I received an email notification from Amazon saying that Amazon S3 and Amazon CloudFront will migrate the default certificate to Amazon Trust Services in March 2021.
In 2018, AWS announced that it will widely migrate the SSL / TLS certificates of AWS services to our own certificate authority Amazon Trust Services. Consistent with this change, starting in March 2021, Amazon S3 and Amazon CloudFront will begin Default certificate migration certificate authority. Using our own certificate authority, AWS services can better manage the security practices used to handle default certificates.
To ensure that the application continues to operate normally after this change, you may need to take measures. If you are already using other AWS services, your application is likely to already trust Amazon Trust Services because many AWS services have been migrated. Visit https: / / World Wide Web. Amazon trust.com/repository/ for more information about Amazon Trust Services.
To prepare for this migration, please visit the announcement blog or check the following FAQ:
https://aws.amazon.com/blogs/security/how-to-prepare-for-aws-move-to-its-own-certificate- authority /
As a ColdFusion developer, I use Amazon S3 for several projects. I've encountered issues in the past and have had to resort to using S3Express: Amazon S3 Command Line Utility to improve performance, thread stability and avoid time-outs. I Continue to use CFML to access S3 to generate real-time, time-out download links for digital downloads.
I've also accessed some websites via CFHTTP that are hosted by Amazon CloudFront. I decided to check to determine if I need to manually import the certificate into the trust store, or whether it will work properly. ( NOTE: I prefer using CFX_HTTP5 and it worked without Having to make any code changes or manually import any certificates. CURL also worked. They both use the WinHttp API, which utilizes Microsoft's automatically updated certificates ..) Since this was announced back in 2018, I figured Adobe was on top of this and would have added it to ColdFusion 2018, but it appears that they didn't. (I'm not sure if they have added it to CF2020. Can someone check it?)
Here's a ColdFusion script that I wrote that performs GET requests using the currently available test URLs:
- https: // 好 .sca1a.Amazon Trust.com/
- https: // 好 .sca2a.Amazon Trust.com/
- https://good.sca4a.amazontrust.com/
- https://good.sca0a.amazontrust.com/
I noticed that when testing TryCF, the new AWS certificate is valid, but I am not sure why. (Are they using a proxy?) If you test using CFFiddle , a connection failure error is returned.
TryCF.com demo
https://www.trycf.com/gist/829e15110b1f8b81576e1782f760475d
Source Code
from: https://dev.to//gamesover/coldfusion-test-for-new-amazon-trust-services-certificates-1k6o
