Forum Discussion
Comodo - Sectigo Certificate for MS Teams Direct Routing
Hi,
We are planning to set up Direct Routing.
For communicaiton between the SBC and MS Teams, a certificate is required and the docs state that "The certificate needs to be generated by one of the following root certificate authorities:"
https://docs.microsoft.com/en-us/microsoftteams/direct-routing-plan#public-trusted-certificate-for-the-sbc
This list also mentions "Comodo Secure Root CA".
Comodo was bought by Sectigo.
We have a certificate from Sectigo.
So I believe it meets the requirements...but I'm not sure MS Teams will accept this license.
I can't find any information about this.
At Sectigo they told me "it should be OK"
In December 2019 an anonymous user on some other website asked the same question but it was not answered so I didn't help me any further.
Does anyone have an idea how I can check/verify this in advance before starting the installation?
Kind regards,
Jeroen
11 Replies
Hi,
We indeed ended up requesting a new certificate from one of the provider on the MS list.
The TLS handshake between SBC and Teams was not OK using the existing Sectigo certificate.
(I should have updated this message earlier)
However godril it's strange your Comodo certificate wasn't accepted the second time as I recently was involved in a second installation using a Comodo certificate. That worked.
Maybe you can't use a certificate for two connections because of "reasons".
Kind regards,
Jeroen.
The cert were different since the domains were also different. I wasnt investigating it long enough at that time because of the time deliver constraint. At that time I tried 30 days trial from other CA and worked fine so I assumed its the CA. But thank you for updating this. Will try the Comodo once again since I will have the 3rd one coming in. By the way, is your working Comodo cert installation for multi tenants (wildcad SSL), or single tenant?
- There are sip trunk providers who offer a fully managed service. They will host the SBC and provide the SIP trunks; therefore they will be responsible the SBC/SIP trunk configuration and management/monitoring of the SBC. I think is worth considering and then you don't need to worry about this...
Hiandrewinfinitel ,
For our solution we need to have the SBC on our own systems and need to be able to reuse the setup for different kinds of providers. So it's not an option to use a provider who delivers a part of the infrastructure.
But thanks for your input!
Kind regards,
Jeroen
Hi jers53
Although I have not used the vendor for Certificate. It should be good to use the certificate from the Vendor. In case you want to have a written confirmation from MS Standpoint I would recommend that you open a Ticket with MS Team and have a confirmation from the Team on Email for documentation purpose.
With Regards.
Satish U
HelloRealTime_M365
Just got off the phone with someone from MS.
They told me that even though the company Comodo is now owned by Sectigo, it doesn't matter. The issuer of the certificate, in the contents of the certificate, needs to be "Comodo" (or another issuer that is on the list) ) and not "Sectigo".
So according to this info I'll have to request a new certificate.Kind regards,
Jeroen
Hi jers53
Thank You for the confirmation!!!
Basically Microsoft has allowed only specific vendors to be trusted with Office 365. Hence we have to have specific vendor to have the TLS Negotiation done properly.
Do let me know in case you need any additional assistance.
With Regards,
Satish U
HelloRealTime_M365
Thanks for your quick and clear reply!
I'll try contacting MS as well for an "official" confirmation, and will update this question if I get an answerKind regards,
Jeroen.
