I am running the current version of the FreePBX distro and email below from Twilio, which I am sure lots of folks got. I downloaded the ca-bundle.crt and can not figure out how to install it. I put it in /etc/asterisk/keys but can not import it. Any ideas on how to get this entered as they indicate?
You’re receiving this email from Twilio because you’re a current Twilio Programmable Voice SIP Interface and/or Elastic SIP trunking customer that uses SIP over TLS in our Ashburn/US1 edge location.
What do you need to know?
Effective June 22, 2023, the TLS certificate used by Twilio’s SIP infrastructure will expire. To ensure that you can continue to connect with Twilio using SIP, your SIP infrastructure must trust the root Certificate Authority (CA) that our certificates are signed with.
Why is this happening?
As part of our regular maintenance to our systems, we annually renew the TLS certificate used by our SIP infrastructure. We try to keep the same root CA when possible; however, with the latest upgrade of the certificate on our Ashburn/US1 SIP edge, the root CA is different from the one we previously used. This is due to our signing authority, Digicert, changing the version of their root CA in accordance with Mozilla’s distrust policy.
What do you need to do?
Make sure your equipment trusts all CA listed in our public documentation and download our trusted CA bundle by June 22, 2023.
The following certificates are critical to connecting your equipment with Twilio:
DigiCert Global Root G2 (new)
You can download the new certificate directly from Digicert.
DigiCert Global Root CA (old)
For more information, review Elastic SIP Trunking - Importing Twilio’s Root CA Certificate (Elastic SIP Trunking | Twilio) and Programmable Voice SIP Interface - Importing Twilio’s Root CA Certificate. You can also refer to the vendor(s) of your SIP infrastructure on how to load the CA in your servers.
What if you don’t take action?
If you don’t take action, all Programmable Voice SIP and/or Elastic SIP Trunking calls that use TLS for encryption will fail after June 22, 2023.