[Security] update cert rotation include files for both PostgreSQL and MySQL

Author: markingmyname

articles/mysql/flexible-server/includes/certificate-rotation.md

@@ -4,20 +4,15 @@ description: Certificate rotation for Azure Database for MySQL
 author: techlake
 ms.author: hganten
 ms.reviewer: maghan, randolphwest
-ms.date: 01/05/2026
+ms.date: 02/17/2026
 ms.service: azure-database-mysql
 ms.subservice: security
 ms.topic: include
 ms.custom: references_regions
 ---
 
 > [!IMPORTANT]  
-> **Azure Database for MySQL has started a TLS certificate rotation** to update intermediate CA certificates and the resulting certificate chain. The root Certificate Authorities stay the same.
+> **Root certificate rotation schedule:**
 >
-> If your client configuration uses the [***Recommended configurations for TLS***](../security-tls.md#recommended-configurations-for-tls), you don't need to take any action.
->
-> **Certificate rotation schedule**
->
-> - Azure regions West Central US, East Asia, and UK South began their TLS certificate rotation on November 11, 2025.
-> - From January 19, 2026, this certificate rotation extends to the remaining (except China) regions, including Azure Government.
-> - After the Spring Festival (Chinese New Year) 2026, China regions also undergo a certificate rotation that includes a **change to one of the root CAs**.
+> - Updates for root CA certificates from DigiCert Global Root CA (G1) to DigiCert Global Root G2 in China regions start March 9, 2026.
+> - If your client configuration uses the [***Recommended configurations for TLS***](../security-tls.md#recommended-configurations-for-tls), you don't need to take any action.

articles/mysql/flexible-server/security-tls-root-certificate-rotation.md

@@ -4,7 +4,7 @@ description: Learn about the upcoming changes of root certificate rotation that
 author: shih-che
 ms.author: shihche
 ms.reviewer: talawren, maghan, randolphwest
-ms.date: 01/05/2026
+ms.date: 02/17/2026
 ms.service: azure-database-mysql
 ms.subservice: security
 ms.topic: concept-article
@@ -15,25 +15,25 @@ ms.custom:
 
 # Root certificate rotation for Azure Database for MySQL
 
-To maintain our security and compliance standards, we start changing the root certificates for Azure Database for MySQL Flexible Server after September 1, 2025.
+To maintain security and compliance standards, Microsoft starts changing the root certificates for Azure Database for MySQL Flexible Server after September 1, 2026.
 
 The current root certificate **DigiCert Global Root CA** is replaced by two new root certificates:
 
 - **DigiCert Global Root G2**
 - **Microsoft RSA Root Certificate Authority 2017**
 
-If you use Transport Layer Security (TLS) with root certificate verification, you must have all three root certificates installed during the transition period. Once all the certificates are changed, you can remove the old SHA-1 root certificate **DigiCert Global Root CA** from the store. If you don't add the new certificates before September 1, 2025, your connections to the databases **fail**.
+If you use Transport Layer Security (TLS) with root certificate verification, you must install all three root certificates during the transition period. Once you change all the certificates, you can remove the old SHA-1 root certificate **DigiCert Global Root CA** from the store. If you don't add the new certificates before September 1, 2025, your connections to the databases **fail**.
 
 This article provides instructions on how to add the two new root certificates, and answers to frequently asked questions.
 
-> [!NOTE]  
+> [!NOTE]
 > If the continued use of SHA-1 is a blocker and you want to have your certificates changed before the general rollout, follow the [instructions in this article for creating a combined certificate authority (CA) certificate on the client](#how-to-update-the-root-certificate-store-on-your-client). Then open a support request to rotate your certificate for Azure Database for MySQL.
 
 ## Why is a root certificate update required?
 
-Azure Database for MySQL users can only use the predefined certificate to connect to their MySQL server instances. The current certificate is signed by **DigiCert Global Root CA**. It uses SHA-1. The SHA-1 hashing algorithm is considerably insecure, due to discovered vulnerabilities. It's no longer compliant with our security standards.
+Azure Database for MySQL users can only use the predefined certificate to connect to their MySQL server instances. The current certificate is signed by **DigiCert Global Root CA**. It uses SHA-1. The SHA-1 hashing algorithm is considerably insecure, due to discovered vulnerabilities. It's no longer compliant with security standards.
 
-We need to rotate the certificate to one signed by a compliant root certificate authority to remediate the issue.
+Microsoft needs to rotate the certificate to one signed by a compliant root certificate authority to remediate the issue.
 
 ## How to update the root certificate store on your client
 
@@ -43,11 +43,11 @@ The following steps guide you through the process of updating the root certifica
 
 1. Download the three root certificates. If you installed the **DigiCert Global Root CA** certificate, you can skip the first download:
 
-1. [Download the DigiCert Global Root CA certificate](https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem).
+- [Download the DigiCert Global Root CA certificate](https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem).
 
-1. [Download the DigiCert Global Root G2 certificate](https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem).
+- [Download the DigiCert Global Root G2 certificate](https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem).
 
-1. [Download the Microsoft RSA Root Certificate Authority 2017 certificate](https://www.microsoft.com/pkiops/certs/Microsoft%20RSA%20Root%20Certificate%20Authority%202017.crt).
+- [Download the Microsoft RSA Root Certificate Authority 2017 certificate](https://www.microsoft.com/pkiops/certs/Microsoft%20RSA%20Root%20Certificate%20Authority%202017.crt).
 
 1. Add the downloaded certificates to your client certificate store. The process varies depending on the client type.
 
@@ -103,9 +103,9 @@ openssl x509 -inform der -in MicrosoftRSARootCertificateAuthority2017.crt -out M
 
 ## Other clients
 
-For other users that use other clients, you need to create a combined certificate file that contains all three root certificates.
+For users of other clients, create a combined certificate file that contains all three root certificates.
 
-Other clients such as:
+Other clients include:
 
 - MySQL Workbench
 - C or C++
@@ -119,7 +119,7 @@ Other clients such as:
 
 ### Steps
 
-1. Create a new text file and save it as `combined-ca-certificates.pem`
+1. Create a new text file and save it as `combined-ca-certificates.pem`.
 1. Copy and paste the contents of all three certificate files into this single file in the following format:
 
 ```output
@@ -136,7 +136,7 @@ Other clients such as:
 
 ## Data-in replication MySQL
 
-For data-in replication where **both primary and replica are hosted on Azure**, you can merge the CA certificate files in this format:
+For data-in replication where **both primary and replica are hosted on Azure**, merge the CA certificate files in this format:
 
 ```output
 SET @cert = '-----BEGIN CERTIFICATE-----

articles/postgresql/security/includes/certificate-rotation.md

@@ -22,6 +22,6 @@ ms.topic: include
 > - Updates for Central US start on January 26, 2026.
 > - Updates for all other regions start on January 28, 2026.
 
-**Root certificate rotation schedule:**
-
- - Updates for root CA certificates from DigiCert Global Root CA (G1) to DigiCert Global Root G2 in China regions start March 9, 2026.
+> **Root certificate rotation schedule:**
+>
+> - Updates for root CA certificates from DigiCert Global Root CA (G1) to DigiCert Global Root G2 in China regions start March 9, 2026.