How to download CA for PBX local default certificate?

Some phones I’m configuring (Cisco) require the PBX’s CA .pem to be downloaded to the phone in order for TLS to work.
In this deployment they require TLS encryption for all calls, even internal, so I need to make these phones register with TLS and they require me to input the Custom CA rule which is a URL to the .pem CA file. Please advise what is the link to the default certificate’s local CA file on the FreePBX server. Thanks

Are you using a Lets Encrypt certificate, or a local root CA (often not entirely accurately referred to as self signed (all root CA’s are self signed))? For a Lets Encrypt certificate, you should be looking to Let Encrypt for the root and intermediate CAs.

In this instance it is a local root CA (“self-signed”) so I need to get the link for its location

Someone else will have to say where the GUI puts it, but I’m pretty sure it is not exposed as a URL. From a security point of view that wouldn’t be best practice, as you would be fetching it from an untrusted source.

I can’t find an official way to export it.

It would be better practice to handle your certificate generation offline, e.g. see FreePBX SSL Certificates 🔐, as you won’t be leaving the CA private key on an operational machine, and there do seem to be full import facilities.