TLS Certificate for SMS Gateway Question

[Zach Skidmore]

Hi everyone,

Our institution uses PWM and have it integrated with an SMS Gateway (Twilio). We have the gateway's TLS certificate imported into our configuration it works, but I would like to avoid outages every time Twilio rotates the TLS Certificate (it appears they do this even before the current one expires). I know I can update it when it rotates, but that means its an outage we react to everytime. Has anyone found a way to avoid this approach? Twilio's TLS certificate is a Digicert which is trusted by common OSes, so it would be nice if PWM didn't require it to be imported, but it appears that it does. 

Thanks!

-Zach

[Jason Rivard]

If you have this setting set to CA when you do the import PWM will import the root CA cert instead of the endpoint cert, and use the CA cert for validation.  As long as they keep the CA this should work at the expense of degraded security. 

 Settings ⇨ Security ⇨ Application Security ⇨ Certificate Validation Mode

If you have an older (version and you should definitely not be running anything but the latest in production) or started the config in an older version the default is not CA.

[Zach Skidmore]

Jason,

Thanks for this info!

-Zach