Pardon me, I have the same problem, but I seem to be missing something about the solution.
My application is in Ruby on Rails, with a gem called "OmniAuth" doing the OAuth work. It was working just fine before this change, automatically fetching my certificates from /etc/ssl/certs directory. What should I do to adjust to the new CA? Thanks in advance. On Jul 19, 5:54 am, John Adams <j...@twitter.com> wrote: > On Mon, Jul 18, 2011 at 8:17 PM, pgarvie <garvie.p...@gmail.com> wrote: > > Has Twitter done something with its SSL certificates lately? As in > > sometime this afternoon? We've been seeing a ton of > > sun.security.validator.ValidatorExceptions coming out of Twitter4J > > since about 5:30PM, USCentral. > > The certificate for api.twitter.com previously used a wildcard certificate > which was issued by Rapid SSL. We switched the API SSL certificate (after > much testing) to a Verisign SSL certificate today and the IP to dedicated > VIPs. If you are using Java, there may be a chance that you do not have the > Verisign Root CA Certificate installed in the Java Keychain of your > application. Make sure that exists. You'll need that to verify our > certificate chain. > > You want this Root CA, which is available from Verisign (or in this > file:http://curl.haxx.se/ca/cacert.pem) > > i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification > Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use > only/OU=VeriSign Trust Network > > You may also need to clear your DNS cache and/or restart your application. > I've seen Java's security layer not revalidate SSL certificates correctly > until restart, but I know little about how your application functions. > > -John > Twitter Security -- Have you visited the Developer Discussions feature on https://dev.twitter.com/discussions yet? Twitter developer links: Documentation and resources: https://dev.twitter.com/docs API updates via Twitter: https://twitter.com/twitterapi Unsubscribe or change your group membership settings: http://groups.google.com/group/twitter-development-talk/subscribe
