Need help to get the correct CA certificate for Amazon s3 endpoints

Question

Hello,
Need help to find which CA certificate to use for the Amazon s3 endpoints?
I see the list of certificates here - https://www.amazontrust.com/repository/

Tried https://www.amazontrust.com/repository/AmazonRootCA1.pem with "ap-southeast-1" but it failed.

Please can someone help me to understand which certificate to use and if we need to use separate certificates for every AWS region (such as ap-south-1, us-east-1, etc.) then how to identify them? Thanks.

Answer

The CA Certificates required to work with s3 are covered in the FAQ in following blog post[1] which goes over the s3/CloudFront migration to Amazon Trust Services. See the question "What do I need to do?" which mentions that you need to "update your client certificate trust store to include all of Amazon Trust Services’ root certificates".

So to answer your question, you will need to trust all of the root CA certificates that are available on the Amazon Trust Services Repository[2].

---

[1] Reminder: Amazon S3 and Amazon CloudFront service certificates migrating to Amazon Trust Services starting March 23, 2021 - https://aws.amazon.com/blogs/storage/reminder-amazon-s3-and-amazon-cloudfront-migrating-service-certificates-to-amazon-trust-services-starting-march-23-2021/

[2] Amazon Trust Services Repository - https://www.amazontrust.com/repository/

Need help to get the correct CA certificate for Amazon s3 endpoints

관련 콘텐츠