Managing 50+ on-prem Edge appliances and I’m tired of manually updating the TLS certificates every year. I’m trying to automate this using the Platform API.
I can upload the certificate to the ‘Certificate Store’ using POST /api/v2/telephony/providers/edges/certificates. But how do I then ‘Assign’ that certificate to a specific Edge appliance for the ‘Edge Web Server’ and ‘SIP’ functions? I can’t find a PUT endpoint that takes an edgeId and a certificateId.
The assignment is part of the Edge’s ‘Service Configuration’. You need to look at PUT /api/v2/telephony/providers/edges/{edgeId}. In the request body, there’s an edgeGroup or a direct certificate reference depending on whether your Edge is in an Edge Group.
Be very careful—updating the certificate via API triggers an immediate restart of the Edge’s media service. If you do this during business hours, you will drop all active calls on that Edge! Always schedule your API script to run during a maintenance window.
To build on Bia’s point, I’ve done this for several GC + Bold360 integrations where the Edge needed custom certs. If you are using ‘BYOC Premises’, you also need to ensure the certificate chain (Intermediate and Root) is uploaded as a single bundle. If you only upload the Leaf certificate via the API, the Edge will fail the TLS handshake with your SBCs.
I’m currently debugging an inherited implementation where the previous contractor tried to automate this and broke half the Edges. The ‘Gotcha’ we found was the version field. When you PUT the Edge configuration, you must include the current version number of the Edge object, or the API will return a 409 Conflict. You have to GET the Edge first, increment the version (or just use the one you got), and then PUT the update.