Sunday, April 23, 2023

Update Microsoft SIP interfaces TLS certificates from Baltimore CyberTrust Root to DigiCert Global Root G2

Microsoft 365 is changing the TLS certificate used for Meetings, Messages, Telephony, and Voice and Video services. The current Baltimore CyberTrust Root is expiring in May 2025.

Affected endpoints include all Microsoft SIP endpoints used for PSTN traffic that utilizes TLS connectivity. The transition to certificates issued by the new CA will begin in July 2023.

Microsoft is making this move because DigiCert is widely trusted by operating systems including Windows, macOS, Android, and iOS and browsers such as Microsoft Edge, Chrome, Safari, and Firefox.

Suppose you are using Direct Routing in your data center or hosted SBC environment, which was used to have Baltimore CyberTrust Root. In that case, it's time to update the root certificate on the SBC since it is likely that your SBC has a certificate root store that is manually configured and needs to be updated. 

If the certificate is not updated on the SBCs that do not have the new Root CA in their list of acceptable CAs will receive certificate validation errors, which may impact the availability or function of the service. 

You can download the DigiCert root certificate from https://cacerts.digicert.com/DigiCertGlobalRootG2.crt


No comments:

Post a Comment