How to check that I trust Vonage TLS Certificate?

Objective

How do I check my local environment trusts the Root CA used to sign certificates for *.nexmo.com and *.vonage.com?

Context

Our endpoints use TLS certificates signed by public certificate authorities to ensure the security of our communications with customers and partners.

Applies To

• All secure protocols (HTTPS, SIPS, SMPPS)

Procedure

Run the following command from a console terminal to see if the Root CA that signed our Vonage domain certificate is trusted in your environment.

OpenSSL commands

For HTTPS

$ openssl s_client -connect rest.nexmo.com:443 -showcerts < /dev/null 2>/dev/null

For SIP

$ openssl s_client -showcerts -connect sip-us.vonage.com:5061 </dev/null 2>/dev/null

For SMPP

$ openssl s_client -connect smpp1.nexmo.com:8008 </dev/null 2>/dev/null

$ openssl s_client -connect smpp-us.vonage.com:8098  </dev/null 2>/dev/null

$ openssl s_client -connect api-g2-testing.api-eu.prod.v1.vonagenetworks.net:443 < /dev/null 2>/dev/null

Windows with Powershell:

dir Cert:\CurrentUser\AuthRoot

Expected Results:

OpenSSL should return a 0 (ok) as a verification result in all cases. 

Verify return code: 0 (ok) 

Windows should return the G2 root certificate in the list of trusted root certificates

DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US

Additional Information

This is not computing infrastructure specific and applies to the physical machine, VM, container image, or Kubernetes cluster like AWS EKS where your service is running. If your environment is not installed with the root CA, use standard best practices and trust the Certificate Authority (DigiCert), which signed our certificate. Digicert’s root certificates can be found here.