `BlobClient` object. The code is the same as the synchronous example, except that the method is declared with the `async` keyword and the `await` keyword is used when calling the `download_blob` method. ++ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-download-async.py" id="Snippet_download_blob_file"::: ++With this basic setup in place, you can implement other examples in this article as coroutines using async/await syntax. + ## Resources To learn more about how to download blobs using the Azure Blob Storage client library for Python, see the following resources. The Azure SDK for Python contains libraries that build on top of the Azure REST ### Code samples -- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-download.py)+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-download.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-download-async.py) code samples from this article (GitHub) [!INCLUDE [storage-dev-guide-resources-python](../../../includes/storage-dev-guides/storage-dev-guide-resources-python.md)] |
storage | Storage Blobs List Python | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/storage-blobs-list-python.md | +To learn about listing blobs using asynchronous APIs, see [List blobs asynchronously](#list-blobs-asynchronously). + ## Prerequisites - This article assumes you already have a project set up to work with the Azure Blob Storage client library for Python. To learn about setting up your project, including package installation, adding `import` statements, and creating an authorized client object, see [Get started with Azure Blob Storage and Python](storage-blob-python-get-started.md).+- To use asynchronous APIs in your code, see the requirements in the [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming) section. - The [authorization mechanism](../common/authorize-data-access.md) must have permissions to list blobs. To learn more, see the authorization guidance for the following REST API operation: - [List Blobs](/rest/api/storageservices/list-blobs#authorization) file4.txt > [!NOTE] > Blob snapshots cannot be listed in a hierarchical listing operation. +## List blobs asynchronously ++The Azure Blob Storage client library for Python supports listing blobs asynchronously. To learn more about project setup requirements, see [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming). ++Follow these steps to list blobs using asynchronous APIs: ++1. Add the following import statements: ++ ```python + import asyncio ++ from azure.identity.aio import DefaultAzureCredential + from azure.storage.blob.aio import BlobServiceClient, ContainerClient, BlobPrefix + ``` ++1. Add code to run the program using `asyncio.run`. This function runs the passed coroutine, `main()` in our example, and manages the `asyncio` event loop. Coroutines are declared with the async/await syntax. In this example, the `main()` coroutine first creates the top level `BlobServiceClient` using `async with`, then calls the method that lists the blobs. Note that only the top level client needs to use `async with`, as other clients created from it share the same connection pool. ++ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-list-blobs-async.py" id="Snippet_create_client_async"::: ++1. Add code to list the blobs. The following code example lists blobs using a flat listing. The code is the same as the synchronous example, except that the method is declared with the `async` keyword and the `await` keyword is used when calling the `list_blobs` method. ++ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-list-blobs-async.py" id="Snippet_list_blobs_flat"::: ++With this basic setup in place, you can implement other examples in this article as coroutines using async/await syntax. + ## Resources To learn more about how to list blobs using the Azure Blob Storage client library for Python, see the following resources. The Azure SDK for Python contains libraries that build on top of the Azure REST ### Code samples -- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-list-blobs.py)+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-list-blobs.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-list-blobs-async.py) code samples from this article (GitHub) [!INCLUDE [storage-dev-guide-resources-python](../../../includes/storage-dev-guides/storage-dev-guide-resources-python.md)] |
storage | Storage Manage Find Blobs | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/storage/blobs/storage-manage-find-blobs.md | The following table summarizes the differences between metadata and blob index t ## Pricing -You're charged for the monthly average number of index tags within a storage account. There's no cost for the indexing engine. Requests to Set Blog Tags, Get Blob Tags, and Find Blob Tags are charged at the current respective transaction rates. Note that the number of list transactions consumed when doing a Find Blobs by Tag transaction is equal to the number of clauses in the request. For example, the query (StoreID = 100) is one list transaction. The query (StoreID = 100 AND SKU = 10010) is two list transactions. See [Block Blob pricing to learn more](https://azure.microsoft.com/pricing/details/storage/blobs/). +You're charged for the monthly average number of index tags within a storage account. There's no cost for the indexing engine. Requests to Set Blob Tags, Get Blob Tags, and Find Blob Tags are charged at the current respective transaction rates. Note that the number of list transactions consumed when doing a Find Blobs by Tag transaction is equal to the number of clauses in the request. For example, the query (StoreID = 100) is one list transaction. The query (StoreID = 100 AND SKU = 10010) is two list transactions. See [Block Blob pricing to learn more](https://azure.microsoft.com/pricing/details/storage/blobs/). <a id="regional-availability-and-storage-account-support"></a> |
stream-analytics | Stream Analytics Parsing Protobuf | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/stream-analytics/stream-analytics-parsing-protobuf.md | +>[!NOTE] +> Azure Stream Analytics does not support schema registry for Protocol Buffer (Protobuf) data formats. + ## Steps to configure a Stream Analytics job To configure your Stream Analytics job to deserialize events in Protobuf: To learn more about Protobuf data types, see the [official Protocol Buffers docu - Enumerations aren't supported. If the Protobuf definition file contains enumerations, the `enum` field is empty when the Protobuf events deserialize. This condition leads to data loss. - Maps in Protobuf aren't supported. Maps in Protobuf result in an error about missing a string key.-+ - When a Protobuf definition file contains a namespace or package, the message type must include it. For example: :::image type="content" source="./media/protobuf/proto-namespace-example.png" alt-text=" Screenshot that shows an example of a Protobuf definition file with a namespace." lightbox="./media/protobuf/proto-namespace-example.png" ::: - In the Protobuf deserializer in the portal, the message type must be `namespacetest.Volunteer` instead of the usual `Volunteer`. + In the Protobuf deserializer in the portal, the message type must be `Namespacetest.Volunteer` instead of the usual `Volunteer`. + +- If the original package or namespace is all uppercase or lowercase, the message type must include it with the first character of the package or namespace in uppercase. For example, if the namespace is `nameSpaceTest`, use `nameSpaceTest.Volunteer`. This rule applies to a message type without a namespace or package. ++- You must specify your message in your protobuf definition file without the `Optional` keyword. In Proto 3, all fields are optional. For example: ++ :::image type="content" source="./media/protobuf/proto-with-optional-keyword.png" alt-text="Screenshot that shows an example of a Protobuf definition file with optional keyword in the message." lightbox="./media/protobuf/proto-with-optional-keyword.png" ::: ++ This Protobuf definition file shows a message that has `Optional` keyword. To deserialize correctly, you must remove the keyword: ++ :::image type="content" source="./media/protobuf/proto-without-optional-keyword.png" alt-text="Screenshot that shows an example of a Protobuf definition file without optional keyword in the message." lightbox="./media/protobuf/proto-without-optional-keyword.png" ::: -- When you're sending messages that were serialized via `google.protobuf`, the prefix type should be set to `base128` because that's the most cross-compatible type.+- When sending messages that were serialized via `google.protobuf`, the prefix type should be set to `base128` because that's the most cross-compatible type. - Service messages aren't supported in the Protobuf deserializers. Your job throws an exception if you try to use a service message. For example: |
update-manager | Assessment Options | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/update-manager/assessment-options.md | Title: Assessment options in Update Manager. description: The article describes the assessment options available in Update Manager. Previously updated : 09/18/2023 Last updated : 11/16/2023 Update Manager allows you to check for latest updates on your machines at any ti You can initiate a software updates compliance scan on a machine to get a current list of operating system updates available. - **On Windows** - the software update scan is actually performed by the Windows Update Agent. + - **On Linux** - The software update scan is performed using the package manager that returns the missing updates as per the configured repositories. In the **Updates** page, after you initiate an assessment, a notification is generated to inform you the activity has started and another is displayed when it is finished. |
update-manager | Deploy Updates | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/update-manager/deploy-updates.md | Title: Deploy updates and track results in Azure Update Manager description: This article details how to use Azure Update Manager in the Azure portal to deploy updates and view results for supported machines. Previously updated : 09/18/2023 Last updated : 11/20/2023 To install one-time updates on a single VM: :::image type="content" source="./media/deploy-updates/include-update-classification-inline.png" alt-text="Screenshot that shows update classification." lightbox="./media/deploy-updates/include-update-classification-expanded.png"::: - - Select **Include KB ID/package** to include in the updates. Enter a comma separated list of Knowledge Base article ID numbers to include or exclude for Windows updates. For example, use `3103696` or `3134815`. For Windows, you can refer to the [MSRC webpage](https://msrc.microsoft.com/update-guide/deployments) to get the details of the latest Knowledge Base release. For supported Linux distros, you specify a comma separated list of packages by the package name, and you can include wildcards. For example, use `kernel*`, `glibc`, or `libc=1.0.1`. Based on the options specified, Update Manager shows a preview of OS updates under the **Selected Updates** section. - - To exclude updates that you don't want to install, select **Exclude KB ID/package**. We recommend selecting this option because updates that aren't displayed here might be installed, as newer updates might be available. + - Select **Include KB ID/package** to include in the updates. You can add multiple KB IDs and package names. When you add KB ID/package name, the next row appears. The package can have both name and version. . For example, use `3103696` or `3134815`. For Windows, you can refer to the [MSRC webpage](https://msrc.microsoft.com/update-guide/deployments) to get the details of the latest Knowledge Base release. For supported Linux distros, you specify a comma separated list of packages by the package name, and you can include wildcards. For example, use `kernel*`, `glibc`, or `libc=1.0.1`. Based on the options specified, Update Manager shows a preview of OS updates under the **Selected Updates** section. + - To exclude updates that you don't want to install, select **Exclude KB ID/package**. We recommend selecting this option because updates that aren't displayed here might be installed, as newer updates might be available. You can excludedd multiple KB IDs and package names. - To ensure that the updates published are on or before a specific date, select **Include by maximum patch publish date**. Select the date and select **Add** > **Next**. :::image type="content" source="./media/deploy-updates/include-patch-publish-date-inline.png" alt-text="Screenshot that shows the patch publish date." lightbox="./media/deploy-updates/include-patch-publish-date-expanded.png"::: |
update-manager | Dynamic Scope Overview | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/update-manager/dynamic-scope-overview.md | The following are the Dynamic scope limits for **each dynamic scope**. > [!NOTE] > The above limits are for Dynamic scope in the Guest scope only. +For more information, see [service limits for scheduled patching](scheduled-patching.md#service-limits). + ## Next steps Learn about deploying updates to your machines to maintain security compliance by reading [deploy updates](deploy-updates.md) |
update-manager | Manage Dynamic Scoping | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/update-manager/manage-dynamic-scoping.md | description: This article describes how to manage Dynamic Scoping operations Previously updated : 09/18/2023 Last updated : 11/20/2023 To add a Dynamic scope to an existing configuration, follow these steps: - *Set the BypassPlatformSafetyChecksOnUserSchedule = True*. 1. **Continue with supported machines only** - this option confirms that you want to proceed with only the machines that already have patch orchestration set to *Customer Managed Schedules*. - > [!NOTE] - > In the **Preview of machines based on above scope** page, you can view only the machines that don't have patch orchestration set to *Customer Managed Schedules*. + > [!NOTE] + > In the **Preview of machines based on above scope** page, you can view only the machines that don't have patch orchestration set to *Customer Managed Schedules*. 1. Select **Save** to go back to the Dynamic scopes tab. In this tab, you can view and edit the Dynamic scope that you have created. To view the list of Dynamic scopes associated to a given maintenance configurati 1. In the **Maintenance configurations** page, select the name of the maintenance configuration for which you want to view the Dynamic scope. 1. In the given maintenance configuration page, select **Dynamic scopes** to view all the Dynamic scopes that are associated with the maintenance configuration. +> [!NOTE] +> The schedules associated to dynamic scopes arenΓÇÖt displayed in the following two areas by design: +> +> - **Update manager** > **Machines** > **Associated schedules** column +> - In your virtual machine home page > **Updates** > **Scheduling** tab. +> +> To view the VMs that are associated to the schedule, go to the existing schedule and view under **Dynamic scopes** tab. + ## Edit a Dynamic scope 1. Sign in to the [Azure portal](https://portal.azure.com) and navigate to **Azure Update Manager**. |
update-manager | Manage Multiple Machines | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/update-manager/manage-multiple-machines.md | Title: Manage multiple machines in Azure Update Manager description: This article explains how to use Azure Update Manager in Azure to manage multiple supported machines and view their compliance state in the Azure portal. Previously updated : 09/18/2023 Last updated : 11/16/2023 Update Manager in Azure enables you to browse information about your Azure VMs a The table lists all the machines in the specified subscription, and for each machine it helps you understand the following details that show up based on the latest assessment: - * **Customer Managed Schedules**ΓÇöenables schedule patching on your existing VMs. The new patch orchestration option enables the two VM properties - **Patch mode = Azure-orchestrated** and **BypassPlatformSafetyChecksOnUserSchedule = TRUE** on your behalf after receiving your consent. + * **Customer Managed Schedules**ΓÇöenables schedule patching on your existing VMs. The new patch orchestration option enables the two VM properties - **Patch mode = AutomaticByPlatform** and **BypassPlatformSafetyChecksOnUserSchedule = TRUE** on your behalf after receiving your consent. * **Azure Managed - Safe Deployment**ΓÇöfor a group of virtual machines undergoing an update, the Azure platform will orchestrate updates. The VM is set to [automatic VM guest patching](../virtual-machines/automatic-vm-guest-patching.md).(i.e), the patch mode is **AutomaticByPlatform**. * **Automatic by OS**ΓÇöthe machine is automatically updated by the OS. * **Image Default**ΓÇöfor Linux machines, its default patching configuration is used. Update Manager in Azure enables you to browse information about your Azure VMs a The **Patch orchestration** column in the machine's patch mode has the following values: - * **Customer Managed Schedules (preview)**: Enables schedule patching on your existing VMs. The new patch orchestration option enables the two VM properties: `Patch mode = Azure-orchestrated` and `BypassPlatformSafetyChecksOnUserSchedule = TRUE` on your behalf after receiving your consent. + * **Customer Managed Schedules (preview)**: Enables schedule patching on your existing VMs. The new patch orchestration option enables the two VM properties: `Patch mode = AutomaticByPlatform` and `BypassPlatformSafetyChecksOnUserSchedule = TRUE` on your behalf after receiving your consent. * **Azure Managed - Safe Deployment**: For a group of virtual machines undergoing an update, the Azure platform orchestrates updates. The VM is set to [automatic VM guest patching](../virtual-machines/automatic-vm-guest-patching.md). For example, the patch mode is `AutomaticByPlatform`. * **Automatic by OS**: The machine is automatically updated by the OS. * **Image default**: For Linux machines, its default patching configuration is used. |
update-manager | Manage Updates Customized Images | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/update-manager/manage-updates-customized-images.md | description: This article describes customized image support, how to register an Previously updated : 09/27/2023 Last updated : 11/20/2023 With marketplace images, support is validated even before Update Manager operati For instance, an assessment call attempts to fetch the latest patch that's available from the image's OS family to check support. It stores this support-related data in an Azure Resource Graph table, which you can query to see the support status for your Azure Compute Gallery image. -## Check the preview +## Check support for customized images Start the asynchronous support check by using either one of the following APIs: |
update-manager | Scheduled Patching | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/update-manager/scheduled-patching.md | We recommend the following limits for the indicators. | Resource associations on each dynamic scope | 1,000 | | Number of dynamic scopes per resource group or subscription per region | 250 | +For more information, see the [service limits for Dynamic scope](dynamic-scope-overview.md#service-limits). + ## Schedule recurring updates on a single VM You can schedule updates from the **Overview** or **Machines** pane on the **Update Manager** page or from the selected VM. |
update-manager | View Updates | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/update-manager/view-updates.md | Title: Check update compliance in Azure Update Manager description: This article explains how to use Azure Update Manager in the Azure portal to assess update compliance for supported machines. Previously updated : 09/18/2023 Last updated : 11/20/2023 You can check the updates from the **Overview** or **Machines** pane. > [!NOTE]-> In Update Manager, you can initiate a software updates compliance scan on the machine to get the current list of operating system (guest) updates, including the security and critical updates. On Windows, the Windows Update Agent performs the software update scan. On Linux, the software update scan is performed by using OVAL-compatible tools to test for the presence of vulnerabilities based on the OVAL definitions for that platform, which are retrieved from a local or remote repository. +> In Update Manager, you can initiate a software updates compliance scan on the machine to get the current list of operating system (guest) updates, including the security and critical updates. On Windows, the Windows Update Agent performs the software update scan. On Linux, the software update scan is performed using the package manager that returns the missing updates as per the configured repositories which are retrieved from a local or remote repository. ## Next steps |
virtual-desktop | Add Session Hosts Host Pool | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-desktop/add-session-hosts-host-pool.md | description: Learn how to add session hosts virtual machines to a host pool in A Previously updated : 11/06/2023 Last updated : 11/16/2023 # Add session hosts to a host pool Here's how to create session hosts and register them to a host pool using the Az | Security type | Select from **Standard**, **[Trusted launch virtual machines](../virtual-machines/trusted-launch.md)**, or **[Confidential virtual machines](../confidential-computing/confidential-vm-overview.md)**.<br /><br />- If you select **Trusted launch virtual machines**, options for **secure boot** and **vTPM** are automatically selected.<br /><br />- If you select **Confidential virtual machines**, options for **secure boot**, **vTPM**, and **integrity monitoring** are automatically selected. You can't opt out of vTPM when using a confidential VM. | | Image | Select the OS image you want to use from the list, or select **See all images** to see more, including any images you've created and stored as an [Azure Compute Gallery shared image](../virtual-machines/shared-image-galleries.md) or a [managed image](../virtual-machines/windows/capture-image-resource.md). | | Virtual machine size | Select a SKU. If you want to use different SKU, select **Change size**, then select from the list. |- | Hibernate (preview) | Check the box to enable hibernate. Hibernate is only available for personal host pools. You will need to [self-register your subscription](../virtual-machines/hibernate-resume.md) to use the hibernation feature.<br /><br />For more information, see [Hibernation in virtual machines](/azure/virtual-machines/hibernate-resume). | + | Hibernate (preview) | Check the box to enable hibernate. Hibernate is only available for personal host pools. You will need to [self-register your subscription](../virtual-machines/hibernate-resume.md) to use the hibernation feature. For more information, see [Hibernation in virtual machines](/azure/virtual-machines/hibernate-resume). <br /><br />Note: We recommend users using Teams media optimizations to upgrade their host pools to WebRTC redirector service 1.45.2110.13001, learn more [here](whats-new-webrtc.md).| | Number of VMs | Enter the number of virtual machines you want to deploy. You can deploy up to 400 session hosts at this point if you wish (depending on your [subscription quota](../quotas/view-quotas.md)), or you can add more later.<br /><br />For more information, see [Azure Virtual Desktop service limits](../azure-resource-manager/management/azure-subscription-service-limits.md#azure-virtual-desktop-service-limits) and [Virtual Machines limits](../azure-resource-manager/management/azure-subscription-service-limits.md#virtual-machines-limitsazure-resource-manager). | | OS disk type | Select the disk type to use for your session hosts. We recommend only **Premium SSD** is used for production workloads. | | OS disk size | If you have hibernate enabled, the OS disk size needs to be larger than the amount of memory for the VM. Check the box if you need this for your session hosts. | |
virtual-desktop | Deploy Azure Virtual Desktop | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-desktop/deploy-azure-virtual-desktop.md | Here's how to create a host pool using the Azure portal. | Security type | Select from **Standard**, **[Trusted launch virtual machines](../virtual-machines/trusted-launch.md)**, or **[Confidential virtual machines](../confidential-computing/confidential-vm-overview.md)**.<br /><br />- If you select **Trusted launch virtual machines**, options for **secure boot** and **vTPM** are automatically selected.<br /><br />- If you select **Confidential virtual machines**, options for **secure boot**, **vTPM**, and **integrity monitoring** are automatically selected. You can't opt out of vTPM when using a confidential VM. | | Image | Select the OS image you want to use from the list, or select **See all images** to see more, including any images you've created and stored as an [Azure Compute Gallery shared image](../virtual-machines/shared-image-galleries.md) or a [managed image](../virtual-machines/windows/capture-image-resource.md). | | Virtual machine size | Select a SKU. If you want to use different SKU, select **Change size**, then select from the list. |- | Hibernate (preview) | Check the box to enable hibernate. Hibernate is only available for personal host pools. You will need to [self-register your subscription](../virtual-machines/hibernate-resume.md) to use the hibernation feature.<br /><br />For more information, see [Hibernation in virtual machines](/azure/virtual-machines/hibernate-resume). | + | Hibernate (preview) | Check the box to enable hibernate. Hibernate is only available for personal host pools. You will need to [self-register your subscription](../virtual-machines/hibernate-resume.md) to use the hibernation feature. For more information, see [Hibernation in virtual machines](/azure/virtual-machines/hibernate-resume). <br /><br />Note: We recommend users using Teams media optimizations to upgrade their host pools to WebRTC redirector service 1.45.2110.13001, learn more [here](whats-new-webrtc.md).| | Number of VMs | Enter the number of virtual machines you want to deploy. You can deploy up to 400 session hosts at this point if you wish (depending on your [subscription quota](../quotas/view-quotas.md)), or you can add more later.<br /><br />For more information, see [Azure Virtual Desktop service limits](../azure-resource-manager/management/azure-subscription-service-limits.md#azure-virtual-desktop-service-limits) and [Virtual Machines limits](../azure-resource-manager/management/azure-subscription-service-limits.md#virtual-machines-limitsazure-resource-manager). | | OS disk type | Select the disk type to use for your session hosts. We recommend only **Premium SSD** is used for production workloads. | | OS disk size | If you have hibernate enabled, the OS disk size needs to be larger than the amount of memory for the VM. Check the box if you need this for your session hosts. | |
virtual-desktop | Customize Rdp Properties 2019 | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-desktop/virtual-desktop-fall-2019/customize-rdp-properties-2019.md | Title: Customize RDP Properties with PowerShell Azure Virtual Desktop (classic) - Azure -description: How to customize RDP Properties for Azure Virtual Desktop (classic) with PowerShell cmdlets. +description: How to customize RDP Properties for Azure Virtual Desktop (classic) with PowerShell cmdlets. Last updated 03/30/2020 -# Customize Remote Desktop Protocol properties for a Azure Virtual Desktop (classic) host pool +# Customize Remote Desktop Protocol properties for an Azure Virtual Desktop (classic) host pool >[!IMPORTANT] >This content applies to Azure Virtual Desktop (classic), which doesn't support Azure Resource Manager Azure Virtual Desktop objects. If you're trying to manage Azure Resource Manager Azure Virtual Desktop objects, see [this article](../customize-rdp-properties.md). Set-RdsHostPool -TenantName <tenantname> -Name <hostpoolname> -CustomRdpProperty Now that you've customized the RDP properties for a given host pool, you can sign in to an Azure Virtual Desktop client to test them as part of a user session. These next two How-tos will tell you how to connect to a session using the client of your choice: - [Connect with the Windows Desktop client](connect-windows-2019.md)-- [Connect with the web client](connect-web-2019.md)+- [Connect with the web client](connect-web-2019.md) |
virtual-desktop | Whats New Client Windows | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-desktop/whats-new-client-windows.md | description: Learn about recent changes to the Remote Desktop client for Windows Previously updated : 11/09/2023 Last updated : 11/20/2023 # What's new in the Remote Desktop client for Windows The following table lists the current versions available for the public and Insi | Release | Latest version | Download | ||-|-| | Public | 1.2.4763 | [Windows 64-bit](https://go.microsoft.com/fwlink/?linkid=2139369) *(most common)*<br />[Windows 32-bit](https://go.microsoft.com/fwlink/?linkid=2139456)<br />[Windows ARM64](https://go.microsoft.com/fwlink/?linkid=2139370) |-| Insider | 1.2.4763 | [Windows 64-bit](https://go.microsoft.com/fwlink/?linkid=2139233) *(most common)*<br />[Windows 32-bit](https://go.microsoft.com/fwlink/?linkid=2139144)<br />[Windows ARM64](https://go.microsoft.com/fwlink/?linkid=2139368) | +| Insider | 1.2.5018 | [Windows 64-bit](https://go.microsoft.com/fwlink/?linkid=2139233) *(most common)*<br />[Windows 32-bit](https://go.microsoft.com/fwlink/?linkid=2139144)<br />[Windows ARM64](https://go.microsoft.com/fwlink/?linkid=2139368) | ++## Updates for version 1.2.5018 (Insider) ++*Date published: November 20, 2023* ++Download: [Windows 64-bit](https://go.microsoft.com/fwlink/?linkid=2139233), [Windows 32-bit](https://go.microsoft.com/fwlink/?linkid=2139144), [Windows ARM64](https://go.microsoft.com/fwlink/?linkid=2139368) ++- Improved client logging, diagnostics, and error classification to help admins troubleshoot connection and feed issues. ## Updates for version 1.2.4763 Download: [Windows 64-bit](https://query.prod.cms.rt.microsoft.com/cms/api/am/bi - Improved client logging, diagnostics, and error classification to help admins troubleshoot connection and feed issues. >[!NOTE]->This Insiders release was originally version 1.2.4675, but we've replaced it with version 1.2.4677, which fixes the [CVE-2023-5217](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5217) security vulnerability. +>This Insiders release was originally version 1.2.4675, but we made a hotfix for the vulnerability known as [CVE-2023-5217](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5217). ## Updates for version 1.2.4583 |
virtual-machines | Dcasccv5 Dcadsccv5 Series | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/dcasccv5-dcadsccv5-series.md | This series supports Standard SSD, Standard HDD, and Premium SSD disk types. Bil The DCas_cc_v5-series sizes offer a combination of vCPU and memory for most production workloads. These new VMs with no local disk provide a better value proposition for workloads that do not require local temp disk. +[Trusted Launch](trusted-launch.md): Not Supported - we are working to support for this feature. For now - please choose Standard security type when using this VM size) <br> [Premium Storage](premium-storage-performance.md): Supported <br> [Premium Storage caching](premium-storage-performance.md): Supported <br> [Live Migration](maintenance-and-updates.md): Not Supported <br> The DCas_cc_v5-series sizes offer a combination of vCPU and memory for most prod The DCads_cc_v5-series sizes offer a combination of vCPU, memory and temporary storage for most production workloads. +[Trusted Launch](trusted-launch.md): Not Supported - we are working to support for this feature. For now - please choose Standard security type when using this VM size) <br> [Premium Storage](premium-storage-performance.md): Supported <br> [Premium Storage caching](premium-storage-performance.md): Supported <br> [Live Migration](maintenance-and-updates.md): Not Supported <br> |
virtual-machines | Disks Convert Types | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/disks-convert-types.md | Start-AzVM -ResourceGroupName $vm.ResourceGroupName -Name $vm.Name ++++++ ```azurecli #resource group that contains the managed disk The disk type conversion is instantaneous. You can start your VM after the conve ## Migrate to Premium SSD v2 or Ultra Disk -Currently, you can only migrate an existing disk to either an Ultra Disk or a Premium SSD v2 through snapshots stored on Standard Storage. Migration with snapshots stored on Premium storage is not supported. +Currently, you can only migrate an existing disk to either an Ultra Disk or a Premium SSD v2 through snapshots stored on Standard Storage (Incremental Standard HDD Snapshot). Migration with snapshots stored on Premium storage and other options is not supported. Both Premium SSD v2 disks and Ultra Disks have their own set of restrictions. For example, neither can be used as an OS disk, and also aren't available in all regions. See the [Premium SSD v2 limitations](disks-deploy-premium-v2.md#limitations) and [Ultra Disk GA scope and limitations](disks-enable-ultra-ssd.md#ga-scope-and-limitations) sections of their articles for more information. The following steps assume you already have a snapshot. To learn how to create o Make a read-only copy of a VM by using a [snapshot](snapshot-copy-managed-disk.md). + |
virtual-machines | Ecasccv5 Ecadsccv5 Series | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/ecasccv5-ecadsccv5-series.md | This series supports Standard SSD, Standard HDD, and Premium SSD disk types. Bil The ECas_cc_v5-series sizes offer a combination of vCPU and memory for most production workloads. The ECas_cc_v5-series sizes offer a combination of vCPU and memory that is ideal for memory-intensive enterprise applications. These new VMs with no local disk provide a better value proposition for workloads that do not require local temp disk. +[Trusted Launch](trusted-launch.md): Not Supported - we are working to support for this feature. For now - please choose Standard security type when using this VM size) <br> [Premium Storage](premium-storage-performance.md): Supported <br> [Premium Storage caching](premium-storage-performance.md): Supported <br> [Live Migration](maintenance-and-updates.md): Not Supported <br> The ECas_cc_v5-series sizes offer a combination of vCPU and memory for most prod The ECads_cc_v5-series sizes offer a combination of vCPU, memory and temporary storage for most production workloads. The ECads_cc_v5-series sizes offer a combination of vCPU, memory and temporary storage that is ideal for memory-intensive enterprise applications. +[Trusted Launch](trusted-launch.md): Not Supported - we are working to support for this feature. For now - please choose Standard security type when using this VM size) <br> [Premium Storage](premium-storage-performance.md): Supported <br> [Premium Storage caching](premium-storage-performance.md): Supported <br> [Live Migration](maintenance-and-updates.md): Not Supported <br> |
virtual-machines | Cli Ps Findimage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/linux/cli-ps-findimage.md | The Linux image alias names and their details outputted by this command are: ```output Architecture Offer Publisher Sku Urn UrnAlias Version -- - - - -- -x64 CentOS OpenLogic 7.5 OpenLogic:CentOS:7.5:latest CentOS latest x64 CentOS OpenLogic 8_5-gen2 OpenLogic:CentOS:8_5-gen2:latest CentOS85Gen2 latest-x64 debian-10 Debian 10 Debian:debian-10:10:latest Debian latest x64 Debian11 Debian 11-backports-gen2 Debian:debian-11:11-backports-gen2:latest Debian-11 latest-x64 flatcar-container-linux-free kinvolk stable kinvolk:flatcar-container-linux-free:stable:latest Flatcar latest x64 flatcar-container-linux-free kinvolk stable-gen2 kinvolk:flatcar-container-linux-free:stable-gen2:latest FlatcarLinuxFreeGen2 latest-x64 opensuse-leap-15-3 SUSE gen2 SUSE:opensuse-leap-15-3:gen2:latest openSUSE-Leap latest x64 opensuse-leap-15-4 SUSE gen2 SUSE:opensuse-leap-15-4:gen2:latest OpenSuseLeap154Gen2 latest-x64 RHEL RedHat 7-LVM RedHat:RHEL:7-LVM:latest RHEL latest x64 RHEL RedHat 8-lvm-gen2 RedHat:RHEL:8-lvm-gen2:latest RHELRaw8LVMGen2 latest x64 sles-15-sp3 SUSE gen2 SUSE:sles-15-sp3:gen2:latest SLES latest-x64 UbuntuServer Canonical 18.04-LTS Canonical:UbuntuServer:18.04-LTS:latest UbuntuLTS latest x64 0001-com-ubuntu-server-jammy Canonical 22_04-lts-gen2 Canonical:0001-com-ubuntu-server-jammy:22_04-lts-gen2:latest Ubuntu2204 latest ``` |
virtual-machines | Vm Applications How To | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/vm-applications-how-to.md | VM Applications are a resource type in Azure Compute Gallery (formerly known as Before you get started, make sure you have the following: -This article assumes you already have an Azure Compute Gallery. If you don't already have a gallery, create one first. To learn more, see [Create a gallery for storing and sharing resources](create-gallery.md).. +This article assumes you already have an Azure Compute Gallery. If you don't already have a gallery, create one first. To learn more, see [Create a gallery for storing and sharing resources](create-gallery.md). You should have uploaded your application to a container in an [Azure storage account](../storage/common/storage-account-create.md). Your application can be stored in a block or page blob. If you choose to use a page blob, you need to byte align the files before you upload them. Here's a sample that will byte align your file: Set a VM application to an existing VM using [az vm application set](/cli/azure/ az vm application set \ --resource-group myResourceGroup \ --name myVM \- --app-version-ids /subscriptions/{subID}/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/galleries/myGallery/applications/myApp/versions/1.0.0 \ - --treat-deployment-as-failure true + --app-version-ids /subscriptions/{subID}/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/galleries/myGallery/applications/myApp/versions/1.0.0 \ + --treat-deployment-as-failure true ``` For setting multiple applications on a VM: az vm application set \ ``` To add an application to a VMSS, use [az vmss application set](/cli/azure/vmss/application#az-vmss-application-set): -```azurepowershell-interactive -az vmss application set -g myResourceGroup -n myVmss --app-version-ids /subscriptions/{subId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/myGallery/applications/myApp/versions/1.0.0 treat-deployment-as-failure true+```azurecli-interactive +az vmss application set \ + --resource-group myResourceGroup \ + --name myVmss \ + --app-version-ids /subscriptions/{subId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/myGallery/applications/myApp/versions/1.0.0 \ + --treat-deployment-as-failure true ``` To add multiple applications to a VMSS: ```azurecli-interactive-az vmss application set -g myResourceGroup -n myVmss --app-version-ids /subscriptions/{subId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/myGallery/applications/myApp/versions/1.0.0 /subscriptions/{subId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/myGallery/applications/myApp2/versions/1.0.0 treat-deployment-as-failure true+az vmss application set \ + --resource-group myResourceGroup \ + --name myVmss + --app-version-ids /subscriptions/{subId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/myGallery/applications/myApp/versions/1.0.0 /subscriptions/{subId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/myGallery/applications/myApp2/versions/1.0.0 \ + --treat-deployment-as-failure true ``` To verify application VM deployment status, use [az vm get-instance-view](/cli/azure/vm/#az-vm-get-instance-view): az vm get-instance-view -g myResourceGroup -n myVM --query "instanceView.extensi ``` To verify application VMSS deployment status, use [az vmss get-instance-view](/cli/azure/vmss/#az-vmss-get-instance-view): -```azurepowershell-interactive +```azurecli-interactive az vmss get-instance-view --ids (az vmss list-instances -g myResourceGroup -n myVmss --query "[*].id" -o tsv) --query "[*].extensions[?name == 'VMAppExtension']" ``` > [!NOTE] > The above VMSS deployment status command does not list the instance ID with the result. To show the instance ID with the status of the extension in each instance, some additional scripting is required. Refer to the below VMSS CLI example that contains PowerShell syntax: -```azurecli-interactive -$ids = az vmss list-instances -g myResourceGroup -n myVMss --query "[*].{id: id, instanceId: instanceId}" | ConvertFrom-Json +```azurepowershell-interactive +$ids = az vmss list-instances -g myResourceGroup -n myVmss --query "[*].{id: id, instanceId: instanceId}" | ConvertFrom-Json $ids | Foreach-Object { $iid = $_.instanceId Write-Output "instanceId: $iid" $applicationName = "myApp" $version = "1.0.0" $vmName = "myVM" $vm = Get-AzVM -ResourceGroupName $rgname -Name $vmName-$appversion = Get-AzGalleryApplicationVersion ` +$appVersion = Get-AzGalleryApplicationVersion ` -GalleryApplicationName $applicationName ` -GalleryName $galleryName ` -Name $version ` -ResourceGroupName $rgName-$packageid = $appversion.Id -$app = New-AzVmGalleryApplication -PackageReferenceId $packageid +$packageId = $appVersion.Id +$app = New-AzVmGalleryApplication -PackageReferenceId $packageId Add-AzVmGalleryApplication -VM $vm -GalleryApplication $app -TreatFailureAsDeploymentFailure true Update-AzVM -ResourceGroupName $rgName -VM $vm ``` To add the application to a VMSS:-```azurecli-interactive +```azurepowershell-interactive $vmss = Get-AzVmss -ResourceGroupName $rgname -Name $vmssName-$appversion = Get-AzGalleryApplicationVersion ` +$appVersion = Get-AzGalleryApplicationVersion ` -GalleryApplicationName $applicationName ` -GalleryName $galleryName ` -Name $version ` -ResourceGroupName $rgName-$packageid = $appversion.Id -$app = New-AzVmssGalleryApplication -PackageReferenceId $packageid +$packageId = $appVersion.Id +$app = New-AzVmssGalleryApplication -PackageReferenceId $packageId Add-AzVmssGalleryApplication -VirtualMachineScaleSetVM $vmss.VirtualMachineProfile -GalleryApplication $app-Update-AzVMss -ResourceGroupName $rgName -VirtualMachineScaleSet $vmss -VMScaleSetName $vmssName +Update-AzVmss -ResourceGroupName $rgName -VirtualMachineScaleSet $vmss -VMScaleSetName $vmssName ``` $result = Get-AzVM -ResourceGroupName $rgName -VMName $vmName -Status $result.Extensions | Where-Object {$_.Name -eq "VMAppExtension"} | ConvertTo-Json ``` To verify for VMSS:-```powershell-interactive +```azurepowershell-interactive $rgName = "myResourceGroup" $vmssName = "myVMss" $result = Get-AzVmssVM -ResourceGroupName $rgName -VMScaleSetName $vmssName -InstanceView $result | ForEach-Object { $res = @{ instanceId = $_.InstanceId; vmappStatus = $_.InstanceView.Extensions | Where-Object {$_.Name -eq "VMAppExtension"}} $resultSummary.Add($res) | Out-Null }-$resultSummary | convertto-json -depth 5 +$resultSummary | ConvertTo-Json -Depth 5 ``` ### [REST](#tab/rest2) |
virtual-machines | Cli Ps Findimage | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-machines/windows/cli-ps-findimage.md | The Linux image alias names and their details are: ```output Alias Architecture Offer Publisher Sku Urn Version -- -- - - - -CentOS x64 CentOS OpenLogic 7.5 OpenLogic:CentOS:7.5:latest latest CentOS85Gen2 x64 CentOS OpenLogic 8_5-gen2 OpenLogic:CentOS:8_5-gen2:latest latest Debian11 x64 Debian-11 Debian 11-backports-gen2 Debian:debian-11:11-backports-gen2:latest latest-Debian10 x64 Debian-10 Debian 10 Debian:debian-10:10:latest latest FlatcarLinuxFreeGen2 x64 flatcar-container-linux-free kinvolk stable kinvolk:flatcar-container-linux-free:stable:latest latest-openSUSE-Leap x64 opensuse-leap-15-3 SUSE gen2 SUSE:opensuse-leap-15-3:gen2:latest latest OpenSuseLeap154Gen2 x64 opensuse-leap-15-4 SUSE gen2 SUSE:opensuse-leap-15-4:gen2:latest latest-RHEL x64 RHEL RedHat 7-LVM RedHat:RHEL:7-LVM:latest latest RHELRaw8LVMGen2 x64 RHEL RedHat 8-lvm-gen2 RedHat:RHEL:8-lvm-gen2:latest latest SLES x64 sles-15-sp3 SUSE gen2 SUSE:sles-15-sp3:gen2:latest latest-UbuntuLTS x64 UbuntuServer Canonical 16.04-LTS Canonical:UbuntuServer:16.04-LTS:latest latest Ubuntu2204 x64 0001-com-ubuntu-server-jammy Canonical 22_04-lts-gen2 Canonical:0001-com-ubuntu-server-jammy:22_04-lts-gen2:latest latest ``` |
virtual-network | Default Outbound Access | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/virtual-network/ip-services/default-outbound-access.md | There are multiple ways to turn off default outbound access. The following secti :::image type="content" source="./media/default-outbound-access/private-subnet-portal.png" alt-text="Screenshot of Azure portal showing Private subnet option."::: -* Using CLI, when creating a subnet with [az network vnet subnet create](https://learn.microsoft.com/cli/azure/network/vnet/subnet?view=azure-cli-latest#az-network-vnet-subnet-create), use the **`--default-outbound**` option and choose "false" +* Using CLI, when creating a subnet with [az network vnet subnet create](https://learn.microsoft.com/cli/azure/network/vnet/subnet?view=azure-cli-latest#az-network-vnet-subnet-create), use the `--default-outbound` option and choose "false" -* Using an Azure Resource Manager template, set the value of **`defaultOutboundAccess**` parameter to be "false" +* Using an Azure Resource Manager template, set the value of `defaultOutboundAccess` parameter to be "false" ### Add an explicit outbound connectivity method |
vpn-gateway | About Gateway Skus | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/vpn-gateway/about-gateway-skus.md | + + Title: 'About gateway SKUs' +description: Learn about VPN Gateway SKUs. +++ Last updated : 11/20/2023++++# About gateway SKUs ++When you create a VPN Gateway virtual network gateway, you specify the gateway SKU that you want to use. This article describes the factors that you should take into consideration when selecting a gateway SKU. If you're looking for information about ExpressRoute gateway SKUs, see [Virtual network gateways for ExpressRoute](../expressroute/expressroute-about-virtual-network-gateways.md). For Virtual WAN gateways, see [Virtual WAN gateway settings](../virtual-wan/gateway-settings.md). ++When you configure a virtual network gateway SKU, select the SKU that satisfies your requirements based on the types of workloads, throughput, features, and SLAs. The following sections show the relevant information that you should use when deciding. ++## <a name="benchmark"></a>Gateway SKUs by tunnel, connection, and throughput +++**Additional information** ++* The Basic SKU doesn't support IPv6 and can only be configured using PowerShell or Azure CLI. Additionally, the Basic SKU doesn't support RADIUS authentication. ++* These connection limits are separate. For example, you can have 128 SSTP connections and also 250 IKEv2 connections on a VpnGw1 SKU. ++* If you have numerous P2S connections, it can negatively impact your S2S connections. The Aggregate Throughput Benchmarks were tested by maximizing a combination of S2S and P2S connections. A single P2S or S2S connection can have a much lower throughput. ++* See the [Pricing](https://azure.microsoft.com/pricing/details/vpn-gateway) page for pricing information. ++* See the [SLA](https://azure.microsoft.com/support/legal/sla/vpn-gateway) page for SLA (Service Level Agreement) information. ++* All benchmarks aren't guaranteed due to Internet traffic conditions and your application behaviors. ++## <a name="performance"></a>Gateway SKUs by performance ++To help you understand the relative performance of SKUs using different algorithms, we used publicly available iPerf and CTSTraffic tools to measure performances for site-to-site connections. ++The table in this section lists the results of performance tests for VpnGW SKUs. A VPN tunnel connects to a VPN gateway instance. Each instance throughput is mentioned in the throughput table in the previous section and is available aggregated across all tunnels connecting to that instance. The table shows the observed bandwidth and packets per second throughput per tunnel for the different gateway SKUs. All testing was performed between gateways (endpoints) within Azure across different regions with 100 connections and under standard load conditions. ++* The best performance was obtained when we used the GCMAES256 algorithm for both IPsec Encryption and Integrity. +* Average performance was obtained when using AES256 for IPsec Encryption and SHA256 for Integrity. +* The lowest performance was obtained when we used DES3 for IPsec Encryption and SHA256 for Integrity. ++|**Generation**|**SKU** | **Algorithms<br>used** | **Throughput<br>observed per tunnel** | **Packets per second per tunnel<br>observed** | +| | | | | | +|**Generation1**|**VpnGw1**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 650 Mbps<br>500 Mbps<br>130 Mbps | 62,000<br>47,000<br>12,000| +|**Generation1**|**VpnGw2**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.2 Gbps<br>650 Mbps<br>140 Mbps | 100,000<br>61,000<br>13,000| +|**Generation1**|**VpnGw3**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.25 Gbps<br>700 Mbps<br>140 Mbps | 120,000<br>66,000<br>13,000| +|**Generation1**|**VpnGw1AZ**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 650 Mbps<br>500 Mbps<br>130 Mbps | 62,000<br>47,000<br>12,000| +|**Generation1**|**VpnGw2AZ**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.2 Gbps<br>650 Mbps<br>140 Mbps | 110,000<br>61,000<br>13,000| +|**Generation1**|**VpnGw3AZ**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.25 Gbps<br>700 Mbps<br>140 Mbps | 120,000<br>66,000<br>13,000| +| | | +|**Generation2**|**VpnGw2**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.25 Gbps<br>550 Mbps<br>130 Mbps | 120,000<br>52,000<br>12,000| +|**Generation2**|**VpnGw3**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.5 Gbps<br>700 Mbps<br>140 Mbps | 140,000<br>66,000<br>13,000| +|**Generation2**|**VpnGw4**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 2.3 Gbps<br>700 Mbps<br>140 Mbps | 220,000<br>66,000<br>13,000| +|**Generation2**|**VpnGw5**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 2.3 Gbps<br>700 Mbps<br>140 Mbps | 220,000<br>66,000<br>13,000| +|**Generation2**|**VpnGw2AZ**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.25 Gbps<br>550 Mbps<br>130 Mbps | 120,000<br>52,000<br>12,000| +|**Generation2**|**VpnGw3AZ**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.5 Gbps<br>700 Mbps<br>140 Mbps | 140,000<br>66,000<br>13,000| +|**Generation2**|**VpnGw4AZ**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 2.3 Gbps<br>700 Mbps<br>140 Mbps | 220,000<br>66,000<br>13,000| +|**Generation2**|**VpnGw5AZ**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 2.3 Gbps<br>700 Mbps<br>140 Mbps | 220,000<br>66,000<br>13,000| ++## <a name="feature"></a>Gateway SKUs by feature set ++| **SKU**| **Features**| +| | | +|**Basic** (**) | **Route-based VPN**: 10 tunnels for S2S/connections; no RADIUS authentication for P2S; no IKEv2 for P2S<br>**Policy-based VPN**: (IKEv1): 1 S2S/connection tunnel; no P2S| +| **All Generation1 and Generation2 SKUs except Basic** | **Route-based VPN**: up to 100 tunnels (*), P2S, BGP, active-active, custom IPsec/IKE policy, ExpressRoute/VPN coexistence | +| | | ++(*) You can configure "PolicyBasedTrafficSelectors" to connect a route-based VPN gateway to multiple on-premises policy-based firewall devices. Refer to [Connect VPN gateways to multiple on-premises policy-based VPN devices using PowerShell](vpn-gateway-connect-multiple-policybased-rm-ps.md) for details. ++(\*\*) The Basic SKU is considered a legacy SKU. The Basic SKU has certain feature limitations. Verify that the feature that you need is supported before you use the Basic SKU. The Basic SKU doesn't support IPv6 and can only be configured using PowerShell or Azure CLI. Additionally, the Basic SKU doesn't support RADIUS authentication. ++## <a name="workloads"></a>Gateway SKUs - Production vs. Dev-Test workloads ++Due to the differences in SLAs and feature sets, we recommend the following SKUs for production vs. dev-test: ++| **Workload** | **SKUs** | +| | | +| **Production, critical workloads** | All Generation1 and Generation2 SKUs except Basic | +| **Dev-test or proof of concept** | Basic (**) | +| | | ++(\*\*) The Basic SKU is considered a legacy SKU. The Basic SKU has certain feature limitations. Verify that the feature that you need is supported before you use the Basic SKU. The Basic SKU doesn't support IPv6 and can only be configured using PowerShell or Azure CLI. Additionally, the Basic SKU doesn't support RADIUS authentication. ++If you're using the old SKUs (legacy), the production SKU recommendations are Standard and HighPerformance. For information and instructions for old SKUs, see [Gateway SKUs (legacy)](vpn-gateway-about-skus-legacy.md). ++## About legacy SKUs ++For information about working with the legacy gateway SKUs (Basic, Standard, and HighPerformance), see [Working with VPN gateway SKUs (legacy SKUs)](vpn-gateway-about-skus-legacy.md). ++## Specify a SKU ++You specify the gateway SKU when you create your VPN Gateway. See the following article for steps: ++* [Azure portal](tutorial-create-gateway-portal.md) +* [PowerShell](create-routebased-vpn-gateway-powershell.md) +* [Azure CLI](create-routebased-vpn-gateway-cli.md) ++## <a name="resizechange"></a>Change or resize a SKU ++> [!NOTE] +> If you are working with a legacy gateway SKU and are using the classic deployment model (Service Management), the SKU rules are different. See [Working with legacy classic deployment model SKUs](vpn-gateway-about-skus-legacy.md). +++### Considerations ++There are many things to consider when moving to a new gateway SKU. This section outlines the main items and also provides a table that helps you select the best method to use. +++The following table helps you understand the required method to move from one SKU to another. +++## Next steps ++For more information about available connection configurations, see [About VPN Gateway](vpn-gateway-about-vpngateways.md). |
vpn-gateway | Tutorial Create Gateway Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/vpn-gateway/tutorial-create-gateway-portal.md | -This tutorial helps you create and manage a virtual network gateway (VPN gateway) using the Azure portal. The VPN gateway is just one part of a connection architecture to help you securely access resources within a VNet. +This tutorial helps you create and manage a virtual network gateway (VPN gateway) using the Azure portal. The VPN gateway is just one part of a connection architecture to help you securely access resources within a virtual network (VNet). -* The left side of the diagram shows the virtual network and the VPN gateway that you create using the steps in this article. +* The left side of the diagram shows the VNet and the VPN gateway that you create using the steps in this article. * You can later add different types of connections, as shown on the right side of the diagram. For example, you can create [Site-to-Site](tutorial-site-to-site-portal.md) and [Point-to-site](point-to-site-about.md) connections. See [VPN Gateway design](design.md) to view different design architectures that you can build. If you want to learn more about the configuration settings used in this tutorial, see [About VPN Gateway configuration settings](vpn-gateway-about-vpn-gateway-settings.md). For more information about VPN Gateway, see [What is VPN Gateway?](vpn-gateway-about-vpngateways.md) If you want to learn more about the configuration settings used in this tutorial In this tutorial, you learn how to: > [!div class="checklist"]-> * Create a virtual network +> * Create a VNet > * Create a VPN gateway > * View the gateway public IP address > * Resize a VPN gateway (resize SKU) In this tutorial, you learn how to: An Azure account with an active subscription. If you don't have one, [create one for free](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio). -## <a name="CreatVNet"></a>Create a virtual network +## <a name="CreatVNet"></a>Create a VNet Create a VNet using the following values: Create a VNet using the following values: * **Subnet name:** FrontEnd * **Subnet address space:** 10.1.0.0/24 ++After you create your VNet, you can optionally configure Azure DDos Protection. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes. For more information about Azure DDoS protection, see [What is Azure DDoS Protection?](../ddos-protection/ddos-protection-overview.md) ## <a name="VNetGateway"></a>Create a VPN gateway For this exercise, we won't be selecting a zone redundant SKU. If you want to le [!INCLUDE [Create a vpn gateway](../../includes/vpn-gateway-add-gw-portal-include.md)] [!INCLUDE [Configure PIP settings](../../includes/vpn-gateway-add-gw-pip-portal-include.md)] -A gateway can take 45 minutes or more to fully create and deploy. You can see the deployment status on the **Overview** page for your gateway. After the gateway is created, you can view the IP address that has been assigned to it by looking at the virtual network in the portal. The gateway appears as a connected device. +A gateway can take 45 minutes or more to fully create and deploy. You can see the deployment status on the **Overview** page for your gateway. After the gateway is created, you can view the IP address that has been assigned to it by looking at the VNet in the portal. The gateway appears as a connected device. [!INCLUDE [NSG warning](../../includes/vpn-gateway-no-nsg-include.md)] To see additional information about the public IP address object, select the nam ## <a name="resize"></a>Resize a gateway SKU -There are specific rules regarding resizing vs. changing a gateway SKU. In this section, we'll resize the SKU. For more information, see [Gateway settings - resizing and changing SKUs](vpn-gateway-about-vpn-gateway-settings.md#resizechange). +There are specific rules regarding resizing vs. changing a gateway SKU. In this section, we'll resize the SKU. For more information, see [Resize or change gateway SKUs](about-gateway-skus.md#resizechange). [!INCLUDE [resize a gateway](../../includes/vpn-gateway-resize-gw-portal-include.md)] |
vpn-gateway | Tutorial Protect Vpn Gateway | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/vpn-gateway/tutorial-protect-vpn-gateway.md | - Title: 'Tutorial: Protect your VPN gateway with Azure DDoS Protection'- -description: Learn how to set up a VPN gateway and protect it with Azure DDoS protection ---- Previously updated : 06/06/2023----# Tutorial: Protect your VPN gateway with Azure DDoS Protection --This article helps you create an Azure VPN Gateway with a DDoS protected virtual network. Azure DDoS Protection enables enhanced DDoS mitigation capabilities such as adaptive tuning, attack alert notifications, and monitoring to protect your VPN gateway from large scale DDoS attacks. --> [!IMPORTANT] -> Azure DDoS Protection incurs a cost when you use the Network Protection SKU. Overages charges only apply if more than 100 public IPs are protected in the tenant. Ensure you delete the resources in this tutorial if you aren't using the resources in the future. For information about pricing, see [Azure DDoS Protection Pricing]( https://azure.microsoft.com/pricing/details/ddos-protection/). For more information about Azure DDoS protection, see [What is Azure DDoS Protection?](../ddos-protection/ddos-protection-overview.md). --In this tutorial, you learn how to: --> [!div class="checklist"] -> * Create a DDoS protection plan -> * Create a virtual network -> * Enable DDoS protection on the virtual network -> * Create a VPN gateway -> * View the gateway public IP address -> * Resize a VPN gateway (resize SKU) -> * Reset a VPN gateway --The following diagram shows the virtual network and the VPN gateway created as part of this tutorial. ----## Prerequisites --An Azure account with an active subscription. If you don't have one, [create one for free](https://azure.microsoft.com/free/?ref=microsoft.com&utm_source=microsoft.com&utm_medium=docs&utm_campaign=visualstudio). --## <a name="CreatVNet"></a>Create a virtual network --Create a VNet using the following values: --* **Resource group:** TestRG1 -* **Name:** VNet1 -* **Region:** (US) East US -* **IPv4 address space:** 10.1.0.0/16 -* **Subnet name:** FrontEnd -* **Subnet address space:** 10.1.0.0/24 ---## Create a DDoS protection plan --1. In the search box at the top of the portal, enter **DDoS protection**. Select **DDoS protection plans** in the search results and then select **+ Create**. --1. In the **Basics** tab of **Create a DDoS protection plan** page, enter or select the following information: -- | Setting | Value | - |--|--| - | **Project details** | | - | Subscription | Select your Azure subscription. | - | Resource group | Select **TestRG1**. | - | **Instance details** | | - | Name | Enter **myDDoSProtectionPlan**. | - | Region | Select **East US**. | --1. Select **Review + create** and then select **Create** to deploy the DDoS protection plan. --## Enable DDoS protection --Azure DDoS Network Protection is enabled at the virtual network where the resource you want to protect reside. --1. In the search box at the top of the portal, enter **Virtual network**. Select **Virtual networks** in the search results. --2. Select **VNet1**. --3. Select **DDoS protection** in **Settings**. --4. Select **Enable**. --5. In the pull-down box in DDoS protection plan, select **myDDoSProtectionPlan**. --6. Select **Save**. --## <a name="VNetGateway"></a>Create a VPN gateway --In this step, you create the virtual network gateway (VPN gateway) for your VNet. Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU. --Create a virtual network gateway using the following values: --* **Name:** VNet1GW -* **Region:** East US -* **Gateway type:** VPN -* **VPN type:** Route-based -* **SKU:** VpnGw2 -* **Generation:** Generation 2 -* **Virtual network:** VNet1 -* **Gateway subnet address range:** 10.1.255.0/27 -* **Public IP address:** Create new -* **Public IP address name:** VNet1GWpip ----A gateway can take 45 minutes or more to fully create and deploy. You can see the deployment status on the Overview page for your gateway. After the gateway is created, you can view the IP address that has been assigned to it by looking at the virtual network in the portal. The gateway appears as a connected device. ---## <a name="view"></a>View the public IP address --You can view the gateway public IP address on the **Overview** page for your gateway. ---To see additional information about the public IP address object, select the name/IP address link next to **Public IP address**. --## <a name="resize"></a>Resize a gateway SKU --There are specific rules regarding resizing vs. changing a gateway SKU. In this section, we'll resize the SKU. For more information, see [Gateway settings - resizing and changing SKUs](vpn-gateway-about-vpn-gateway-settings.md#resizechange). ---## <a name="reset"></a>Reset a gateway ---## Clean up resources --If you're not going to continue to use this application or go to the next tutorial, delete -these resources using the following steps: --1. Enter the name of your resource group in the **Search** box at the top of the portal and select it from the search results. --1. Select **Delete resource group**. --1. Enter your resource group for **TYPE THE RESOURCE GROUP NAME** and select **Delete**. --## Next steps --Once you have a VPN gateway, you can configure connections. The following articles will help you create a few of the most common configurations: --> [!div class="nextstepaction"] -> [Site-to-Site VPN connections](./tutorial-site-to-site-portal.md) --> [!div class="nextstepaction"] -> [Point-to-Site VPN connections](vpn-gateway-howto-point-to-site-resource-manager-portal.md) |
vpn-gateway | Tutorial Site To Site Portal | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/vpn-gateway/tutorial-site-to-site-portal.md | In this section, you'll create a virtual network (VNet) using the following valu [!INCLUDE [Create a virtual network](../../includes/vpn-gateway-basic-vnet-rm-portal-include.md)] +After you create your VNet, you can optionally configure Azure DDos Protection. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes. For more information about Azure DDoS protection, see [What is Azure DDoS Protection?](../ddos-protection/ddos-protection-overview.md) + ## <a name="VNetGateway"></a>Create a VPN gateway In this step, you create the virtual network gateway for your VNet. Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU. You can configure additional settings for your connection, if necessary. Otherwi ### <a name="resize"></a>Resize a gateway SKU -There are specific rules regarding resizing vs. changing a gateway SKU. In this section, we'll resize the SKU. For more information, see [Gateway settings - resizing and changing SKUs](vpn-gateway-about-vpn-gateway-settings.md#resizechange). +There are specific rules regarding resizing vs. changing a gateway SKU. In this section, we'll resize the SKU. For more information, see [Resize or change gateway SKUs](about-gateway-skus.md#resizechange). [!INCLUDE [resize a gateway](../../includes/vpn-gateway-resize-gw-portal-include.md)] |
vpn-gateway | Vpn Gateway About Vpn Gateway Settings | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/vpn-gateway/vpn-gateway-about-vpn-gateway-settings.md | description: Learn about VPN Gateway resources and configuration settings. Previously updated : 10/05/2023 Last updated : 11/20/2023 ms.devlang: azurecli A VPN gateway is a type of virtual network gateway that sends encrypted traffic VPN gateway connections rely on the configuration of multiple resources, each of which contains configurable settings. The sections in this article discuss the resources and settings that relate to a VPN gateway for a virtual network created in [Resource Manager deployment model](../azure-resource-manager/management/deployment-models.md). You can find descriptions and topology diagrams for each connection solution in the [VPN Gateway design](design.md) article. -The values in this article apply VPN gateways (virtual network gateways that use the -GatewayType Vpn). Additionally, this article covers many, but not all, gateway types and SKUs. See the following articles for information regarding gateways that use these specified settings: +The values in this article apply VPN gateways (virtual network gateways that use the -GatewayType Vpn). See the following articles for information regarding gateways that use these specified settings: * For values that apply to -GatewayType 'ExpressRoute', see [Virtual Network Gateways for ExpressRoute](../expressroute/expressroute-about-virtual-network-gateways.md). The values in this article apply VPN gateways (virtual network gateways that use * For active-active gateways, see [About highly available connectivity](vpn-gateway-highlyavailable.md). -* For Virtual WAN, see [About Virtual WAN](../virtual-wan/virtual-wan-about.md). +* For Virtual WAN gateways, see [About Virtual WAN](../virtual-wan/virtual-wan-about.md). -## <a name="vpntype"></a>VPN types: Route-based and policy-based +## <a name="vpntype"></a>VPN types Currently, Azure supports two gateway VPN types: route-based VPN gateways and policy-based VPN gateways. They're built on different internal platforms, which result in different specifications. New-AzVirtualNetworkGateway -Name vnetgw1 -ResourceGroupName testrg ` -VpnType RouteBased ``` -## <a name="gwsku"></a>Gateway SKUs +## <a name="gwsku"></a>Gateway SKUs and performance --### Configure a gateway SKU --**Azure portal** --If you use the Azure portal to create a Resource Manager virtual network gateway, you can select the gateway SKU by using the dropdown. The options you're presented with correspond to the Gateway type that you select. For steps, see [Create and manage a VPN gateway](tutorial-create-gateway-portal.md). --**PowerShell** --The following PowerShell example specifies the `-GatewaySku` as VpnGw1. When using PowerShell to create a gateway, you must first create the IP configuration, then use a variable to refer to it. In this example, the configuration variable is $gwipconfig. --```azurepowershell-interactive -New-AzVirtualNetworkGateway -Name VNet1GW -ResourceGroupName TestRG1 ` --Location 'US East' -IpConfigurations $gwipconfig -GatewaySku VpnGw1 `--GatewayType Vpn -VpnType RouteBased-``` --**Azure CLI** --```azurecli -az network vnet-gateway create --name VNet1GW --public-ip-address VNet1GWPIP --resource-group TestRG1 --vnet VNet1 --gateway-type Vpn --vpn-type RouteBased --sku VpnGw1 --no-wait -``` --### <a name="resizechange"></a>Resizing or changing a SKU --If you have a VPN gateway and you want to use a different gateway SKU, your options are to either resize your gateway SKU, or to change to another SKU. When you change to another gateway SKU, you delete the existing gateway entirely and build a new one. Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU. In comparison, when you resize a gateway SKU, there isn't much downtime because you don't have to delete and rebuild the gateway. While it's faster to resize your gateway SKU, there are rules regarding resizing: --1. Except for the Basic SKU, you can resize a VPN gateway SKU to another VPN gateway SKU within the same generation (Generation1 or Generation2) and SKU family (VpnGwx or VpnGwxAZ). - * Example: VpnGw1 of Generation1 can be resized to VpnGw2 of Generation1, but can't be resized to VpnGw2 of Generation2. The gateway must instead be changed (deleted and rebuilt). - * Example: VpnGw2 of Generation2 can't be resized to VpnGw2AZ of either Generation1 or Generation2 because the "AZ" gateways are [zone redundant](about-zone-redundant-vnet-gateways.md). To change to an AZ SKU, delete the gateway and rebuild it using the desired AZ SKU. -1. When working with older legacy SKUs: - * You can resize between Standard and HighPerformance SKUs. - * You **cannot** resize from Basic/Standard/HighPerformance SKUs to VpnGw SKUs. You must instead, [change](#change) to the new SKUs. --#### <a name="resizegwsku"></a>To resize a gateway --**Azure portal** ---**PowerShell** ---#### <a name="change"></a>To change from an old (legacy) SKU to a new SKU -+See [About Gateway SKUs](about-gateway-skus.md) article for the latest information about gateway SKUs, performance, and supported features. ## <a name="connectiontype"></a>Connection types New-AzLocalNetworkGateway -Name LocalSite -ResourceGroupName testrg ` -Location 'West US' -GatewayIpAddress '23.99.221.164' -AddressPrefix '10.5.51.0/24' ``` -Sometimes you need to modify the local network gateway settings. For example, when you add or modify the address range, or if the IP address of the VPN device changes. See [Modify local network gateway settings using PowerShell](vpn-gateway-modify-local-network-gateway.md). +Sometimes you need to modify the local network gateway settings. For example, when you add or modify the address range, or if the IP address of the VPN device changes. For more information, see [Modify local network gateway settings](vpn-gateway-modify-local-network-gateway-portal.md). ## <a name="resources"></a>REST APIs, PowerShell cmdlets, and CLI |
vpn-gateway | Vpn Gateway Connect Multiple Policybased Rm Ps | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps.md | -# Connect a VPN gateway to multiple on-premises policy-based VPN devices - PowerShell +# Connect a VPN gateway to multiple on-premises policy-based VPN devices -This article helps you configure an Azure route-based VPN gateway to connect to multiple on-premises policy-based VPN devices leveraging custom IPsec/IKE policies on S2S VPN connections. +This article helps you configure an Azure route-based VPN gateway to connect to multiple on-premises policy-based VPN devices leveraging custom IPsec/IKE policies on S2S VPN connections. The steps in this article use Azure PowerShell. ## <a name="about"></a>About policy-based and route-based VPN gateways Policy-based *vs.* route-based VPN devices differ in how the IPsec traffic selec The following diagrams highlight the two models: -### Policy-based VPN example -![policy-based](./media/vpn-gateway-connect-multiple-policybased-rm-ps/policybasedmultisite.png) +**Policy-based VPN example** -### Route-based VPN example -![route-based](./media/vpn-gateway-connect-multiple-policybased-rm-ps/routebasedmultisite.png) ++**Route-based VPN example** + ### Azure support for policy-based VPN+ Currently, Azure supports both modes of VPN gateways: route-based VPN gateways and policy-based VPN gateways. They're built on different internal platforms, which result in different specifications. For more information about gateways, throughput,and connections, see [About VPN Gateway settings](vpn-gateway-about-vpn-gateway-settings.md). [!INCLUDE [vpn table type](../../includes/vpn-gateway-vpn-type-table.md)] Previously, when working with policy-based VPNs, you were limited to using the policy-based VPN gateway Basic SKU and could only connect to 1 on-premises VPN/firewall device. Now, using custom IPsec/IKE policy, you can use a route-based VPN gateway and connect to multiple policy-based VPN/firewall devices. To make a policy-based VPN connection using a route-based VPN gateway, configure the route-based VPN gateway to use prefix-based traffic selectors with the option **"PolicyBasedTrafficSelectors"**. -> [!IMPORTANT] -> 1. To enable this connectivity, your on-premises policy-based VPN devices must support **IKEv2** to connect to the Azure route-based VPN gateways. Check your VPN device specifications. -> 2. The on-premises networks connecting through policy-based VPN devices with this mechanism can only connect to the Azure virtual network; **they cannot transit to other on-premises networks or virtual networks via the same Azure VPN gateway**. -> 3. The configuration option is part of the custom IPsec/IKE connection policy. If you enable the policy-based traffic selector option, you must specify the complete policy (IPsec/IKE encryption and integrity algorithms, key strengths, and SA lifetimes). +**Considerations** -The following diagram shows why transit routing via Azure VPN gateway doesn't work with the policy-based option: +* To enable this connectivity, your on-premises policy-based VPN devices must support **IKEv2** to connect to the Azure route-based VPN gateways. Check your VPN device specifications. -![policy-based transit](./media/vpn-gateway-connect-multiple-policybased-rm-ps/policybasedtransit.png) +* The on-premises networks connecting through policy-based VPN devices with this mechanism can only connect to the Azure virtual network; **they cannot transit to other on-premises networks or virtual networks via the same Azure VPN gateway**. -As shown in the diagram, the Azure VPN gateway has traffic selectors from the virtual network to each of the on-premises network prefixes, but not the cross-connection prefixes. For example, on-premises site 2, site 3, and site 4 can each communicate to VNet1 respectively, but can't connect via the Azure VPN gateway to each other. The diagram shows the cross-connect traffic selectors that aren't available in the Azure VPN gateway under this configuration. +* The configuration option is part of the custom IPsec/IKE connection policy. If you enable the policy-based traffic selector option, you must specify the complete policy (IPsec/IKE encryption and integrity algorithms, key strengths, and SA lifetimes). -## <a name="workflow"></a>Workflow +The following diagram shows why transit routing via VPN gateway doesn't work with the policy-based option: -The instructions in this article follow the same example as described in [Configure IPsec/IKE policy for S2S or VNet-to-VNet connections](vpn-gateway-ipsecikepolicy-rm-powershell.md) to establish a S2S VPN connection. This is shown in the following diagram: -![s2s-policy](./media/vpn-gateway-connect-multiple-policybased-rm-ps/s2spolicypb.png) +As shown in the diagram, the Azure VPN gateway has traffic selectors from the virtual network to each of the on-premises network prefixes, but not the cross-connection prefixes. For example, on-premises site 2, site 3, and site 4 can each communicate to VNet1 respectively, but can't connect via the Azure VPN gateway to each other. The diagram shows the cross-connect traffic selectors that aren't available in the Azure VPN gateway under this configuration. -The workflow to enable this connectivity: -1. Create the virtual network, VPN gateway, and local network gateway for your cross-premises connection. -2. Create an IPsec/IKE policy. -3. Apply the policy when you create a S2S or VNet-to-VNet connection, and **enable the policy-based traffic selectors** on the connection. -4. If the connection is already created, you can apply or update the policy to an existing connection. +## Workflow -## Before you begin +The instructions in this article follow the same example as described in [Configure IPsec/IKE policy for S2S or VNet-to-VNet connections](vpn-gateway-ipsecikepolicy-rm-powershell.md) to establish a S2S VPN connection. This is shown in the following diagram: -* Verify that you have an Azure subscription. If you don't already have an Azure subscription, you can activate your [MSDN subscriber benefits](https://azure.microsoft.com/pricing/member-offers/msdn-benefits-details) or sign up for a [free account](https://azure.microsoft.com/pricing/free-trial). -* [!INCLUDE [powershell](../../includes/vpn-gateway-cloud-shell-powershell-about.md)] +To enable connectivity, use the following workflow: ++1. Create the virtual network, VPN gateway, and local network gateway for your cross-premises connection. +1. Create an IPsec/IKE policy. +1. Apply the policy when you create a S2S or VNet-to-VNet connection, and **enable the policy-based traffic selectors** on the connection. +1. If the connection is already created, you can apply or update the policy to an existing connection. ## <a name="enablepolicybased"></a>Enable policy-based traffic selectors This section shows you how to enable policy-based traffic selectors on a connection. Make sure you have completed [Part 3 of the Configure IPsec/IKE policy article](vpn-gateway-ipsecikepolicy-rm-powershell.md). The steps in this article use the same parameters. -### Step 1: Create the virtual network, VPN gateway, and local network gateway --#### Connect to your subscription and declare your variables --1. If you're running PowerShell locally on your computer, sign in using the *Connect-AzAccount* cmdlet. Or, instead, use Azure Cloud Shell in your browser. +### Create the virtual network, VPN gateway, and local network gateway -2. Declare your variables. For this exercise, we use the following variables: +1. Connect to your subscription. If you're running PowerShell locally on your computer, sign in using the *Connect-AzAccount* cmdlet. Or, instead, use Azure Cloud Shell in your browser. +1. Declare your variables. For this exercise, we use the following variables: ```azurepowershell-interactive $Sub1 = "<YourSubscriptionName>" This section shows you how to enable policy-based traffic selectors on a connect $LNGIP6 = "131.107.72.22" ``` -#### Create the virtual network, VPN gateway, and local network gateway - 1. Create a resource group. ```azurepowershell-interactive New-AzResourceGroup -Name $RG1 -Location $Location1 ```-2. Use the following example to create the virtual network TestVNet1 with three subnets, and the VPN gateway. If you want to substitute values, it's important that you always name your gateway subnet specifically 'GatewaySubnet'. If you name it something else, your gateway creation fails. ++1. Use the following example to create the virtual network TestVNet1 with three subnets, and the VPN gateway. If you want to substitute values, it's important that you always name your gateway subnet specifically 'GatewaySubnet'. If you name it something else, your gateway creation fails. ```azurepowershell-interactive $fesub1 = New-AzVirtualNetworkSubnetConfig -Name $FESubName1 -AddressPrefix $FESubPrefix1 This section shows you how to enable policy-based traffic selectors on a connect New-AzLocalNetworkGateway -Name $LNGName6 -ResourceGroupName $RG1 -Location $Location1 -GatewayIpAddress $LNGIP6 -AddressPrefix $LNGPrefix61,$LNGPrefix62 ``` -### Step 2: Create an S2S VPN connection with an IPsec/IKE policy +### Create an S2S VPN connection with an IPsec/IKE policy 1. Create an IPsec/IKE policy. This section shows you how to enable policy-based traffic selectors on a connect ```azurepowershell-interactive $ipsecpolicy6 = New-AzIpsecPolicy -IkeEncryption AES256 -IkeIntegrity SHA384 -DhGroup DHGroup24 -IpsecEncryption AES256 -IpsecIntegrity SHA256 -PfsGroup None -SALifeTimeSeconds 14400 -SADataSizeKilobytes 102400000 ```+ 1. Create the S2S VPN connection with policy-based traffic selectors and IPsec/IKE policy and apply the IPsec/IKE policy created in the previous step. Be aware of the additional parameter "-UsePolicyBasedTrafficSelectors $True", which enables policy-based traffic selectors on the connection. ```azurepowershell-interactive This section shows you how to enable policy-based traffic selectors on a connect New-AzVirtualNetworkGatewayConnection -Name $Connection16 -ResourceGroupName $RG1 -VirtualNetworkGateway1 $vnet1gw -LocalNetworkGateway2 $lng6 -Location $Location1 -ConnectionType IPsec -UsePolicyBasedTrafficSelectors $True -IpsecPolicies $ipsecpolicy6 -SharedKey 'AzureA1b2C3' ```+ 1. After completing the steps, the S2S VPN connection will use the IPsec/IKE policy defined, and enable policy-based traffic selectors on the connection. You can repeat the same steps to add more connections to additional on-premises policy-based VPN devices from the same Azure VPN gateway. ## <a name="update"></a>To update policy-based traffic selectors+ This section shows you how to update the policy-based traffic selectors option for an existing S2S VPN connection. 1. Get the connection resource. This section shows you how to update the policy-based traffic selectors option f $Connection16 = "VNet1toSite6" $connection6 = Get-AzVirtualNetworkGatewayConnection -Name $Connection16 -ResourceGroupName $RG1 ```+ 1. View the policy-based traffic selectors option. The following line shows whether the policy-based traffic selectors are used for the connection: The following line shows whether the policy-based traffic selectors are used for If the line returns "**True**", then policy-based traffic selectors are configured on the connection; otherwise it returns "**False**." 1. Once you obtain the connection resource, you can enable or disable the policy-based traffic selectors on a connection. - - To Enable + * To Enable The following example enables the policy-based traffic selectors option, but leaves the IPsec/IKE policy unchanged: The following line shows whether the policy-based traffic selectors are used for Set-AzVirtualNetworkGatewayConnection -VirtualNetworkGatewayConnection $connection6 -UsePolicyBasedTrafficSelectors $True ``` - - To Disable + * To Disable The following example disables the policy-based traffic selectors option, but leaves the IPsec/IKE policy unchanged: The following line shows whether the policy-based traffic selectors are used for ## Next steps Once your connection is complete, you can add virtual machines to your virtual networks. See [Create a Virtual Machine](../virtual-machines/windows/quick-create-portal.md) for steps. -Also review [Configure IPsec/IKE policy for S2S VPN or VNet-to-VNet connections](vpn-gateway-ipsecikepolicy-rm-powershell.md) for more details on custom IPsec/IKE policies. +Also review [Configure IPsec/IKE policy for S2S VPN or VNet-to-VNet connections](vpn-gateway-ipsecikepolicy-rm-powershell.md) for more details on custom IPsec/IKE policies. |
vpn-gateway | Vpn Gateway Create Site To Site Rm Powershell | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/vpn-gateway/vpn-gateway-create-site-to-site-rm-powershell.md | This article shows you how to use PowerShell to create a site-to-site VPN gatewa > * [PowerShell](vpn-gateway-create-site-to-site-rm-powershell.md) > * [CLI](vpn-gateway-howto-site-to-site-resource-manager-cli.md) > * [Azure portal (classic)](vpn-gateway-howto-site-to-site-classic-portal.md)-> -> A site-to-site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it. For more information about VPN gateways, see [About VPN gateway](vpn-gateway-about-vpngateways.md). Gateway IP Config = gwipconfig1 VPNType = RouteBased GatewayType = Vpn ConnectionName = VNet1toSite1- ``` ## <a name="VNet"></a>1. Create a virtual network and a gateway subnet -If you don't already have a virtual network, create one. When creating a virtual network, make sure that the address spaces you specify don't overlap any of the address spaces that you have on your on-premises network. +If you don't already have a virtual network, create one. When creating a virtual network, make sure that the address spaces you specify don't overlap any of the address spaces that you have on your on-premises network. ->[!NOTE] ->In order for this VNet to connect to an on-premises location, you need to coordinate with your on-premises network administrator to carve out an IP address range that you can use specifically for this virtual network. If a duplicate address range exists on both sides of the VPN connection, traffic does not route the way you may expect it to. Additionally, if you want to connect this VNet to another VNet, the address space cannot overlap with other VNet. Take care to plan your network configuration accordingly. -> -> +> [!NOTE] +> In order for this VNet to connect to an on-premises location, you need to coordinate with your on-premises network administrator to carve out an IP address range that you can use specifically for this virtual network. If a duplicate address range exists on both sides of the VPN connection, traffic does not route the way you might expect it to. Additionally, if you want to connect this VNet to another VNet, the address space cannot overlap with other VNet. Take care to plan your network configuration accordingly. ### About the gateway subnet Use the steps in this section if you already have a virtual network, but need to The local network gateway (LNG) typically refers to your on-premises location. It isn't the same as a virtual network gateway. You give the site a name by which Azure can refer to it, then specify the IP address of the on-premises VPN device to which you will create a connection. You also specify the IP address prefixes that will be routed through the VPN gateway to the VPN device. The address prefixes you specify are the prefixes located on your on-premises network. If your on-premises network changes, you can easily update the prefixes. -Use the following values: +Select one of the following examples. The values used in the examples are: * The *GatewayIPAddress* is the IP address of your on-premises VPN device. * The *AddressPrefix* is your on-premises address space. -To add a local network gateway with a single address prefix: +**Single address prefix example** ```azurepowershell-interactive New-AzLocalNetworkGateway -Name Site1 -ResourceGroupName TestRG1 ` -Location 'East US' -GatewayIpAddress '23.99.221.164' -AddressPrefix '10.0.0.0/24' ``` -To add a local network gateway with multiple address prefixes: +**Multiple address prefix example** ```azurepowershell-interactive New-AzLocalNetworkGateway -Name Site1 -ResourceGroupName TestRG1 ` -Location 'East US' -GatewayIpAddress '23.99.221.164' -AddressPrefix @('20.0.0.0/24','10.0.0.0/24') ``` -To modify IP address prefixes for your local network gateway: --Sometimes your local network gateway prefixes change. The steps you take to modify your IP address prefixes depend on whether you have created a VPN gateway connection. See the [Modify IP address prefixes for a local network gateway](#modify) section of this article. - ## <a name="PublicIP"></a>3. Request a public IP address A VPN gateway must have a public IP address. You first request the IP address resource, and then refer to it when creating your virtual network gateway. The IP address is dynamically assigned to the resource when the VPN gateway is created. The only time the public IP address changes is when the gateway is deleted and re-created. It doesn't change across resizing, resetting, or other internal maintenance/upgrades of your VPN gateway. Create the virtual network VPN gateway. Use the following values: -* The *-GatewayType* for a site-to-site configuration is *Vpn*. The gateway type is always specific to the configuration that you are implementing. For example, other gateway configurations may require -GatewayType ExpressRoute. +* The *-GatewayType* for a site-to-site configuration is *Vpn*. The gateway type is always specific to the configuration that you're implementing. For example, other gateway configurations might require -GatewayType ExpressRoute. * The *-VpnType* can be *RouteBased* (referred to as a Dynamic Gateway in some documentation), or *PolicyBased* (referred to as a Static Gateway in some documentation). For more information about VPN gateway types, see [About VPN Gateway](vpn-gateway-about-vpngateways.md). * Select the Gateway SKU that you want to use. There are configuration limitations for certain SKUs. For more information, see [Gateway SKUs](vpn-gateway-about-vpn-gateway-settings.md#gwsku). If you get an error when creating the VPN gateway regarding the -GatewaySku, verify that you have installed the latest version of the PowerShell cmdlets. ```azurepowershell-interactive New-AzVirtualNetworkGateway -Name VNet1GW -ResourceGroupName TestRG1 ` -Location 'East US' -IpConfigurations $gwipconfig -GatewayType Vpn `--VpnType RouteBased -GatewaySku VpnGw1+-VpnType RouteBased -GatewaySku VpnGw2 ``` Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU. Remove-AzVirtualNetworkGatewayConnection -Name VNet1toSite1 ` ## Next steps -* Once your connection is complete, you can add virtual machines to your virtual networks. For more information, see [Virtual Machines](../index.yml). +* Once your connection is complete, you can add virtual machines to your virtual networks. For more information, see [Virtual Machines](../index.yml). * For information about BGP, see the [BGP Overview](vpn-gateway-bgp-overview.md) and [How to configure BGP](vpn-gateway-bgp-resource-manager-ps.md). * For information about creating a site-to-site VPN connection using Azure Resource Manager template, see [Create a site-to-site VPN Connection](https://azure.microsoft.com/resources/templates/site-to-site-vpn-create/). * For information about creating a vnet-to-vnet VPN connection using Azure Resource Manager template, see [Deploy HBase geo replication](https://azure.microsoft.com/resources/templates/hdinsight-hbase-replication-geo/). |
vpn-gateway | Vpn Gateway Troubleshoot Site To Site Cannot Connect | https://github.com/MicrosoftDocs/azure-docs/commits/main/articles/vpn-gateway/vpn-gateway-troubleshoot-site-to-site-cannot-connect.md | If the Internet-facing IP address of the VPN device is included in the **Local n > [!NOTE] > Basic SKU VPN gateways do not reply to health probe.-> They are not recommended for [production workloads](vpn-gateway-about-vpn-gateway-settings.md#workloads). +> They are not recommended for [production workloads](about-gateway-skus.md#workloads). ### Step 8: Check whether the on-premises VPN device has the perfect forward secrecy feature enabled |