You may or may not have picked this up via various official communication from Microsoft – I defo missed it… Microsoft is changing the Root CA for Teams Direct Routing (along with some other Microsoft 365 workloads).
Microsoft originally released a message back in March this year (2022) under MC343794 titled “Office TLS Certificate Changes”.
Basically, the current Baltimore Root certificate is expiring in May 2025 and Microsoft is changing the CA to DigiCert. Therefore, “all change!”
The change will be implemented over a transition period from January 2022 to October 2022. Microsoft has already updated their “Plan Direct Routing” documentation to mention that you’d need to install both if you use MTLS on your SBC.
However, thinking about it, you really should have the new DigiCert Root certificate and chain loaded regardless if your SBC use TLS or MTLS. Otherwise, your voice service might suffer when Microsoft is completely on the new CA by end of the transition period. Although DigiCert Root and Intermediate certificates are widely trusted by various OS and computer systems, most SBCs would required the trusted Root certificates to be manually loaded. So, check your/your customers’ SBC’s to avoid nasty surprises!
Thank you for reading! Hope I have been helpful!