Tweet
Hello
My program using the json-rpc api broke last week, and started giving me an error
Post "https://api.betfair.com/exchange/betting/json-rpc/v1": x509: certificate signed by unknown authority
so I checked the certificate chain for api.betfair.com and found it was signed by Google Trust
Certificate chain
0 s:/CN=api.betfair.com
i:/C=US/O=Google Trust Services LLC/CN=GTS CA 1P5
1 s:/C=US/O=Google Trust Services LLC/CN=GTS CA 1P5
i:/C=US/O=Google Trust Services LLC/CN=GTS Root R1
2 s:/C=US/O=Google Trust Services LLC/CN=GTS Root R1
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
no problems I thought, so I changed my root CA pem to that of the intermediate GTS CA 1P5 but then my non-interactive login started failing with the error
https://identitysso-cert.betfair.com/api/certlogin": x509: certificate signed by unknown authority
so I checked the certificate chain for identitysso-cert.betfair.com and found it was signed by QuoVadis
Certificate chain
0 s:/C=IE/ST=Leinster/L=Clonskeagh/O=Paddy Power Betfair Limited/CN=betfair.com
i:/C=US/O=HydrantID (Avalanche Cloud Corporation)/CN=HydrantID SSL CA G3
1 s:/C=US/O=HydrantID (Avalanche Cloud Corporation)/CN=HydrantID SSL CA G3
i:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
2 s:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
i:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
so for the moment I have concatenated both the QuoVadis CA cert and Google Trust CA in my root CA pem and things work again.
So
1. Was the CA signing for the api endpoint changed at around 6:00am BST on 10th August from QuoVadis to Google Trust
2. Will the identity endpoint be changing signer as well?
Thanks
Guy
(I'll look at using the default OS CA certs which I would hope would fix any change in the signer at your end)
My program using the json-rpc api broke last week, and started giving me an error
Post "https://api.betfair.com/exchange/betting/json-rpc/v1": x509: certificate signed by unknown authority
so I checked the certificate chain for api.betfair.com and found it was signed by Google Trust
Certificate chain
0 s:/CN=api.betfair.com
i:/C=US/O=Google Trust Services LLC/CN=GTS CA 1P5
1 s:/C=US/O=Google Trust Services LLC/CN=GTS CA 1P5
i:/C=US/O=Google Trust Services LLC/CN=GTS Root R1
2 s:/C=US/O=Google Trust Services LLC/CN=GTS Root R1
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
no problems I thought, so I changed my root CA pem to that of the intermediate GTS CA 1P5 but then my non-interactive login started failing with the error
https://identitysso-cert.betfair.com/api/certlogin": x509: certificate signed by unknown authority
so I checked the certificate chain for identitysso-cert.betfair.com and found it was signed by QuoVadis
Certificate chain
0 s:/C=IE/ST=Leinster/L=Clonskeagh/O=Paddy Power Betfair Limited/CN=betfair.com
i:/C=US/O=HydrantID (Avalanche Cloud Corporation)/CN=HydrantID SSL CA G3
1 s:/C=US/O=HydrantID (Avalanche Cloud Corporation)/CN=HydrantID SSL CA G3
i:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
2 s:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
i:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
so for the moment I have concatenated both the QuoVadis CA cert and Google Trust CA in my root CA pem and things work again.
So
1. Was the CA signing for the api endpoint changed at around 6:00am BST on 10th August from QuoVadis to Google Trust
2. Will the identity endpoint be changing signer as well?
Thanks
Guy
(I'll look at using the default OS CA certs which I would hope would fix any change in the signer at your end)
Comment