REST API SSL certificate updates

Tuesday, 19 November 2013

At the end of 2013, all Browsers and Certificate Authorities will no longer support 1024 bits RSA certificates to be compliant to National Institute of Standards and Technology (NIST) guidelines.

The SSL certificate currently used on api.twitter.com is signed with the older Verisign G2 root CA certificate.

Due to NIST guidelines, api.twitter.com will change to a new certificate on Dec 10th, 2013. The new certificate will be signed with VeriSign Class 3 Secure Server CA - G3, which has the 2048 bits key length needed to meet recommended security levels.

This means that all HTTP clients used by your application must trust the new root certificate, otherwise you won’t be able to connect in the API. To ensure proper SSL certificate verification across all of Twitter’s services, your software should include all Verisign Root Certificates in its CAFile or other respective keystore. The root certificates are available at the following link:

For more guidelines on using SSL with the Twitter API, see our Guide to Connecting with SSL. If you’re continuing to have issues with the transition, you can join in on this discussion topic.

Update [Dec 10th, 2013]: the new certificates were deployed.