1. Zoom Support
  2. Advanced
  3. Network and Firewall

Related articles

Updating root certificates for SIP-based devices

Last Updated:

To maintain Zoom’s high-security standards regarding Zoom applications, connectivity, and media across the Zoom Phone platform, Zoom will begin transitioning its global infrastructure to DigiCert Global Root G2 signed certificates. To ensure that the services continue functioning, admins may need to install new certificates. A quick summary of the various services that will be affected is shown below:

Device Type Date of change

Devices utilizing the Cloud Room Connector

January 1, 2024

Bring your own carrier - Premises (BYOC-Premises)

Beginning August 1, 2023

Generic SIP devices for Zoom Phone

Beginning August 1, 2023

SIP-connected audio devices

January 1, 2024

This article covers:

How does this affect Zoom Phone?

Zoom is currently in the process of transitioning our root certificate from DigiCert Root CA to DigiCert Global Root G2. As part of this change, customers will be required to upload the DigiCert Global Root G2 into their session border controller (SBC) to ensure that BYOC/BYOP trunks that are configured for TLS continue to operate after the certificate change. These certificates will also need to be uploaded to Generic devices to continue to operate after the certificate change. These changes will need to be implemented before August 1, 2023.

Note: To ensure operation, the current DigiCert Root CA certificates will need to remain on the device until Zoom has updated the new certificates.

For additional resources on how to update the certificates on Session Border Controllers, please see the links below or visit your phone manufacturer’s website.

How does this affect SIP-based room systems?

Zoom is currently in the process of transitioning our root certificate from DigiCert Root CA to DigiCert Global Root G2. As part of this change, customers will be required to upload the DigiCert Global Root G2 to ensure their SIP-based devices utilized for meetings are utilizing the following certificates for Zoom Meetings by January 1, 2024https://cacerts.digicert.com/DigiCertGlobalRootCA.crt

Note: To ensure operation, the current DigiCert Root CA certificates will need to remain on the device until Zoom has updated the new certificates.

How to download root certificates for adding manually

Current root and intermediate certificate

Current root certificate

DigiCert Global Root CA

Downloads

PEM format: https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem

DER format: https://cacerts.digicert.com/DigiCertGlobalRootCA.crt
Valid until date 10/Nov/2031
Serial number 08:3B:E0:56:90:42:46:B1:A1:75:6A:C9:59:91:C7:4A
SHA1 Fingerprint A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
SHA256 Fingerprint 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61

 

Current immediate certificate

DigiCert TLS RSA SHA256 2020 CA1 certificate

Downloads

PEM format: https://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt.pem 

DER format: https://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt 
Valid until date 13/Apr/2031
Serial number 06:D8:D9:04:D5:58:43:46:F6:8A:2F:A7:54:22:7E:C4
SHA1 Fingerprint 1C:58:A3:A8:51:8E:87:59:BF:07:5B:76:B7:50:D4:F2:DF:26:4F:CD
SHA256 Fingerprint 52:27:4C:57:CE:4D:EE:3B:49:DB:7A:7F:F7:08:C0:40:F7:71:89:8B:3B:E8:87:25:A8:6F:B4:43:01:82:FE:14

 

New root and intermediate certificates

Root certificates

We currently issue certificates through DigiCert. If the root certificate is not in your system's trust store, it may need to be added manually. Below are the current certificates organizations should utilize by January 1, 2024: 

DigiCert Global Root G2 certificate

Downloads

PEM format: https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem

DER format: https://cacerts.digicert.com/DigiCertGlobalRootG2.crt 
Valid until date 15/Jan/2038
Serial number 03:3A:F1:E6:A7:11:A9:A0:BB:28:64:B1:1D:09:FA:E5
SHA1 Fingerprint DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4
SHA256 Fingerprint CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F

 

DigiCert TLS RSA4096 Root G5 certificate

Downloads PEM format: https://cacerts.digicert.com/DigiCertTLSRSA4096RootG5.crt.pem 
DER format: https://cacerts.digicert.com/DigiCertTLSRSA4096RootG5.crt 
Valid until date 14/Jan/2046
Serial number 08:F9:B4:78:A8:FA:7E:DA:6A:33:37:89:DE:7C:CF:8A
SHA1 Fingerprint A7:88:49:DC:5D:7C:75:8C:8C:DE:39:98:56:B3:AA:D0:B2:A5:71:35
SHA256 Fingerprint 37:1A:00:DC:05:33:B3:72:1A:7E:EB:40:E8:41:9E:70:79:9D:2B:0A:0F:2C:1D:80:69:31:65:F7:CE:C4:AD:75

Intermediate certificates

In rare instances, a system may require the intermediate certificate to be added manually:

DigiCert Global G2 TLS RSA SHA256 2020 CA1

Downloads

PEM format: https://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt.pem 
DER format: https://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt 
Valid until date 29/Mar/2031
Serial number 0C:F5:BD:06:2B:56:02:F4:7A:B8:50:2C:23:CC:F0:66
SHA1 Fingerprint 1B:51:1A:BE:AD:59:C6:CE:20:70:77:C0:BF:0E:00:43:B1:38:26:12
SHA256 Fingerprint C8:02:5F:9F:C6:5F:DF:C9:5B:3C:A8:CC:78:67:B9:A5:87:B5:27:79:73:95:79:17:46:3F:C8:13:D0:B6:25:A9

 

DigiCert G5 TLS RSA4096 SHA384 2021 CA1

Downloads

PEM format: https://cacerts.digicert.com/DigiCertG5TLSRSA4096SHA3842021CA1-1.crt.pem 
DER format: https://cacerts.digicert.com/DigiCertG5TLSRSA4096SHA3842021CA1-1.crt 
Valid until date 13/Apr/2031
Serial number 0E:64:58:E7:54:EC:9C:C7:BA:C8:32:31:D5:F9:4D:58
SHA1 Fingerprint 81:5C:D8:FF:64:BE:AC:E0:7E:F8:F2:F9:D5:33:01:1F:A4:79:36:58
SHA256 Fingerprint C6:27:0A:15:06:91:FB:E1:90:D8:31:F5:13:9B:DF:EE:CF:7B:29:8B:4F:A0:CA:17:30:6A:69:D7:E9:1E:7B:A2

 

For more information on downloading Digicert certificates, please Digicert Support.

Zoom Community

Join the 250K+ other members in the Zoom Community! Login with your Zoom account credentials and start collaborating.