...
Caption |
---|
0 | Figure |
---|
1 | Configure Domain Names - Example |
---|
|
Image Modified |
Obtain Certificate
...
The Certificate must be issued by one of the supported certification authorities (CAs). Wildcard certificates are supported.
...
Expand |
---|
title | Click here to expand for how to generate Certificates on the SBC |
---|
|
Warning |
---|
title | Warning: Common Encryption Certificate Issues Arise from Missing Root Certificates |
---|
| - Did you only install the CA-signed SBC certificate, along with the intermediate certificate(s) sent by your issuing CA?
- Did you get the following error message from the SBC?
If so, the likely reason is a missing CA Root Certificate. The SBC does not have any pre-installed CA root X.509 certificates, unlike typical browsers found on your PC. Ensure the entire certificate chain of trust is installed on the SBC, including the root certificate. Acquire the CA root certificate as follows: - Contact your system administrator or certificate vendor to acquire the root, and any further missing intermediate certificate(s) to provision the entire certificate chain of trust within the SBC;
- Load the root certificate, along with the intermediate and SBC certificates, according to Importing Trusted Root CA Certificates.
NOTE: Root certificates are easily acquired from the certificate authorities. For example, the root certificate for the GoDaddy Class 2 Certification Authority may be found at https://ssl-ccp.godaddy.com/repository?origin=CALLISTO . For more information about root certificates, intermediate certificates, and the SBC server (“leaf”) certificates, refer to this tutorial. For other certificate-related errors, refer to Common Troubleshooting Issues with Certificates in SBC Edge Portfolio. |
Microsoft Teams Direct Routing allows only TLS connections from the SBC for SIP traffic with a certificate signed by one of the trusted certification authorities. Request a certificate for the SBC External interface and configure it based on the example using GlobalSign as follows: - Generate a Certificate Signing Request (CSR) and obtain the certificate from a supported Certification Authority.
- Import the Public CA Root/Intermediate Certificate on the SBC.
- Import the Microsoft CA Certificate on the SBC.
- Import the SBC Certificate.
Info |
---|
The certificate is obtained through the Certificate Signing Request (instructions below). The Trusted Root and Intermediary Signing Certificates are obtained from your certification authority. |
Step 1: Generate a Certificate Signing Request and obtain the certificate from a supported Certification Authority (CA)Many CA's do not support a private key with a length of 1024 bits. Validate with your CA requirements and select the appropriate length of the key. - Access the WebUI.
- Access Settings > Security > SBC Certificates.
Click Generate SBC Edge CSR. Enter data in the required fields. Click OK. After the Certificate Signing request finishes generating, copy the result to the clipboard.
Caption |
---|
0 | Figure |
---|
1 | Generate Certificate Signing Request |
---|
| Image Modified |
- Use the generated CSR text from the clipboard to obtain the certificate.
After receiving the certificates from the certification authority, install the SBC Certificate and Root/Intermediate Certificates as follows: - Obtain Trusted Root and Intermediary signing certificates from your certification authority.
- Access the WebUI.
- To install Trusted Root Certificates, click Settings > Security > SBC Certificates > Trusted Root Certificates.
- Click Import and select the trusted root certificates.
- To install the SBC certificate, open Settings > Security > SBC Certificates > SBC Primary Certificate.
Validate the certificate is installed correctly. Caption |
---|
0 | Figure |
---|
1 | Validate Certificate |
---|
| Image Modified |
- Click Import and select X.509 Signed Certificate.
Validate the certificate is installed correctly. Caption |
---|
0 | Figure |
---|
1 | Validate Certificate |
---|
| Image Modified |
|
Firewall Rules
...