Discussion for "REST API SSL certificate update"

awatevikas · 2013-12-23T07:21:24.000Z

Thanks @beercodebeer with your tips I am able to solve twitter certificate issue.

wilgeno · 2013-12-31T22:32:22.000Z

I expected the new Java versions to already have these new Verisign CA certs and for the most part they do. I am working on this issue for a client and I have been testing with a dev setup that has both CF8.0.1 and CF10 installed. Both CF versions are using the same Java install and cacerts file. CF10 works and CF8 does not. Even another setup with CF9 is working. The JVM version in play here is 1.6.0_45. For those with an older JVM installed an upgrade of the JVM may be all you need if running CF9. And CF9 will run on JVM 1.7.0_nn once you fully patch CF9. I’m wondering if those that have this working on CF8 have forgotten they had switched to http instead of https before hand?

davequested · 2014-01-01T02:56:52.000Z

Thanks @beercodebeer, worked perfectly, thanks for taking the time to figure this out and share. Appreciated.

tweetAmattress · 2014-01-04T11:32:00.000Z

Hi all, I developed an IoT device which is build around a small micro controller and the .NET micro framework… The device was able to send out tweets using API 1.0 Software in the device used direct socket programming to communicate with the API. The new API requires SSL and requires a lot of extra software in the device and will adds a performance penalty. Is a secure connection really needed also from small embedded devices to use the current API?

Thanks in advance!
Rob

wakuzi · 2014-01-09T08:06:00.000Z

i upgraded to twitter4j 3.0.5, already.
but i have still problem like this.(using xauth)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Relevant discussions can be found on the Internet at:
http://www.google.co.jp/search?q=6918c4b6 or
http://www.google.co.jp/search?q=00534ac2
TwitterException{exceptionCode=[6918c4b6-00534ac2 6918c4b6-00534a98 6918c4b6-00534a98 6918c4b6-00534a98], statusCode=-1, message=null, code=-1, retryAfter=-1, rateLimitStatus=null, version=3.0.5}
at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:177)
at twitter4j.internal.http.HttpClientWrapper.request(HttpClientWrapper.java:61)
at twitter4j.internal.http.HttpClientWrapper.post(HttpClientWrapper.java:98)
at twitter4j.auth.OAuthAuthorization.getOAuthAccessToken(OAuthAuthorization.java:180)
… 4 more

i don’t know this error, what should i do? help plz.

jollier · 2014-01-10T00:34:00.000Z

We are seeing the same issue but with twitter4j 3.0.6-SNAPSHOT

This is a very basic test servlet that only makes the API call. It is running on JBoss 5 (java 1.6.0_16) on RHEL.

2013-12-19 00:03:19,468 ERROR [STDERR] (ajp-10.29.236.252-8009-5) sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Relevant discussions can be found on the Internet at:
http://www.google.co.jp/search?q=00df323f or
http://www.google.co.jp/search?q=44677343
TwitterException{exceptionCode=[00df323f-44677343 c60d4d36-4886f0e3 c60d4d36-4886f0e3 c60d4d36-4886f0e3], statusCode=-1, message=null, code=-1, retryAfter=-1, rateLimitStatus=null, version=3.0.6-SNAPSHOT(build: 6b148528110cab823a73f4ae60f90cae89fd2fb5)}
…
2013-12-19 00:03:19,470 ERROR [STDERR] (ajp-10.29.236.252-8009-5) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2013-12-19 00:03:19,470 ERROR [STDERR] (ajp-10.29.236.252-8009-5) at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)

Verified the keystore has the VeriSign Cert:

Alias name: verisignclass3g3ca
Creation date: Mar 25, 2004
Entry type: trustedCertEntry
Owner: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU=“© 1999 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU=“© 1999 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US
Serial number: 9b7e0649a33e62b9d5ee90487129ef57
Valid from: Thu Sep 30 17:00:00 PDT 1999 until: Wed Jul 16 16:59:59 PDT 2036
Certificate fingerprints:
MD5: CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
SHA1: 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
Signature algorithm name: SHA1withRSA
Version: 1

Thanks for any suggestions!

lfcipriani · 2014-01-10T12:42:21.000Z

The exception says it’s unable to find a valid certification path. When doing a SSL request, the HTTP client needs to have access to a list of certificates that will be used to check if the server certificate is valid.

To fix this, you will need to find what path should be used for the HTTP client you are using AND if this path has all the certificates to be able to check for validity when trying to connect to api.twitter.com.

Usually you can find information about that path in the documentation of your language main libraries.

chcibelli · 2014-01-17T13:38:17.000Z

Hi, im using PHP and still doesnt work. Im getting “401” when call request_token

Where did you download the pem file?
What permissions did you apply to pem file?

Thanks,

chcibelli · 2014-01-17T14:08:04.000Z

Im getting 401 when trying to request_token, could be related to this update? It worked perfect and start failing on jan 14th

Thanks,

beercodebeer · 2014-01-17T16:49:44.000Z

Hi Christian.

I don’t know if this is related to your issue, but the timing looks right. Twitter is now enforcing that all api calls be made via https.

https://dev.twitter.com/discussions/24239

I missed this update, and only just today noticed that one of my applications has been failing to authenticate users and post tweets on their behalf for the past few days. I changed all the api endpoints in my twitter library to use the https protocol, and now it’s working properly again.

Hope this helps.

The405radio · 2014-01-17T23:02:00.000Z

got a fix from a developer…now seeing this: Exception: Server error: error setting certificate verify locations: CAfile: twitter.crt CApath: /etc/ssl/certs

Thoughts?

coldfusioner · 2014-01-17T23:25:11.000Z

Yep, I couldn’t edit my post after comments were added. Typo on my part…

coldfusioner · 2014-01-17T23:28:03.000Z

@beercodebeer same issue here, I missed that post too. A few of our older servers running CF9 that haven’t been updated stopped working like @chcibelli reported. Looks like I’ll have to make time to patch those bad boys. Thanks y’all.

lfcipriani · 2014-01-28T18:58:21.000Z

This code is usually related to wrong assignment of app tokens in your configuration. Please do the recheck and try again. Thanks

coldfumonkeh · 2014-01-29T13:54:32.000Z

http://www.verisign.com/repository/roots/root-certificates/PCA-3G3.pem

sastha · 2014-01-30T03:17:57.000Z

If we run below command"

keytool -import -v -alias PCA-3G3 -file C:\JRun4\jre\lib\security\PCA-3G3.pem -keystore C:\JRun4\jre\lib\security\cacerts -storepass changeit

It throws
keytool error: java.lang.Exception: Input not an X.509 certificate

Ryan_Veitch · 2014-02-27T10:34:18.000Z

Hi, I’m a third year Engineering student, my project requires me to read/write tweets using an Arduino Uno Rev 3 with ATmega328P, when i attempt to tweet, I get the following error:
{“errors”:[{“message”:“SSL is required”,“code”:92}]}
Update failed

I was hoping someone could offer some advice on how to get this to work?

Thanks,
Ryan.

manu60802231 · 2014-03-04T21:19:47.000Z

Hello,
I was using the twitter filter streaming api without any issues. From last two days i started getting error " SSL peer shut down incorrectly" there after if i try to reconnect I get 401 error. But if I try to reconnect after some minutes it will work again SSL error will repeat after some time.

I am using Apache HTTP client with following SSL config
SSLContext sslcontext = SSLContexts.custom()
.loadTrustMaterial(trustStore)
.build();
// Allow TLSv1 protocol only
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext,
new String[] { “SSLv3”, “TLSv1” },null,
// new String[] { “SSL_RSA_WITH_RC4_128_MD5” },
SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER);
httpclient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.build();
Also i imported twitter certificate using below command

keytool -import -v -alias twitter-cert -file /opt/java/certs/twitterapi.cer -keystore /opt/java/jdk1.7.0_51/jre/lib/security/cacerts -storepass changeit

Still I am getting this issue.

Waiting for your help.

ckryanco · 2014-04-12T05:06:00.000Z

@beercodebeer – Do you know if something has just changed to make this not work? This approach worked perfectly until yesterday, when I started getting the dreaded connection failure again…

beercodebeer · 2014-04-17T00:38:53.000Z

Hi @ckryanco. I did have to repeat this process recently. It looks like Twitter recently updated their SSLs again (probably related to the Heartbleed bug), but following the steps above resolved the recurring Connection Failure error for me.