Erwin Bierens

Knowledge is Power

Microsoft Teams - Direct Routing Root Certificates Update

2022-10-05 1 min read Microsoft Teams

On May 12, 2025, the current root certificate “Baltimore CyberTrust Root” expires. This certificate now handles the encryption of Microsoft Teams but also Azure Communication Services and even still the old Skype for Business Online components.

The transition to the new root certificates has started by Microsoft in January 2022 and will be completed this month, October 2022. In case you are using Direct Routing with your Microsoft 365 tenant you probaly have uploaded the Baltimore CyberTrust Root certificate in to your SBC.

The current TLS certificate now uses:

Common Name of the CA Thumbprint (SHA1)
Baltimore CyberTrust Root d4de20d05e66fc53fe1a50882c78db2852cae474

The new TLS certificated used by Microsoft 365 services will chain up with one of the following Root CA’s.

Common Name of the CA Thumbprint (SHA1)
DigiCert Global Root G2 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
Microsoft RSA Root Certificate Authority 2017 73a5e64a3bff8316ff0edccc618a906e4eae4d74
Microsoft ECC Root Certificate Authority 2017 999a64c37ff47d9fab95f14769891460eec4c3c5

Because Microsoft is only providing the CRT files on their website, i’ve converted these to PEM and CER (Always check the thumbprint (SHA1) with the above table before using).

You can download the certificates over here.

The baltimore CyberTrust will still work till May 12, 2025 but make sure you will add these “new” root certificates to your SBC.

Source: Microsoft Office Certificate Changes

comments powered by Disqus