All our Streaming API products are now supporting SSL and we’ve just updated the Site streams, User streams and The Streaming APIs documentation pages accordingly. As we’re planning to sunset HTTP support in about a month, we strongly encourage you to switch to SSL (HTTPS) as soon as possible, especially if you’re still authenticating your Streaming API requests with Basic Auth.
On a related note, Basic Auth will eventually be deprecated on the Streaming API, and we recommend that you switch to OAuth well in advance.
Implementation changes on your side should be as simple as changing
http protocol for
Just like for api.twitter.com, we are using Verisign SSL certificates on these domains. If for some reason you need the Verisign Root CA Certificate, you can obtain it directly from Verisign, or from this link: http://curl.haxx.se/ca/cacert.pem
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
On September 29th, the Streaming API will turn SSL only. While one month’s time is our plan, please be sure to give us your feedback on this discussion thread if you think you needed more time. As always, if you have questions about the Streaming API, let us know on our Developers Discussions board.
Update: If you need to get a list of PEM encoded certificates (including the Verisign one), we actually recommend the usage of Adam Langley’s
extract-nss-root-certs tool, rather than downloading the cacert.pem file from haxx.se. Take a look on https://github.com/agl/extract-nss-root-certs for more info.