The SSL Certificate for api.twitter.com is currently signed against the Verisign G2 Root CA certificate. Verisign (recently acquired by Symantec) is no longer issuing new certificates against the G2 root (it expires in 2019.) They are only currently issuing certificates against the Verisign G3 and G5 roots (for EV certificates).
As the certificate for api.twitter.com is due to expire soon, we will be upgrading our servers with a new SSL Certificate that will be signed against the Verisign G3 root.
To ensure proper SSL certificate verification across all of Twitter’s services, your software should include all Verisign and Digicert Root Certificates in its CAFile or other respective keystore.
These are available from the respective vendors at: