Each SBC deployed must have a public certificate from a supported Public CA, There are 3 options to create a certificates.
Option 1 - Single SBC
A Single certificate with a single SBC.
Option 2 - Multiple SBC
A Single certificate with multiple SBC’s
Option 3 - Wildcard
A certificate with a Wildcard in the SAN
- The FQDN of the SBC must be in the SN,SAN or common name of the Certificate
In the above examples shanehoey.example is the example domain only, you should replace this with your public domain. Do not use the onmicrosoft.com domain. Also when generating certificate you must use 2048
Supported Public CA
Microsoft currently supports the following CA’s
- AddTrust External CA Root
- Baltimore CyberTrust Root
- Class 3 Public Primary Certification Authority
- DigiCert Global Root CA
- Go Daddy
- Verisign, Inc.
- Symantec Enterprise Mobile Root for Microsoft
- Thawte Timestamping CA
- T-Systems International GmbH (Deutsche Telekom)
Baltimore Trusted Root Certificate
On the SBC The Baltimore Trusted Root must be installed , it can me downloaded from
Direct Routing Explained
This Direct Routing Cheat Sheet is a condensed overview to planning and deployment of Direct Routing in Microsoft Teams.