Make sure in /etc/ssl/certs that you have a copy of the Verisign root CA
file, just like in the java example above.

If you're loading all files from /etc/ssl/certs you should be able to just
drop in the http://curl.haxx.se/ca/cacert.pem file and that should fix your
issue.

-j


On Wed, Jul 20, 2011 at 3:29 AM, Haitham <haitham.moham...@gmail.com> wrote:

> Pardon me, I have the same problem, but I seem to be missing something
> about the solution.
>
> My application is in Ruby on Rails, with a gem called "OmniAuth" doing
> the OAuth work. It was working just fine before this change,
> automatically fetching my certificates from /etc/ssl/certs directory.
> What should I do to adjust to the new CA?
>
> Thanks in advance.
>
> On Jul 19, 5:54 am, John Adams <j...@twitter.com> wrote:
> > On Mon, Jul 18, 2011 at 8:17 PM, pgarvie <garvie.p...@gmail.com> wrote:
> > > Has Twitter done something with its SSL certificates lately? As in
> > > sometime this afternoon? We've been seeing a ton of
> > > sun.security.validator.ValidatorExceptions coming out of Twitter4J
> > > since about 5:30PM, USCentral.
> >
> > The certificate for api.twitter.com previously used a wildcard
> certificate
> > which was issued by Rapid SSL. We switched the API SSL certificate (after
> > much testing) to a Verisign SSL certificate today and the IP to dedicated
> > VIPs. If you are using Java, there may be a chance that you do not have
> the
> > Verisign Root CA Certificate installed in the Java Keychain of your
> > application. Make sure that exists. You'll need that to verify our
> > certificate chain.
> >
> > You want this Root CA, which is available from Verisign (or in this file:
> http://curl.haxx.se/ca/cacert.pem)
> >
> >    i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
> > Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use
> > only/OU=VeriSign Trust Network
> >
> > You may also need to clear your DNS cache and/or restart your
> application.
> > I've seen Java's security layer not revalidate SSL certificates correctly
> > until restart, but I know little about how your application functions.
> >
> > -John
> > Twitter Security
>
> --
> Have you visited the Developer Discussions feature on
> https://dev.twitter.com/discussions yet?
>
> Twitter developer links:
> Documentation and resources: https://dev.twitter.com/docs
> API updates via Twitter: https://twitter.com/twitterapi
>
> Unsubscribe or change your group membership settings:
> http://groups.google.com/group/twitter-development-talk/subscribe
>

-- 
Have you visited the Developer Discussions feature on 
https://dev.twitter.com/discussions yet?

Twitter developer links:
Documentation and resources: https://dev.twitter.com/docs
API updates via Twitter: https://twitter.com/twitterapi

Unsubscribe or change your group membership settings: 
http://groups.google.com/group/twitter-development-talk/subscribe

Reply via email to