Twilio-video.js: Distrusted Symantec Certificate
Our rendering server runs Chrome 63, and I started seeing these warnings pop up in our js log.
2017-11-30T21:01:55Z | The SSL certificate used to load resources from https://ecs.us1.twilio.com will be distrusted in the future. Once distrusted, users will be prevented from loading these resources. See https://g.co/chrome/symantecpkicerts for more information.
I assume once Chrome 63 hits stable channels you'll see these more often too.
randallb
All 17 comments
Hey Randall, thanks for the note. We're aware of the issue and should have it corrected soon.
rfbrazier
on 1 Dec 2017
Just got this error today. How is this coming along?
trentramseyer
on 14 Dec 2017
This is still an issue. Is there an ETA for this? Chrome 66 is likely not that far away...
The SSL certificate used to load resources from https://ecs.us1.twilio.com will be distrusted in M70. Once distrusted, users will be prevented from loading these resources. See https://g.co/chrome/symantecpkicerts for more information.
gjdownes
on 20 Feb 2018
@gjdownes yes, we're still aware of it and working on it. From what I understand, replacement certs have been deployed and tested in our staging environment. They'll be in prod soon.
markandrus
on 20 Feb 2018
Heads up- as of today Chrome Canary now blocks connections to wss://endpoint.twilio.com/ due to the legacy certificate.
ElliotChong
on 2 Mar 2018
@ElliotChong - Our teams are validating the replacement certs. We should have this fixed next week.
ktoraskartwilio
on 2 Mar 2018
Nothing yet? I'm having the same problem with the twilio.js javascript SDK version 1.4, and for us, it keeps appearing the same warning, Do you have any prediction?
omarkdev
on 23 Mar 2018
@omarkdev The twilio-video.js endpoints that had distrusted Thawte certificates (endpoint.twilio.com, ecs.twilio.com) have been updated to use new certificates. You should no longer see warnings when using twilio-video.js.
The twilio.js (Twilio Client) endpoint eventgw.twilio.com is still serving a Thawte certificate and we plan to replace it before Sep 13, 2018. The warnings are informational and do not have additional impact for Chrome users using twilio.js (Twilio Client).
kedartoraskar
on 24 Mar 2018
Seems like this has being handled, but for posterity, as of today I'm seeing this message for https://api.twilio.com when loading call recording URLs.
theronic
on 20 Jul 2018
Hi @theronic, the remaining certs in use by Twilio will be updated by August 15th. You can follow along here. Chrome 70 will be released around October 16th, according to the release calendar here.
markandrus
on 20 Jul 2018
I'm getting this error for https://eventgw.twilio.com
andegre
on 21 Aug 2018
Any update on this?
The SSL certificate used to load resources from https://eventgw.twilio.com will be distrusted in M70
gr0g
on 24 Aug 2018
@andegre and @gr0g, please see this advisory for information on eventgw.twilio.com certificate replacement.
markandrus
on 24 Aug 2018
@markandrus sorry, issue turned out to be something else...mine wasn't actually an error, it was just a warning.
andegre
on 31 Aug 2018
Hey @markandrus - any idea when the cert will be replaced? Is that happening tomorrow?
Canary gives
jamesgraham
on 12 Sep 2018
That is slated for replacement tomorrow 9/13.
lifeofzero
on 12 Sep 2018
@jamesgraham this has been completed.
lifeofzero
on 12 Sep 2018
Related issues
vincentwoo
路
4Comments
tapannathvani
路
5Comments
anand-io
路
3Comments
paulbrie
路
3Comments
julien-l
路
4Comments
Most helpful comment
@omarkdev The twilio-video.js endpoints that had distrusted Thawte certificates (endpoint.twilio.com, ecs.twilio.com) have been updated to use new certificates. You should no longer see warnings when using twilio-video.js.
The twilio.js (Twilio Client) endpoint eventgw.twilio.com is still serving a Thawte certificate and we plan to replace it before Sep 13, 2018. The warnings are informational and do not have additional impact for Chrome users using twilio.js (Twilio Client).