By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Need help to get the correct CA certificate for Amazon s3 endpoints

0

Hello, Need help to find which CA certificate to use for the Amazon s3 endpoints? I see the list of certificates here - https://www.amazontrust.com/repository/

Tried https://www.amazontrust.com/repository/AmazonRootCA1.pem with "ap-southeast-1" but it failed.

Please can someone help me to understand which certificate to use and if we need to use separate certificates for every AWS region (such as ap-south-1, us-east-1, etc.) then how to identify them? Thanks.

Topics
Security, Identity, & Compliance
Tags
AWS Certificate ManagerAWS Private Certificate Authority
Language
English
rePost-User-3741581
asked a year ago2468 views
1 Answer
0

The CA Certificates required to work with s3 are covered in the FAQ in following blog post[1] which goes over the s3/CloudFront migration to Amazon Trust Services. See the question "What do I need to do?" which mentions that you need to "update your client certificate trust store to include all of Amazon Trust Services’ root certificates".

So to answer your question, you will need to trust all of the root CA certificates that are available on the Amazon Trust Services Repository[2].

[1] Reminder: Amazon S3 and Amazon CloudFront service certificates migrating to Amazon Trust Services starting March 23, 2021 - https://aws.amazon.com/blogs/storage/reminder-amazon-s3-and-amazon-cloudfront-migrating-service-certificates-to-amazon-trust-services-starting-march-23-2021/

[2] Amazon Trust Services Repository - https://www.amazontrust.com/repository/

AWS
SUPPORT ENGINEER
Michael_H
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content