How to import DigiCert Global Root G2 CA Cert on Ribbon SBC

Hi All,

in a recent alert in the M365 Message Center (MC540239 – SIP certificate to MSPKI Certificate Authority change) Microsoft ask Customers to update their SIP devices and SBC to trust this new CA Cert.

MC540239 · Published Apr 11, 2023
SIP certificate to MSPKI Certificate Authority change

How this affects your organization:
The new Root CA “DigiCert Global Root G2” is widely trusted by operating systems including Windows, macOS, Android, and iOS and by browsers such as Microsoft Edge, Chrome, Safari, and Firefox. However, it is likely that your SBC has a certificate root store that is manually configured, and it needs to be updated. SBCs that do not have the new Root CA in their list of acceptable CAs will receive certificate validation errors, which may impact the availability or function of the service. Please refer to SBC vendor documentation on how to update the accepted certificate list on your SBC.

Today, the TLS certificates used by Microsoft SIP interfaces chain up to the following Root CA: 

  • Common Name of the CA: Baltimore CyberTrust Root
  • Thumbprint (SHA1): d4de20d05e66fc53fe1a50882c78db2852cae474

New TLS certificates used by Microsoft SIP interfaces will now chain up to the following Root CA:

  • Common Name of the CA: DigiCert Global Root G2
  • Thumbprint (SHA1): df3c24f9bfd666761b268073fe06d1cc8d4f82a4

The new CA certificate can be downloaded directly from DigiCert: DigiCert Global Root G2

What you can do to prepare:
Review your current Microsoft SIP interfaces and update as appropriate.

Let’s see how to manage this task on a Ribbon SBC

How to import DigiCert Global Root G2 CA Cert on Ribbon SBC

1. First of all. download the new DigiCert Global Root G2 CA Cert from https://cacerts.digicert.com/DigiCertGlobalRootG2.crt

2. Login on your Ribbon SBC and go to Tasks -> SBC Easy Setup -> Certificates -> Trusted CAs

3. Click on the first Icon to Import Trusted CA Certificate

4. Select File Upload Mode -> click Select File to import DigiCertGlobalRootG2.crt (DigiCert Global Root G2 CA Cert) -> Ok then Ok again to confirm the import.

5. Verify that the DigiCert Global Root G2 CA Cert is correctly present and installed.
The Serial Number is 033AF1E6A711A9A0BB2864B11D09FAE5
It’s correct and normal to see “Certificate is Self-Signed” under Issuer

That’s all.
As always, I hope this could help some of you.
Best Regards
Luca

2 thoughts on “How to import DigiCert Global Root G2 CA Cert on Ribbon SBC

Add yours

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

Up ↑