making security even easier

MS Teams - Direct Routing -Ribbon SBC – SWe Lite - Microsoft's certificate issue

A small note on the Ribbon SBC – SWe Lite configuration. 

Ribbon Communications Session Border Controller Software Edition Lite (SBC SWe Lite) is marketed as the easiest way to connect and secure Microsoft Phone System using Direct Routing to connect to a Communications Service Provider. After some experiments with deploying the solution using its "QuickLaunch" template, I discovered a glitch that may cause headaches to other users as well, so hopefully they will search for the error and see my blog post.

So, when going to and [+] Create Resouce, you can search for "SBC SWe Lite ➲ Quick Launch" option, which will launch a simple wizard which will configure the VM to meet all the requirements. A quick guide video is here.

If you follow the steps, when trying to connect, you may see this error in the logs:

Invalid CA, cert chain was too long, or cert chain import was not complete.

It took me some time to realize that this is not my SBC's certificate, the error was about Microsoft's CA:

Verify peer certificate depth=1, issuer: /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root, subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT TLS CA 4 error: 20(unable to get local issuer certificate)

The solution is simple, go to Tasks -> SBC Easy Setup -> Certificates and upload the root CA certificate used by Microsoft to SBC's Trusted CAs.

You can get the root cert from here or here




<< Go back to the previous page

G+ profile

follow me : github, habrahabr , linkedin
Feel free to contact me directly :
emin --at huseynov --dot com

Other projects

Google authenticator for Citrix StoreFront
Google authenticator for Citrix Web Interface 5.4
MOTP App with QR based enrolment

Not security related