Certificate Requirements

Certificate Requirements


Each SBC deployed must have a public certificate from a supported Public CA, There are 3 options to create a certificates.

Option 1 - Single SBC

A Single certificate with a single SBC.

SN SAN
sbc.shanehoey.example  

Option 2 - Multiple SBC

A Single certificate with multiple SBC’s

SN SAN
sbc.shanehoey.example sbc-au.shanehoey.example, sbc-nz.shanehoey.example

Option 3 - Wildcard

A certificate with a Wildcard in the SAN

SN SAN
sbc.shanehoey.example *.shanehoey.example
CommonName  
*.shanehoey.example  
  • The FQDN of the SBC must be in the SN,SAN or common name of the Certificate

In the above examples shanehoey.example is the example domain only, you should replace this with your public domain. Do not use the onmicrosoft.com domain. Also when generating certificate you must use 2048

Supported Public CA


Microsoft currently supports the following CA’s

  • AddTrust External CA Root
  • Baltimore CyberTrust Root
  • Buypass
  • Class 3 Public Primary Certification Authority
  • DigiCert Global Root CA
  • Entrust
  • GlobalSign
  • Go Daddy
  • Verisign, Inc.
  • Symantec Enterprise Mobile Root for Microsoft
  • Thawte Timestamping CA
  • Trustwave
  • T-Systems International GmbH (Deutsche Telekom)
  • QuoVadis
Baltimore Trusted Root Certificate

On the SBC The Baltimore Trusted Root must be installed , it can me downloaded from

https://cacert.omniroot.com/bc2025.pem https://cacert.omniroot.com/bc2025.crt