Merge pull request #312065 from jlian/fix/gateway-stale-baltimore-refs

Update stale Baltimore CyberTrust Root references to DigiCert Global Root G2

Author: prmerger-automator[bot]

articles/iot-edge/how-to-connect-downstream-device.md

@@ -66,9 +66,9 @@ Securely connecting downstream devices to IoT Edge is similar to other secure cl
 
 When a client connects to a server, the server presents a chain of certificates called the *server certificate chain*. A certificate chain usually has a root certificate authority (CA) certificate, one or more intermediate CA certificates, and the server's certificate. The client trusts the server by cryptographically verifying the entire server certificate chain. This process is called *server chain validation*. The client also challenges the server to prove it has the private key for the server certificate, called *proof of possession*. Together, server chain validation and proof of possession are called *server authentication*. To validate a server certificate chain, the client needs a copy of the root CA certificate used to issue the server's certificate. When connecting to websites, browsers come preconfigured with common CA certificates, so the client process is seamless.
 
-When a device connects to Azure IoT Hub, the device is the client and the IoT Hub cloud service is the server. The IoT Hub cloud service uses a root CA certificate called **Baltimore CyberTrust Root**, which is publicly available and widely used. Because the IoT Hub CA certificate is already installed on most devices, many TLS implementations (OpenSSL, Schannel, LibreSSL) automatically use it during server certificate validation. However, a device that connects to IoT Hub can have issues when connecting to an IoT Edge gateway.
+When a device connects to Azure IoT Hub, the device is the client and the IoT Hub cloud service is the server. The IoT Hub cloud service uses a root CA certificate called **DigiCert Global Root G2**, which is publicly available and widely used. Because the IoT Hub CA certificate is already installed on most devices, many TLS implementations (OpenSSL, Schannel, LibreSSL) automatically use it during server certificate validation. However, a device that connects to IoT Hub can have issues when connecting to an IoT Edge gateway.
 
-When a device connects to an IoT Edge gateway, the downstream device is the client and the gateway device is the server. Azure IoT Edge lets you build gateway certificate chains as needed. You can use a public CA certificate, like Baltimore, or a self-signed (or in-house) root CA certificate. Public CA certificates often have a cost, so they're typically used in production scenarios. Self-signed CA certificates are preferred for development and testing. The demo certificates are self-signed root CA certificates.
+When a device connects to an IoT Edge gateway, the downstream device is the client and the gateway device is the server. Azure IoT Edge lets you build gateway certificate chains as needed. You can use a public CA certificate, like DigiCert, or a self-signed (or in-house) root CA certificate. Public CA certificates often have a cost, so they're typically used in production scenarios. Self-signed CA certificates are preferred for development and testing. The demo certificates are self-signed root CA certificates.
 
 When you use a self-signed root CA certificate for an IoT Edge gateway, you need to install it on or provide it to all downstream devices that connect to the gateway.
 

articles/iot-edge/how-to-connect-downstream-iot-edge-device.md

@@ -108,7 +108,7 @@ For more information about IoT Edge certificate requirements, see
     * Any **intermediate certificates** that you want to include in the root certificate chain.
     * An **Edge CA certificate** and its **private key**, generated by the root and intermediate certificates. You need one unique Edge CA certificate for each IoT Edge device in the gateway hierarchy.
 
-    You can use either a self-signed certificate authority or purchase one from a trusted commercial certificate authority like Baltimore, Verisign, Digicert, or GlobalSign.
+    You can use either a self-signed certificate authority or purchase one from a trusted commercial certificate authority like DigiCert, Verisign, or GlobalSign.
 
 1. If you don't have your own certificates for testing, create one set of root and intermediate certificates, and then create Edge CA certificates for each device.
 For example, these commands create a root CA certificate, a parent device certificate, and a child device certificate.