You're welcome!
For what it's worth, in everyone's OBi202/302 ATAs that I am responsible for, I have updated them to firmware version 3.2.2 (Build: 8680EX-arrynrob13).
Notably, TLS is no longer potentially affected because a significant update related to the trusted certificates exists in that firmware version.
1. The firmware makes the entire list of trusted Root Certificate Authorities (CAs) user-editable via the file /scratch/rootca.pem. This is a major change from the original firmware, which had a fixed, hardcoded list embedded within it.
2. More importantly, the firmware update notes state that by default, this user-editable list points to (symlinked to) the cacert-2024-11-26.pem file. This file represents the Mozilla/cURL collection of trusted Root CAs as of November 26, 2024.
So, instead of relying on the old, potentially outdated list embedded in the original firmware (that may contained expired CAs), naf modified firmware defaults to using a much more current and comprehensive set of trusted Root CAs maintained by the broader internet community (Mozilla/cURL). This addresses the problem of an OBI202 ATA failing to trust secure connections (such as those needed for Google Voice, secure provisioning, etc.) due to servers using certificates signed by newer CAs or chains leading back to CAs that had expired in the old, static list.
By using the November 2024 CA bundle, the devices running this firmware should be able to validate most modern SSL/TLS certificates correctly. The new firmware uses the cacert-2024-11-26.pem bundle, which is a collection of many individual Root CA certificates. Each Root CA within that bundle has its own specific expiration date, often many years (even decades) in the future (e.g., 2030s, 2040s). The key benefit is that this bundle (from late 2024) is current. It contains the necessary modern Root CAs trusted by today's secure servers and omits many of the expired ones found in the old firmware's hardcoded list.
The device's ability to trust secure connections now depends on whether a server's certificate chains back to any valid, non-expired Root CA within that loaded bundle. Because the firmware makes /scratch/rootca.pem user-editable, users can theoretically update this bundle themselves in the future, if needed, by downloading a newer version from a trusted source (curl.se, for example).
By using the updated cacert-2024-11-26.pem bundle, the modified firmware fixes validation issues. The device can now correctly verify modern server certificates. Therefore, TLS connections required by services should establish properly, assuming remote servers are configured correctly.
Your OBi202 isn't expired when using naf modded firmware.
I also use naf modded firmware on my OBi2182 IP phones.
I just realized I analyzed the source of the problem improperly.