In case someone will face the same problem, here is the the correct certificate to add to Kamailio CA list: https://baltimore-cybertrust-root.chain-demos.digicert.com/info/index.html

Thank you!

ср, 11 трав. 2022 р. о 16:55 Володимир Іванець <volodyaivanets@gmail.com> пише:
Hello all!

According tothe "SBC doesn’t trust SIP proxy certificate" section from https://docs.microsoft.com/en-us/microsoftteams/troubleshoot/phone-system/direct-routing/sip-options-tls-certificate-issues I had to download and add their certificates to the CA list. I did that but Kamailio still fails to verify MS certificate.

Did anyone faced this problem?

Thank you!

вт, 10 трав. 2022 р. о 17:17 Володимир Іванець <volodyaivanets@gmail.com> пише:
Hello Olle!

Thank you for the hint! I checked my test server where the connection was working before and now I see the same problem. Looks like Microsoft could update certificate on their side. Will try to find appropriate root and intermediate certificates.

Thanks a lot!

чт, 5 трав. 2022 р. о 17:52 Olle E. Johansson <oej@edvina.net> пише:
tls_dump_cert_info(): tls_connect: server certificate issuer:/C=US/O=Microsoft Corporation/CN=Microsoft RSA TLS CA 01

THis is not sectigo signed - is my guess. It’s the other sides cert that Kamailio can’t verify. You need to add that CA cert to the Kamailio CA store.

/O

On 5 May 2022, at 14:09, Володимир Іванець <volodyaivanets@gmail.com> wrote:

tls_dump_cert_info(): tls_connect: server certificate issuer:/C=US/O=Microsoft Corporation/CN=Microsoft RSA TLS CA 01

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
  * sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users