cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
997
Views
3
Helpful
7
Replies

MS Teams Direct routing with Cube - Digicert Root cert update

pavelherc
Beginner
Beginner

Hello, 

I have a question about the MS teams direct routing Ca Certificate upgrade. 

Is it ok only to create another trustpoint on the cube with

crypto pki trustpoint <trustpoint name> 

crypto pki authenticate <trustpoint name>

or are there more steps to do when the cubes already are connected to microsoft teams cloud?

 

Thank you

 

1 Accepted Solution

Accepted Solutions

You only need the Base64 code of the new cert:

 

crypto pki trustpoint <new-tp>
 enrollment terminal
 revocation-check none
!
crypto pki authenticate <new-tp>
=> paste the Base64 here

Edit: The trustpoint name is just an identifier, it has nothing to do with the certificate name

 

View solution in original post

7 Replies 7

b.winter
VIP
VIP

If it's already connected to MS Teams, you should already have a trustpoint. So why do you need another one?

Hi, 

there is an information to add the Digicert Root G2 ca cert to the cubes as  the MS Baltimore CA willl not be valid this year. 
https://learn.microsoft.com/en-us/microsoft-365/compliance/encryption-office-365-tls-certificates-changes?view=o365-worldwide

So I understood from that that if the cubes  have the Baltimore root CA then the new certificate should be added also as a trustpoint (something like when I add the new CA to the truststore of CUCM for tomcat service e.g.)

Ok, now I got what you mean.
And yes, just add another trust point for the new Cert, like you did for the "old" Baltimore CA.

Ok, and that is the point, that I  didnt configured it yet so  I am trying to find out how to do it.

from my understanding I need only to set the trustpoint name and then authenticate  the  root ca from .pem file ? (no new key generation or so)

the name of the trustpoint has to be the same as certificate or it is only the "identifier"?

I have tested it on the gns3 but I found out that I can copy  only 255 characters from the cert, and then it will stop. is there some setting on the ios how I can pass this ?

You only need the Base64 code of the new cert:

 

crypto pki trustpoint <new-tp>
 enrollment terminal
 revocation-check none
!
crypto pki authenticate <new-tp>
=> paste the Base64 here

Edit: The trustpoint name is just an identifier, it has nothing to do with the certificate name

 

Thanks a lot for the help. I will try this procedure on the cubes. 

worked perfectly, thanks a lot once again. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: