Certificate Requirements

Certificate Requirements

Each SBC deployed must have a public certificate from a supported Public CA, There are 3 options to create a certificates.

Option 1 - Single SBC

A Single certificate with a single SBC.


Option 2 - Multiple SBC

A Single certificate with multiple SBC’s

sbc.shanehoey.example sbc-au.shanehoey.example, sbc-nz.shanehoey.example

Option 3 - Wildcard

A certificate with a Wildcard in the SAN

sbc.shanehoey.example *.shanehoey.example
  • The FQDN of the SBC must be in the SN,SAN or common name of the Certificate

In the above examples shanehoey.example is the example domain only, you should replace this with your public domain. Do not use the onmicrosoft.com domain. Also when generating certificate you must use 2048

Supported Public CA

Microsoft currently supports the following CA’s

  • AddTrust External CA Root
  • Baltimore CyberTrust Root
  • Buypass
  • Class 3 Public Primary Certification Authority
  • DigiCert Global Root CA
  • Entrust
  • GlobalSign
  • Go Daddy
  • Verisign, Inc.
  • Symantec Enterprise Mobile Root for Microsoft
  • Thawte Timestamping CA
  • Trustwave
  • T-Systems International GmbH (Deutsche Telekom)
  • QuoVadis
Baltimore Trusted Root Certificate

On the SBC The Baltimore Trusted Root must be installed , it can me downloaded from

https://cacert.omniroot.com/bc2025.pem https://cacert.omniroot.com/bc2025.crt