Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1675
Views
3
Helpful
7
Replies

MS Teams Direct routing with Cube - Digicert Root cert update

Go to solution
pavelherc
Level 1
Level 1

‎05-31-2023 01:45 AM

Hello, 

I have a question about the MS teams direct routing Ca Certificate upgrade. 

Is it ok only to create another trustpoint on the cube with

crypto pki trustpoint <trustpoint name> 

crypto pki authenticate <trustpoint name>

or are there more steps to do when the cubes already are connected to microsoft teams cloud?

 

Thank you

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
b.winter
VIP
VIP
In response to pavelherc

‎05-31-2023 02:43 AM - edited ‎05-31-2023 02:59 AM

You only need the Base64 code of the new cert:

 

crypto pki trustpoint <new-tp>
 enrollment terminal
 revocation-check none
!
crypto pki authenticate <new-tp>
=> paste the Base64 here

Edit: The trustpoint name is just an identifier, it has nothing to do with the certificate name

 

View solution in original post

7 Replies 7

Go to solution
b.winter
VIP
VIP

‎05-31-2023 01:47 AM

If it's already connected to MS Teams, you should already have a trustpoint. So why do you need another one?

0 Helpful

Go to solution
pavelherc
Level 1
Level 1
In response to b.winter

‎05-31-2023 02:17 AM

Hi, 

there is an information to add the Digicert Root G2 ca cert to the cubes as  the MS Baltimore CA willl not be valid this year. 
https://learn.microsoft.com/en-us/microsoft-365/compliance/encryption-office-365-tls-certificates-changes?view=o365-worldwide

So I understood from that that if the cubes  have the Baltimore root CA then the new certificate should be added also as a trustpoint (something like when I add the new CA to the truststore of CUCM for tomcat service e.g.)

0 Helpful

Go to solution
b.winter
VIP
VIP
In response to pavelherc

‎05-31-2023 02:22 AM

Ok, now I got what you mean.
And yes, just add another trust point for the new Cert, like you did for the "old" Baltimore CA.

0 Helpful

Go to solution
pavelherc
Level 1
Level 1
In response to b.winter

‎05-31-2023 02:30 AM

Ok, and that is the point, that I  didnt configured it yet so  I am trying to find out how to do it.

from my understanding I need only to set the trustpoint name and then authenticate  the  root ca from .pem file ? (no new key generation or so)

the name of the trustpoint has to be the same as certificate or it is only the "identifier"?

I have tested it on the gns3 but I found out that I can copy  only 255 characters from the cert, and then it will stop. is there some setting on the ios how I can pass this ?

0 Helpful

Go to solution
b.winter
VIP
VIP
In response to pavelherc

‎05-31-2023 02:43 AM - edited ‎05-31-2023 02:59 AM

You only need the Base64 code of the new cert:

 

crypto pki trustpoint <new-tp>
 enrollment terminal
 revocation-check none
!
crypto pki authenticate <new-tp>
=> paste the Base64 here

Edit: The trustpoint name is just an identifier, it has nothing to do with the certificate name

 

Go to solution
pavelherc
Level 1
Level 1
In response to b.winter

‎05-31-2023 04:20 AM

Thanks a lot for the help. I will try this procedure on the cubes. 

0 Helpful

Go to solution
pavelherc
Level 1
Level 1
In response to b.winter

‎06-05-2023 12:29 AM

worked perfectly, thanks a lot once again. 

0 Helpful
Customers Also Viewed These Support Documents