You can change the certificate installed on the SBC Edge system by obtaining the signed certificate from a Trusted CA or from a local Stand-Alone Windows Certificate Authority, and importing it as outlined in the instructions on this page.
If so, the likely reason is a missing CA Root Certificate. The SBC does not have any pre-installed CA root X.509 certificates, unlike typical browsers found on your PC. Ensure the entire certificate chain of trust is installed on the SBC, including the root certificate. Acquire the CA root certificate as follows:
NOTE: Root certificates are easily acquired from the certificate authorities. For example, the root certificate for the GoDaddy Class 2 Certification Authority may be found at https://ssl-ccp.godaddy.com/repository?origin=CALLISTO . For more information about root certificates, intermediate certificates, and the SBC server (“leaf”) certificates, refer to this tutorial.
For other certificate-related errors, refer to Common Troubleshooting Issues with Certificates in SBC Edge.
Before importing a new Signed Server Certificate, you must first import a valid Trusted CA Certificate.
SHA2-256 Certificate Compatibility
SHA2-256 CA Certificates may be used for the SBA, SBC, and Lync 2013 Servers. Lync 2010 requires that all devices employ ALL SHA1 Certificates. For more information see the Microsoft SHA1 Deprecation Policy.
In the left navigation pane, go to Security > SBC Certificates > SBC Primary Certificate.
This field displays the enhanced key usage regarding the purposes for which the subject's public key may be used.
TLS Web Server Authentication usage purpose is required in order to be compatible with some browsers.
Displays the key usage for defining the purposes of the key contained in the certificate.
Non-repudiation service purpose is disallowed in order to be compatible with some browsers.
To import an X.509 signed certificate:
Select X.509 Signed Certificate from the Import menu at the top of the page.
Chose the import mode (Copy and Paste or File Upload) from the Mode pull-down menu.
To import a PKCS12 Certificate and Key:
Select PKCS12 Certificate and Key from the Import menu at the top of the page.
Enter the password used to export the certificate in the Password field.
Browse for the PKCS certificate and key file.
Once you have imported the Signed Server Certificate:
Ensure that the Verify Status field indicates OK.
If the Verify Status field does not indicate OK, repeat the steps aboveto obtain a valid certificate.