In case someone will face the same problem, here is the the correct
certificate to add to Kamailio CA list:
https://baltimore-cybertrust-root.chain-demos.digicert.com/info/index.html
Thank you!
ср, 11 трав. 2022 р. о 16:55 Володимир Іванець <volodyaivanets(a)gmail.com>
пише:
Hello all!
According tothe "SBC doesn’t trust SIP proxy certificate" section from
https://docs.microsoft.com/en-us/microsoftteams/troubleshoot/phone-system/d…
I had to download and add their certificates to the CA list. I did that but
Kamailio still fails to verify MS certificate.
Did anyone faced this problem?
Thank you!
вт, 10 трав. 2022 р. о 17:17 Володимир Іванець <volodyaivanets(a)gmail.com>
пише:
> Hello Olle!
>
> Thank you for the hint! I checked my test server where the connection was
> working before and now I see the same problem. Looks like Microsoft could
> update certificate on their side. Will try to find appropriate root and
> intermediate certificates.
>
> Thanks a lot!
>
> чт, 5 трав. 2022 р. о 17:52 Olle E. Johansson <oej(a)edvina.net> пише:
>
>> tls_dump_cert_info(): tls_connect: server certificate
>> issuer:/C=US/O=Microsoft Corporation/CN=Microsoft RSA TLS CA 01
>>
>> THis is not sectigo signed - is my guess. It’s the other sides cert that
>> Kamailio can’t verify. You need to add that CA cert to the Kamailio CA
>> store.
>>
>> /O
>>
>> On 5 May 2022, at 14:09, Володимир Іванець <volodyaivanets(a)gmail.com>
>> wrote:
>>
>> tls_dump_cert_info(): tls_connect: server certificate
>> issuer:/C=US/O=Microsoft Corporation/CN=Microsoft RSA TLS CA 01
>>
>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>> * sr-users(a)lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>> *
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>