[twitter-dev] [OT] new ssl-cert for twitter.com?

2010-05-13 Thread kuhkatz

hello,

sorry for being offtopic, didnt know where else to ask.
(please feel free to point to other resources)

my maybe-problem:

i got a knew ssl-cert from twitter.com today, which looks suspicious to 
me, but i am not sure.


the cert data is as follows:
---
CN: twitter.com
O:  twitter.com
OU: GT09721236
serial number: 0B:B5:F1

CN: equifax
O:  equifax
OU: -empty-

issue date: 26.05.2009
valid until: 28.05.2010

sha1: 9e:e9:97:20:1b:d2:17:cb:cc:0c:8f:19:42:75:2d:6b:ac:07:e1:93
md5:  78:fd:97:3e:78:a1:f6:40:9e:66:7b:d3:a9:db:c2
---

i am unsure about its validity because of the very short validity date 
around two weeks, and because my firefox now shows the twitter.com page 
as 'completly encrypted' which was 'encrypted with cleartext parts' 
until now.


can anyone confirm if this is a valid cert from twitter.com or if 
something fishy is going on?


~


Re: [twitter-dev] [OT] new ssl-cert for twitter.com?

2010-05-13 Thread John Adams
On Thu, May 13, 2010 at 10:37 AM, kuhkatz kuhk...@googlemail.com wrote:

 i got a knew ssl-cert from twitter.com today, which looks suspicious to me,
 but i am not sure.

 issue date: 26.05.2009
 valid until: 28.05.2010

The twitter.com cert, as assigned by Equifax/RapidSSL is about to
expire and we are going to upgrade (in the next day or two) to a
Verisign Class 3 EV Cert for twitter.com.

On api.twitter.com, the cert will expire on July 26th, and we are
upgrading that certificate as well.

We are also deprecating the use of SSLv2 and will remove that cipher
from our supported cipher list, asking anyone who connects via SSL to
use SSLv3 or TLS.

 i am unsure about its validity because of the very short validity date
 around two weeks, and because my firefox now shows the twitter.com page as
 'completly encrypted' which was 'encrypted with cleartext parts' until now.

 can anyone confirm if this is a valid cert from twitter.com or if something
 fishy is going on?

It's valid, for the next couple of weeks.

-john

--
John Adams
Twitter Operations