Make sure in /etc/ssl/certs that you have a copy of the Verisign root CA file, just like in the java example above.
If you're loading all files from /etc/ssl/certs you should be able to just drop in the http://curl.haxx.se/ca/cacert.pem file and that should fix your issue. -j On Wed, Jul 20, 2011 at 3:29 AM, Haitham <haitham.moham...@gmail.com> wrote: > Pardon me, I have the same problem, but I seem to be missing something > about the solution. > > My application is in Ruby on Rails, with a gem called "OmniAuth" doing > the OAuth work. It was working just fine before this change, > automatically fetching my certificates from /etc/ssl/certs directory. > What should I do to adjust to the new CA? > > Thanks in advance. > > On Jul 19, 5:54 am, John Adams <j...@twitter.com> wrote: > > On Mon, Jul 18, 2011 at 8:17 PM, pgarvie <garvie.p...@gmail.com> wrote: > > > Has Twitter done something with its SSL certificates lately? As in > > > sometime this afternoon? We've been seeing a ton of > > > sun.security.validator.ValidatorExceptions coming out of Twitter4J > > > since about 5:30PM, USCentral. > > > > The certificate for api.twitter.com previously used a wildcard > certificate > > which was issued by Rapid SSL. We switched the API SSL certificate (after > > much testing) to a Verisign SSL certificate today and the IP to dedicated > > VIPs. If you are using Java, there may be a chance that you do not have > the > > Verisign Root CA Certificate installed in the Java Keychain of your > > application. Make sure that exists. You'll need that to verify our > > certificate chain. > > > > You want this Root CA, which is available from Verisign (or in this file: > http://curl.haxx.se/ca/cacert.pem) > > > > i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification > > Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use > > only/OU=VeriSign Trust Network > > > > You may also need to clear your DNS cache and/or restart your > application. > > I've seen Java's security layer not revalidate SSL certificates correctly > > until restart, but I know little about how your application functions. > > > > -John > > Twitter Security > > -- > Have you visited the Developer Discussions feature on > https://dev.twitter.com/discussions yet? > > Twitter developer links: > Documentation and resources: https://dev.twitter.com/docs > API updates via Twitter: https://twitter.com/twitterapi > > Unsubscribe or change your group membership settings: > http://groups.google.com/group/twitter-development-talk/subscribe > -- Have you visited the Developer Discussions feature on https://dev.twitter.com/discussions yet? Twitter developer links: Documentation and resources: https://dev.twitter.com/docs API updates via Twitter: https://twitter.com/twitterapi Unsubscribe or change your group membership settings: http://groups.google.com/group/twitter-development-talk/subscribe