SIP Trunking Supported Root Certificate Authorities

Introduction

For TLS encrypted SIP Trunks, only the following list of Root Certificates are supported. If your device is using a certificate with a chain that resolves to a root certificate authority that is not on the list, connections will be rejected.

Trusted Root Certificate Authorities (ECC)

• COMODO ECC Certification Authority
  • SHA-1 Fingerprint: 9F744E9F2B4DBAEC0F312C50B6563B8E2D93C311
• DigiCert Global Root G3
  • SHA-1 Fingerprint: 7E04DE896A3E666D00E687D33FFAD93BE83D349E
• DigiCert TLS ECC P384 Root G5
  • SHA-1 Fingerprint: 17F3DE5E9F0F19E98EF61F32266E20C407AE30EE
• ISRG Root X2
  • SHA-1 Fingerprint: BDB1B93CD5978D45C6261455F8DB95C75AD153AF
• Sectigo Public Server Authentication Root E46
  • SHA-1 Fingerprint: EC8A396C40F02EBC4275D49FAB1C1A5B67BED29A
• SSL.com EV Root Certification Authority ECC
  • SHA-1 Fingerprint: 4CDD51A3D1F5203214B0C6C532230391C746426D
• SSL.com Root Certification Authority ECC
  • SHA-1 Fingerprint: C3197C3924E654AF1BC4AB20957AE2C30E13026A
• SSL.com TLS ECC Root CA 2022
  • SHA-1 Fingerprint: 9F5FD91A546DF50C71F0EE7ABD1749988473E239
• USERTrust ECC Certification Authority
  • SHA-1 Fingerprint: D1CBCA5DB2D52A7F693B674DE5F05A1D0C957DF0

Trusted Root Certificate Authorities (RSA)

• COMODO RSA Certification Authority
  • SHA-1 Fingerprint: AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
• DigiCert Global Root G2
  • SHA-1 Fingerprint: DF3C24F9BFD666761B268073FE06D1CC8D4F82A4         
• DigiCert TLS RSA4096 Root G5
  • SHA-1 Fingerprint: A78849DC5D7C758C8CDE399856B3AAD0B2A57135
• DigiCert Trusted Root G4
  •          SHA-1 Fingerprint: DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
• GlobalSign Root CA - R3
  • SHA-1 Fingerprint: D69B561148F01C77C54578C10926DF5B856976AD
• GlobalSign Root CA - R6
  • SHA-1 Fingerprint: 8094640EB5A7A1CA119C1FDDD59F810263A7FBD1
• GoDaddy Root Certification Authority - G2
  • SHA-1 Fingerprint: 47BEABC922EAE80E78783462A79F45C254FDE68B
• ISRG Root X1
  • SHA-1 Fingerprint: CABD2A79A1076A31F21D253635CB039D4329A5E8
• QuoVadis Root CA 1 G3
  • SHA-1 Fingerprint: 1B8EEA5796291AC939EAB80A811A7373C0937967
• QuoVadis Root CA 2 G3
  • SHA-1 Fingerprint: 093C61F38B8BDC7D55DF7538020500E125F5C836
• QuoVadis Root CA 3 G3
  • SHA-1 Fingerprint: 4812BD923CA8C43906E7306D2796E6A4CF222E7D
• Sectigo Public Server Authentication Root R46
  • SHA-1 Fingerprint: AD98F9F3E47D753B65D482B3A45217BB6EF5E438
• SSL.com EV Root Certification Authority RSA R2
  • SHA-1 Fingerprint: 743AF0529BD032A0F44A83CDD4BAA97B7C2EC49A
• SSL.com Root Certification Authority RSA
  • SHA-1 Fingerprint: B7AB3308D1EA4477BA1480125A6FBDA936490CBB
• SSL.com TLS RSA Root CA 2022
  • SHA-1 Fingerprint: EC2C834072AF269510FF0EF203EE3170F6789DCA
• Starfield Root Certificate Authority - G2
  • SHA-1 Fingerprint: B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E
• USERTrust RSA Certification Authority
  • SHA-1 Fingerprint: 2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
• VeriSign Universal Root Certification Authority
  • SHA-1 Fingerprint: 3679CA35668772304D30A5FB873B0FA77BB70D54
• Verizon Global Root CA
  • SHA-1 Fingerprint: 912198EEF23DCAC40939312FEE97DD560BAE49B1

How Do I Find The Root Certificate Authority For My Device Certificate

On Windows you can double click the certificate to view it, navigate to the Certification Path tab, select the first certificate in the chain and click the View Certificate button.

On that new certificate navigate to the Details tab and check the thumbprint matches any from the list above.