I am running Debian 10 with a new[er] load of the latest root certificates from Mozilla. Comparing the certificate 1199354 supplied by Telnyx and the USERTrust certificate from Mozilla they appear to be the same yet Asterisk chokes unless “verify_server=no”. This is not a show stopper but appears to be a possible flaw in pjlib according to their web page(s). I was just wondering about the (Asterisk) error and surprised that the server could not be “verified” but yet still appears to connect successfully.
OCSP The CA No OCSP URL available
I think I found the source of the discrepancy. It may be a temporary break in the certificate system. https://www.digicert.com/blog/ocsp-times-and-what-they-mean-for-you reads “If CRL not accessible, by default the certificate is trusted.” So it appears Asterisk is working Ok. Whether or not PJlib is correctly reporting “untrusted” may be up for debate.