You are 100% correct, the localized URIs do not have wild card certs *.pstn.umatilla.twilio.com thus failing the handshake. I used the Termination SIP URI and it worked like a charm!
Thank you!!!
I will have to work with twilio to create wild card certs for their *.pstn.umatilla.twilio.com
https://techguysio.pstn.twilio.com:5061
$ curl -vv https://techguysio.pstn.twilio.com:5061
* Trying 54.172.60.3:5061...
* TCP_NODELAY set
* Connected to techguysio.pstn.twilio.com (54.172.60.3) port 5061 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Twilio, Inc.; CN=*.pstn.twilio.com
* start date: Jul 27 00:00:00 2020 GMT
* expire date: Sep 29 12:00:00 2021 GMT
* subjectAltName: host "techguysio.pstn.twilio.com" matched cert's "*.pstn.twilio.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Thawte RSA CA 2018
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: techguysio.pstn.twilio.com:5061
> User-Agent: curl/7.68.0