From 21d314fde643fc516f11bbe199cd0f1b5d1e85ea Mon Sep 17 00:00:00 2001
From: Luis Pablo Galeas Bardales <galeaspablo@hotmail.com>
Date: Fri, 29 Nov 2024 19:02:01 +0000
Subject: [PATCH] Document Azure's requirement of trusting DigiCert root
 certificates

---
 README.MD | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.MD b/README.MD
index 56e1b59..df51c31 100644
--- a/README.MD
+++ b/README.MD
@@ -44,6 +44,9 @@ services:
             "--client-ca-roots-path", "/etc/pgt_proxy/client_tls/aws_rds/"
         ]
     pgt-proxy-connecting-to-azure-digicert:
+        # Connections to Azure managed PG databases require the use of 1 Microsoft root 
+        # certificate + 2 DigiCert root certificates as per:
+        # https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking-ssl-tls#read-replicas-with-certificate-pinning-scenarios
         image: ambarltd/pgt-proxy:latest
         ports:
             - "5433:5432"