In this section:
This section outlines how to import and verify the supplementary certificates.
If your node has a SHA-2 256 signed server certificate, the SBC does not interoperate with Lync 2010 or earlier OCS/Lync versions. The signature algorithm (sha256WithRSAEncryption) is in the Certificate panel of the SBC Supplementary Certificates screen.
You may use SHA-2 256 CA certificates for the SBA, SBC, and Lync 2013 Servers. Lync 2010 requires all devices to employ all SHA-1 Certificates. For more information, refer to Microsoft's SHA1 Deprecation Policy.
You can import a maximum of 10 supplementary certificates.
You cannot import certificates that have the same Common Name.
The following procedures outline how to import the X.509 signed certificate and PKCS12 certificate and key.
You must import a valid Trusted CA certificate before you import a new signed server certificate.
Use the following procedure to import an X.509 signed certificate.
Select Security > SBC Certificates > SBC Supplementary Certificates.
Paste the contents into the Paste Base64 Certificate field.
Use the following procedure to import a PKCS12 certificate and key.
You must import the PKCS12 certificate as an SBC certificate pair. Do not import the PKCS12 certificate as a chain.
When you import a PKCS12 certificate, you must import the Trusted CA certificates as a chain if there are intermediate CA and root CA certificates.
Select Security > SBC Certificates > SBC Supplementary Certificates.
Select PKCS12 Certificate and Key from the Import drop-down menu.
In the Password field, enter the password used to export the certificate.
You must use the same password that was used during the certificate and key export.
Click Browse to find the PKCS certificate and key file.
Use the following procedure to verify a supplementary certificate.
The SBC does not support server (SBC 1000/2000) certificates with a 4096 RSA Key because of the amount of time required to generate a key and process calls.
The SBC supports Trusted Root CA certificates with a 4096 RSA Key, but these require further testing.
Select Security > SBC Certificates > SBC Supplementary Certificates.
Expand the details of the certificate you want to verify.
Enhanced Key Usage: This field displays the enhanced key usage, which outlines the purpose of the subject's public key. For compatibility with some browsers, the SBC requires the TLS Web Server Authentication usage.
Key Usage: This field displays the key usage to define the purpose of the key in the certificate. For compatibility with some browsers, the SBC does not allow the non-repudiation service.
the Verify Status field displays OK.
Reimport the supplementary certificate to obtain a valid certificate if the Verify Status field does not display OK.
Most browsers require the Enhanced Key Usage field for certificate acceptance based on use purpose.