AWS has contacted their clients announcing they have already begun transferring their certificate authority to their internal servers. Today I received this announcement and the transfer began on March 1, 2020. Oh my, thanks for the future notice. Here’s some info if you didn’t get the announcement:
Q3: What do I need to do?
Evaluate whether your applications trust Amazon Trust Services’ root certificates. If your application does not trust Amazon Trust Services, perform one of the following two actions. Resolution option 1, update your client certificate trust store to include all of Amazon Trust Services’ root certificates. Resolution option 2, change the domain name your application requests to a CloudFront Alternative Domain Name (CNAME) that uses an SSL/TLS certificate from an already trusted Certificate Authority.
Q4: How do I test if my application trust Amazon Trust Services?
Verify your application works with Amazon Trust Services issued certificates, by performing one of the following tests from within your application. Test option 1, fetch the object https://s3-ats-migration-test.s3.eu-west-3.amazonaws.com/test.jpg and verify a 200 response or that you see the green check mark in the test image. Test option 2, create an S3 bucket in your AWS account in any of the following regions (eu-west-3, eu-north-1, me-south-1, ap-northeast-3, ap-east-1, and us-gov-east-1) and fetch a test object.
I setup all my AWS domains with AWS. I’m hoping this change doesn’t cause any bumps. It’s not supposed to.