SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site, support.twilio.com, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to help.twilio.com, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

Store SSL Certificate to make HTTP Requests From Twilio

Issue

When the Studio Flow attempts to make the HTTP request, it fails with a 400 error: "No required SSL certificate was sent." Is it possible to upload and install ones custom client SSL certificate on Twilio’s side to enable mutual TLS (mTLS) for outbound requests from Studio or Twilio Functions?

 

Product

Twilio Functions

 

Environment

legacy Twilio Console

 

Cause

The target endpoint is configured to require mutual TLS (mTLS). Twilio Studio’s HTTP Request widget cannot attach a client TLS certificate/private key to outbound requests, so the TLS handshake completes without a client certificate. The upstream server (or gateway) rejects the connection/request and returns 400: No required SSL certificate was sent. 

Additionally, providing only a .crt (or configuring it as a ca) does not enable mTLS; mTLS requires a client certificate and its private key (cert + key) to be sent by the client.

 

Resolution

We can make use of Assets (Legacy) and upload the .crt file and then make use of this asset to use the certificate to make HTTP requests from Functions. Once you upload the certificate, below is an example code:

const https = require('https');

exports.handler = function(context, event, callback) {
    const certContent = 'https://xxxxxxxxxxx.twil.io/assets/yourdomain.crt'
    const agent = new https.Agent({
        ca: certContent,
        rejectUnauthorized: false
    });
    const options = {
        hostname: 'yourserverurl.com',
        port: 443,
        path: '/',
        method: 'POST',
        agent: agent
    };
    const req = https.request(options, (res) => {
        let data = '';
        res.on('data', (chunk) => data += chunk);
        res.on('end', () => {
            console.log('Response received');
            callback(null, JSON.parse(data));
        });
    });
    req.on('error', (e) => {
        console.error(`Request failed: ${e.message}`);
        callback(e);
    });
    req.end();
};

Note: The Twilio function services doesn’t allows to upload .crt files it only allows to upload .key file.
 

Have more questions? Submit a request
We can’t wait to see what you build.
Powered by Zendesk