FreePBX Master Key Update

Hey All,

A few weeks ago, you may have received notification about a security update to add support for an additional FreePBX master key. A few of you asked us “what is this for?” or “what does this mean for FreePBX?”


  • Increase the size of the master key, in order to keep current with security best practices
  • New key provides a faster, more reliable public key infrastructure lookups
  • Invite 3rd party developers with existing signing keys to get their keys re-signed with the new master key


For those that are not familiar with the way that FreePBX uses GPG keys, they are used to cryptographically sign FreePBX modules that are to be installed on a PBX system. As with modern operating systems, the module installer verifies that the modules have been distributed by an authorized source, i.e. the one that owns the FreePBX master key.

This also allows FreePBX to verify that modules have not been tampered with by potential bad actors (such as hackers, for one example) trying to modify the module code to (for instance) insert backdoors into the system. All in all, it’s a very strong “net positive” from a system security perspective and allows administrators to better trust that their FreePBX systems are not compromised.

GPG Master Key Size

Over the years, the standard best practices encouraged administrators to increase the cryptographic key size. We have chosen to increase our key size to 4KB which is inline with more current best practices.

GPG Key Infrastructure

FreePBX utilized the public key infrastructure for verification of 3rd-party-developers’ keys in order to ensure that they were signed by the FreePBX Master key, which is owned by Sangoma.

Infrastructure such as this can be susceptible to external attacks. That kind of an attack could result in a Sangoma public master key “poisoning”, as it’s called. While the word “poison” sounds scary, it does not mean that the key was lost or compromised – it just means that FreePBX module signature verification could take an inexplicably long time or potentially time out due to FreePBX being unable to retrieve the public key from a key server.

In order to work around this problem, FreePBX developers chose to bypass usage of the public key infrastructure by bundling the public side of the FreePBX master key with the FreePBX distribution, effectively making poisoning a non-issue.

What about the old key?

A few of you have seen comments/posts from 3rd parties not affiliated with Sangoma, that claimed or speculated that Sangoma was going to cancel the old key. Comments from sources outside of Sangoma, about what Sangoma may be planning are probably not reliable, so if you ever have any questions or concerns about something of this nature, please contact me or Jared Smith.

We understand that deprecating the old signing key would be very disruptive to the FreePBX community. Thus, there are no current plans at Sangoma to deprecate the old master key. If circumstances in the future change, it would be done in such a way to minimize disruption.

FreePBX modules signed with the old master key and the 3rd-party-signed developer keys will continue to work.

But we do strongly encourage developers with existing signed keys to reach out to us at to have their keys re-signed with the new more secure master key. We also invite any new open source module developers that want to have their keys signed to reach out to us as well.

Separately from the key updates, Sangoma is even exploring ways to offer 3rd party developers access to building and distributing commercial modules. We’ve been asked this a few times over the years and know that historically it was challenging for developers and companies to do so. So we see this as one of the areas we may be able to improve upon and be more flexible, under commercial agreement.

As good stewards of the FreePBX project, Sangoma is working hard to improve and maintain security while offering innovative ways for developers and customers to continue to work with us even more closely and cooperatively in the future.

I would like to conclude by thanking everyone who is involved in pushing the project forward. This includes those of you that help to answer questions in the community forums, submit wiki documentation, contributing patches to the codebase, and any other way you might be contributing. Each person’s efforts in doing so is vital for the life and success of the project.

I wish all of you the best, and look forward to any questions you might have.

Introducing Open Source Pro Tips Video Series

We all know that documentation is very important when you are in need of assistance for anything and everything. Our support and engineering teams have always been there for our community with loads of documentation available at But we want to do even more!

We know that a lot of times a screenshot of a Web GUI config or of a command line snippet can help a lot more than just words on a wiki page. So, what’s even better than an image? A video!

Our support team has huddled together to create a brand new video series that we’re calling Open Source Pro Tips. This video series is designed to help you with all your Asterisk, FreePBX and open source questions, concerns or just general information. Each video will cover a topic most requested by our community and be delivered by one of our experts from our support or engineering teams. There will be one video released each month on our YouTube channel and FreePBX Video Library, as well as our social media accounts (so make sure you follow us too).

Join us in watching the very first video of the Open Source Pro Tips series, FreePBX – First steps after installation!

Leap into the New Year with Our FreePBX Merchandise Store!

For all our community members of FreePBX, Asterisk and open source we thank you for your commitment and contributions. We appreciate your passion for this industry and we want to provide you with yet another way to express it.

We’ve just launched a line of apparel and merchandise which focuses on FreePBX, Asterisk and all things open-source. We plan on giving away various of these items at the shows and conferences which we attend in the next few years. Our goal is to keep things fun here, and give Tango the frog a new way to show his love :). We also brought back the classic FreePBX shirts, as you can see below. (Some of our teammates are pleased to show it off!)

We know that not everyone can attend in-person events where we give away these items, so we are happy to let you know that we also just launched our very first online store where all of these items will be available for purchase. Check it out here!

Take a look around and see if there is anything you want to purchase. And if you have suggestions on other items you would like to see in the store, or available as give-aways at our shows, let us know! Send an email to and provide your feedback.

Happy New Year – A Community Update

Hello everyone…for those of you who don’t know me, I’m Jared Smith, Sangoma’s new Vice President for Open Source Community Development. Ever since I first started using open source telephony software back in 2002, I’ve tried to give back to the community. I’ve done Asterisk consulting, I’ve written Asterisk documentation, I’ve taught Asterisk training classes, and I’ve spoken at dozens of conferences. And I’ve also been involved with the FreePBX project, helping with technical work in the FreePBX code base, speaking at conferences about FreePBX, managing the network infrastructure that underpins Sangoma’s cloud versions of FreePBX/PBXact, and actively participating in the forums, etc. As you can probably tell, I’m very passionate about open source and open source telephony, and I love the people who make this community welcoming!

As Bill Wignall explained in his recent letter, my responsibilities at Sangoma have changed and I now have the amazing opportunity to focus most of my time on open source and community engagement. 2019 was a big year for open source at Sangoma, with the major releases of FreePBX 15 as well as Asterisk 17, and we have a lot planned for 2020 when it comes to both of these projects! The “Care, Engage, Support” theme Bill described for 2020 covers several areas, including technical improvements in the projects and better engagement with you. In this letter I’ll cover some of those details including new capabilities for FreePBX, strengthening the project infrastructure, and some of the efforts we’ll be taking to improve the communication between Sangoma and the open source community.

We are planning significant updates to our open source projects each month for the next while! In late January, we’re releasing updates for FreePBX to support the new, upcoming requirements for emergency calling. With the upcoming deadline for new installations of US telephone systems to comply with various new regulations (such as Kari’s Law and the Ray Baum Act), we want to make sure that your systems are compliant as well. This will also be an important item of interest to our partners who install FreePBX at customers’ sites. Manufacturers, installers, and end-users all have a role to play in making sure their new installations are compliant. These updates will help you configure your new installations to be compliant with the new requirements, and will include features to ensure that emergency calls have a proper outbound DID and that system administrators are notified when a user has called an emergency services number. We will also be adding more information to the FreePBX wiki on best practices for configuring your system for calling emergency services.

In February, we’re doing work to improve pieces of infrastructure used by our open source projects. The team at Sangoma is also putting a renewed emphasis on the key infrastructure that Sangoma provides to the community, such as download mirror servers, the wikis, etc. to make sure that they perform optimally. Once that work has been completed, we will add an article about those changes to the blogs.

In the March/April timeframe, I’ll update you on the significant engineering time we’re investing to modernize some of the internal “plumbing” of FreePBX, to help it keep up with recent technology changes. Some of these changes will improve system performance, and others are focused on security. The development team is also working on a couple of new FreePBX modules to address highly-requested features.

Focusing on the “Engage” aspect of our theme, we have redoubled our efforts at Sangoma to be more involved and communicative with the Asterisk and FreePBX open source communities, and to increase awareness through a number of different initiatives, such as…

  • If you’ve participated in the Asterisk or FreePBX forums lately, you’ve hopefully noticed increased activity by Sangoma engineers. Going forward, you will continue to see more participation from me and from others at Sangoma in the forums.
  • We are working on a series of short videos called Open Source Pro Tips (the first of which was just published) showing tips and tricks that will help you be more effective in your use of Asterisk and FreePBX.
  • AstriCon 2020 is now confirmed for October in Orlando, with more details to come, and I’m thrilled that we are re-launching FreePBX World there as well!
  • A quarterly newsletter focused on our open source projects, the first of which will be published later this month.
  • I will also be soliciting ideas for features and fixes you would most like to see in upcoming versions of both Asterisk and FreePBX. Please look for these “requests for ideas” in the forums beginning this month.
  • A new “Voice of the Community” series in our blogs beginning in February, which will include some guest posts from open source community members.
  • We would also love to hear your success stories with Asterisk and FreePBX! We will share some of these stories in the Voice of the Community series mentioned above.
  • In an effort to keep things fun and interesting, we are also happy to announce the launch of a new online merchandise store. On that site, you can find a variety of products such as t-shirts, mugs, and stickers centered around Asterisk and FreePBX projects. We’ll also be giving away some free items from the store in monthly contests.

I hope you’ve found this community update useful.

And please know that the Asterisk/FreePBX development teams are all here for you. We are completely committed to making the open source telephony ecosystem better each and every month. If you have concerns or questions about either Asterisk or FreePBX, please don’t hesitate to reach out to me on the forums, in IRC, via social media, via email at, or in person at one of the many conferences related to open source telephony. By the way, my next conference will be ITExpo in February, so please say hi if you’re there.

Here’s to a joyous and prosperous 2020!
Jared Smith

Year End Message to our Open Source Community

Hello Everyone,

As a public company CEO, I write a “Letter to Shareholders” once per year, leading up to our Annual General Meeting. But shareholders are one of the multiple ‘key constituencies’ at Sangoma (others would include customers, employees, and yes, our valued open source community). So, as 2019 draws to a close, I thought I’d write to you too, given the importance of the community to Sangoma! I realize it’s turned into a long letter, but open source is critical to Sangoma, so there is lots to cover in a year. And hopefully this will help us to continue increasing communication between Sangoma and the community. Perhaps this can even become a yearly tradition if you find it useful?

At AstriCon this year, in addition to all the discussions about products (and your wishes in that regard), I personally received 3 requests from the community, more than any others: communicate with us more frequently (from all parts of Sangoma right up to the CEO, not just engineering), do so more carefully (ensuring all at Sangoma are sensitive to the perspectives from the community), and give us a chance to engage more with Sangoma (& tell us how to do so). So, here you go!

In this first inaugural letter, I’d like to start modestly by saying that we at Sangoma know we’re not perfect. After all, it’s just a company made up of a good group of (mostly) engineers trying our very best to do a great job for customers, including you. So, while we’re human and imperfect, you have over 300 people doing our sincere best for you every day, and we are “ALL IN” on open source and the community. And if the community is united, we can create an ecosystem that helps so many companies (both users and resellers/integrators alike) build their businesses. Let’s do that together, cooperatively!

Sangoma’s Unwavering Commitment to Open Source

As many of you have heard me say (too many times?), Sangoma takes our stewardship of Asterisk and FreePBX extremely seriously! As I said above, open source is SUCH a major part of what we do. In 2019, we have continued to invest millions & millions of dollars into FreePBX and Asterisk. Over the past several years, Sangoma has grown quickly, becoming a significant company with well over $100 million in revenue. We are the only substantial player in our industry for whom open source is a vital part of our business, arguably the only proven firm with the strategy and financial resources that can continue making these large investments in open source, and we fully intend to maintain our leadership in this category.

And I thought you might be interested to know that our investment in FreePBX and Asterisk, takes many forms, well beyond software development. On the product side, of course it’s true that we spend heavily in engineering, but we also provide community forums (for discussion, feature requests, support), offer free bug fixing, product training (both live and online), technical support, and extensive infrastructure for things like mirror servers and a translation platform. In addition to those product focused initiatives, Sangoma also invests deeply in the broader open source telephony ecosystem, helping to support/grow it with our own conferences and user meetings, by supporting other open source projects (by using them in our products, speaking at their conferences and inviting them our events), by encouraging better inter-op between projects, etc. No one else comes close to Asterisk’s 25 million downloads!

Executive Appointment of Sangoma’s new Open Source Leader

As those of you at AstriCon heard, Sangoma has appointed Jared Smith as Vice President of Open Source Community Development. I’m very proud to have an executive of Jared’s stature leading us in this area! Jared has tremendous experience in open source, has contributed code for over 20 years, and is well known/respected by many of you. He has worked on Asterisk, FreePBX, Red Hat’s Fedora Project, and ran the open source programs at Bluehost & Capital One.

Jared will focus on growing the Asterisk/FreePBX communities, ensuring we are meeting YOUR needs. You will be hearing more from him in the next week, but central to Jared’s role is our desire to work much more collaboratively with the community, have you more directly determine the product direction, and to ensure Sangoma communicates with you in a more respectful/professional manner, without any rude or antagonistic tendencies in forums/etc. Everyone knows Sangoma’s pedigree in open source, but our company’s commitment to it was concentrated too much in too few people. I take responsibility for that, and with Jared’s help, we are changing that. Please give him a warm welcome!

Product/Software Development

We know that (of course!) you care more about Sangoma’s development of the software you depend upon, than anything else we say. In Jared’s words: “Hey Bill, the community is going to look at our actions more than our words. Open source communities are obviously technical and therefore can be pretty skeptical about what companies say. They are really good at looking past marketing language and evaluating whether or not a company really does what it says it will do. Let’s show them that we’re the leaders in the community, not just tell them.” So this section is meant to do exactly that!

Firstly, in 2019 Sangoma focused most of our open source product work on ongoing software development for FreePBX and Asterisk (and bug fixing of our two core projects, naturally). Our focus was on core platform work and new features (both key parts of the major releases of Asterisk 17 and FreePBX 15 in October). But we’re also working to even extend the products into new novel areas. One such example is that Sangoma is introducing new IoT functionality to integrate with FreePBX and enable Access Control in an office from our Softphone/UC client software (no more white swipe cards!). We know you count on Sangoma to innovate on both Asterisk and FreePBX to keep them current, and we’re committed to doing so. In fact, we’re making a special effort in 2020 to roll out significant new capability monthly! It will start in January with FreePBX functionality to comply with Kari’s law, which comes into effect in February. And finally, on the software development topic, Sangoma will be making a concerted effort to further strengthen product quality on FreePBX and Asterisk in new releases during 2020, with less ‘throw it out there & let the community find bugs’. Jared will cover all this, including the plans for Feb/Mar/April monthly releases in his coming note.

The second key product initiative at Sangoma in 2019 has been investment in building up our open source engineering teams even more. It’s no secret that there has been some change in staff during the year and we’re not hiding from that. But with change comes an opportunity for renewal, and that’s exactly what we’re doing! Our dev teams are growing, we’re hiring (hint!) around the globe and now have open source development staff at Sangoma on 5 continents (with Asterisk and FreePBX devs in Huntsville, Toronto, Bangalore, San Diego, Columbia/Ecuador/Uruguay, Atlanta, Eastern Canada, France, and Niger Africa). With so many users around the world, we want engineering talent around the globe too. So if you had any concern about some of the changes in staff, please don’t worry. Sangoma is growing faster than most all companies in our space, is the only one with resources to contribute this kind of investment into open source, and we’re 100% committed.

And thirdly, I thought you’d like to know that product training has gotten a significant ramp-up in attention at Sangoma over the last 6 months. We have been investing more effort into content and course delivery, especially on open source. So, I’m very proud to share that it’s working. We’ve had an astounding 10k trainees take our online courses in the past 6mo!! 70% of these have been open source, with ~2000 in Asterisk & ~5000 in FreePBX. Nobody else even comes close.

Community Engagement and Promotion of our Open Source Projects

In 2019, Sangoma continued our investment to build awareness for our open source platforms, to ensure that both FreePBX and Asterisk receive the credibility they deserve (and that you count on in your business). These efforts range from social media activity, to press releases, to speaking with leading industry analysts (and stock market research analysts), to organizing/hosting events, to fostering healthy/professional relationships with you, the community. I’d like to cover the last two in a bit more detail below.

For 2020, we have already begun planning several of our key events for the year, including the following for open source:

  • AstriCon 2020 will take place in October in Florida. We had suggestions for other locations (including Toronto) but travel proved to be a possible concern, so we’re playing it safe. And we also received some very good feedback from the 2019 event, so we will be adding an additional open source track, making presentations longer (to leave more time for Q&A), and we’ll be bringing back the Dangerous Demos. Details to follow by April.
  • By popular demand we are also bringing back FreePBX World! It will be co-located at AstriCon in October.
  • Asterisk and FreePBX training sessions: As you’ve heard, product training has really accelerated at Sangoma over the past 6 months, and only Sangoma can provide you with official Certification. Better yet, because we see training as a key way to strengthen community interaction, Sangoma has decided to offer Half Price Training, during January through June of 2020 to get as many members certified as possible. That means a $1500 course is available for a very limited time for $750! More on this from Jared shortly, but please note that the first 4 courses of the year are already scheduled and are filling fast (January is Asterisk Advanced in the US (Wi), February is FreePBX in Europe (Italy), March is FreePBX for the US, and April has Asterisk again).

In addition to the above, in 2020 Sangoma will be reinventing the ways in which we foster relationships with you, our open source community, under the new theme of “Care, Engage, Support”. Care about your open source projects, Engage more easily/frequently with Sangoma as the steward of your projects, Support Asterisk/FreePBX in your decisions/deployments. This theme goes beyond my earlier point of ensuring professional communication. And we’re of course not taking away any of the mechanisms you already use and value, such as forums, AstriCon, etc. But we want to encourage more substantive, more respectful interaction between Sangoma, and you as the users. In that spirit, we ask for your input on what you’d like (and Jared will follow up on this point in his coming note). In the meantime, we have several new initiatives that I have personally spearheaded, being launched under the “Care, Engage, Support” theme for 2020, which Jared will cover in detail.

  • A new FreePBX/Asterisk “Voice of the Community” (VoC) Program, where Sangoma facilitates key community influencers and regulars, to post to the community on Sangoma websites/forums/blogs. I hope this encourages thought leaders in the community to communicate powerfully to all members, foster loyalty, and profile those that echo the cause we all believe in so strongly. In my view, not all messaging needs to come from Sangoma.
  • A new mechanism available to ALL community members to submit ideas/input/questions to Sangoma via confidential email without requiring every request to be publicly visible immediately. Some members may feel more comfortable being able to provide ideas/questions this way, and if it facilitates more input, then all the better.
  • A new 1-day, live, “Open-Source Reseller Advisory Council” (OSRAC). Sangoma does this with selected resellers in our non-open source business, and it’s always incredibly well received by partners (plus it helps us gather market needs). Our first OSRAC meeting will be the week of Feb 10, by invitation, and will involve awards. We’ll cover part of your cost, so to be considered, speak with Jared and he’ll connect you to our organizers.
  • Quarterly newsletters dedicated to FreePBX/Asterisk/open source. Community input sought, so reach out to Jared.
  • More direct engagement with Sangoma engineers. We are committing more time from our devs to engage directly with you, empowering them by giving them time away from coding to ‘make it happen’. You’ll see more blog posts, more answers in the forums, and a new series of videos delivered by our Engineers on FreePBX & Asterisk.
  • Keeping open source lively and fun by creating an online merchandise store and new areas of the web for contests and trivia. Show off your passion and excitement for FreePBX, Asterisk and open source!

In summary, Sangoma is FULLY committed to our stewardship of FreePBX and Asterisk, and we take our responsibility very seriously. It is important to us in so many ways, we have the resources to continue supporting/funding it, and the desire to listen to you… in order to make changes that continuously improve your projects. Sure, we’re human, so we’ll make honest mistakes, but I personally pledge that we will always do our sincere best (Sangoma is ALL IN, on you!). After all, open source projects thrive when the community is engaged and throws their support behind the project/company/steward. As Taylor Swift says: “the haters are gonna hate hate hate”. Let’s please NOT join them. There are enough folks in our industry who wish it would all just go away. We don’t need in-fighting nor attacks… let’s cooperate, because after all, we’re in this together, so let’s unite to support Asterisk/FreePBX, as one community/company/project/steward?

Thank you, we appreciate you, and we are looking forward to a great 2020 together! Finally, I wish you and your family/friends a very happy holiday season.

Warm Personal Regards,
Bill Wignall
President and CEO, Sangoma Technologies