Can I use my company's TLS certificate for API requests using the Twilio CLI?

Transport Layer Security (TLS) ensures data security during communication over a network. In modern browsers, a lock icon next to the address bar usually indicates a connection secured over TLS.

Some companies have restricted environments where some or all external outbound traffic is proxied through specialized equipment that provides visibility into encrypted traffic. In order to do this, the company might install additional CA certificates on each machine in the correct location for your trust store.

By proxying the external traffic using their own TLS certificate, the company is able to decrypt traffic from the machine to their server, then re-encrypt it before handing it off to the external outbound destination (such as the Twilio API). These certificates will also ensure that the lock icon will still be indicated next to the URL in the address bar when using a browser.

If you receive an error message such as  Error: unable to get local issuer certificate when using the Twilio CLI, you can take the following steps to resolve the connectivity issue:

If the above steps do not work, we recommend that you work with your company's Information Technology department to add *.twilio.com domains to their allow-list so that TLS traffic to Twilio will not be proxied.

Why doesn't the Twilio CLI use the bundle of trusted CA certificates already installed on my work machine?

The Twilio CLI is built using NodeJS which uses its own list of trusted CA certificates instead of a default trust store. 

Summary

If you encounter TLS issues when making Twilio API requests using the CLI, you may need to set an environment variable for your company's CA certificates.

Additional resources

Have more questions? Submit a request
Powered by Zendesk