[twitter-dev] [OT] new ssl-cert for twitter.com?

9 views
Skip to first unread message

kuhkatz

unread,
May 13, 2010, 1:37:41 PM5/13/10
to twitter-deve...@googlegroups.com
hello,

sorry for being offtopic, didnt know where else to ask.
(please feel free to point to other resources)

my maybe-problem:

i got a knew ssl-cert from twitter.com today, which looks suspicious to
me, but i am not sure.

the cert data is as follows:
-----------------------------------
CN: twitter.com
O: twitter.com
OU: GT09721236
serial number: 0B:B5:F1

CN: equifax
O: equifax
OU: -empty-

issue date: 26.05.2009
valid until: 28.05.2010

sha1: 9e:e9:97:20:1b:d2:17:cb:cc:0c:8f:19:42:75:2d:6b:ac:07:e1:93
md5: 78:fd:97:3e:78:a1:f6:40:9e:66:7b:d3:a9:db:c2
-----------------------------------

i am unsure about its validity because of the very short validity date
around two weeks, and because my firefox now shows the twitter.com page
as 'completly encrypted' which was 'encrypted with cleartext parts'
until now.

can anyone confirm if this is a valid cert from twitter.com or if
something fishy is going on?

~

John Adams

unread,
May 13, 2010, 3:27:34 PM5/13/10
to twitter-deve...@googlegroups.com
On Thu, May 13, 2010 at 10:37 AM, kuhkatz <kuh...@googlemail.com> wrote:

> i got a knew ssl-cert from twitter.com today, which looks suspicious to me,
> but i am not sure.

> issue date: 26.05.2009
> valid until: 28.05.2010

The twitter.com cert, as assigned by Equifax/RapidSSL is about to
expire and we are going to upgrade (in the next day or two) to a
Verisign Class 3 EV Cert for twitter.com.

On api.twitter.com, the cert will expire on July 26th, and we are
upgrading that certificate as well.

We are also deprecating the use of SSLv2 and will remove that cipher
from our supported cipher list, asking anyone who connects via SSL to
use SSLv3 or TLS.

> i am unsure about its validity because of the very short validity date
> around two weeks, and because my firefox now shows the twitter.com page as
> 'completly encrypted' which was 'encrypted with cleartext parts' until now.
>
> can anyone confirm if this is a valid cert from twitter.com or if something
> fishy is going on?

It's valid, for the next couple of weeks.

-john

--
John Adams
Twitter Operations
Reply all
Reply to author
Forward
0 new messages