SSL certificate error - platform.twitter.com


#1

Hi

From independent monitoring of our site we are seeing SSL intermediate chain problems with platform.twitter.com

The linked images show a SSL verification check against platform.twitter.com from two different locations in the UK

Verification OK : http://i49.tinypic.com/4kei4l.gif
Verification BAD : http://i49.tinypic.com/2im3ts8.gif

These must be hitting different load balancers/servers each having different installations of the certificate and their respective chains of which one is broken.

We note that you have recently been changing SSL for api.twitter.com so have you also been changing platform.twitter.com?

You can fix this particular problem by loading the correct intermediate certificates for the affected servers. If like with api.twitter.com that you are changing SSL provider, you should not remove intermediates for the old provider until process is complete.

Broken SSL chains could lead to PCI vulnerability scan failures for people that are integrating with platform.twitter.com and are unlucky enough to hit the load balancers/ server with the broken chain

Please fix ASAP

Thanks


#2

Still having this issue, surprised no one else is reporting this. For what its worth it appears to be a CDN related issue.

We are now sadly removing all Twitter functionality from pages under SSL and event binding (we were using this for GA Social Analytics) for Twitter on all non SSL pages. Is there a way to avoid having both HTTP and HTTPS iframes on regular HTTP pages?!


#3

We’ve tested both Akamai and the Fastly CDN with a variety of tools and cannot reproduce this problem. While the Fastly CDN had a problem last week, we spoke with them and the intermediate issue was fixed.

If you can still reproduce this today, let us know how you are testing, what browser you’re using, and any other information that would assist us in debugging.

Thanks.


#4

I am getting this cert information:
website: api.twitter.com
Owner: This website does not supply ownership information.
Verified by: VeriSign, Inc.
so the SSL channel wonl’t be established


#5

#6

#7

#8