我收到了一封来自亚马逊的电子邮件通知,称Amazon S3和Amazon CloudFront将于2021年3月将默认证书迁移到Amazon Trust Services。
2018年,AWS宣布将AWS服务的SSL / TLS证书广泛迁移到我们自己的证书颁发机构Amazon Trust Services. 与此更改一致,从2021年3月开始,Amazon S3和Amazon CloudFront将开始为每种服务的默认证书迁移证书颁发机构. 使用我们自己的证书颁发机构,AWS服务可以更好地管理用于处理默认证书的安全做法.
为确保应用程序在此更改后继续正常运行,可能需要采取措施. 如果您已经在使用其他AWS服务,则您的应用程序很可能已经信任Amazon Trust Services,因为许多AWS服务已经迁移. Visit https://万维网.亚马逊trust.com/repository/ for more information about Amazon Trust Services.
要准备此迁移,请访问公告博客或查看以下常见问题解答:
https://aws.amazon.com/blogs/security/how-to-prepare-for-aws-move-to-its-own-certificate-authority/
作为ColdFusion开发人员,我将Amazon S3用于几个项目. I've encountered issues in the past and have had to resort to using S3Express: Amazon S3 Command Line Utility to improve performance, thread stability and avoid time-outs. 我继续使用CFML来访问S3来生成数字下载的实时,超时的下载链接.
I've also accessed some websites via CFHTTP that are hosted by Amazon CloudFront. 我决定检查以确定是否需要手动将证书导入到信任存储中,或者它是否可以正常工作. (NOTE: I prefer using CFX_HTTP5 and it worked without having to make any code changes or manually import any certificates. CURL also worked. 它们都使用WinHttp API,该API利用了Microsoft自动更新的证书。.) Since this was announced back in 2018, I figured Adobe was on top of this and would have added it to ColdFusion 2018, but it appears that they didn't. (我不确定他们是否已将其添加到CF2020中. 有人可以检查一下吗?)
Here's a ColdFusion script that I wrote that performs GET requests using the currently available test URLs:
- https://好.sca1a.亚马逊信托.com/
- https://好.sca2a.亚马逊信托.com/
- https://good.sca4a.amazontrust.com/
- https://good.sca0a.amazontrust.com/
我注意到测试TryCF时,新的AWS证书有效,但我不确定为什么. (Are they using a proxy?) If you test using CFFiddle, a connection failure error is returned.
TryCF.com演示
https://www.trycf.com/gist/829e15110b1f8b81576e1782f760475d
Source Code
from: https://dev.to//gamesover/coldfusion-test-for-new-amazon-trust-services-certificates-1k6o
