- Newest
- Most votes
- Most comments
To find the list of root certificate authorities (CAs) that AWS S3 will present to clients, you can check the AWS Private CA console at https://console.aws.amazon.com/acm-pca/home.
This will show all the available CAs, their status, type (root or subordinate), key algorithm and other details. The AWS-managed CAs that S3 uses should be listed here.
To automatically update root certificates on the client whenever S3 introduces new ones, a few options are:
Configure your client application to periodically fetch the latest list of CAs from the AWS Private CA console and update its trust store accordingly.
Use AWS Certificate Manager to provision and manage certificates. ACM will automatically rotate certificates and update them in CloudFront, S3 etc. so client applications don't need manual updates.
Leverage S3 client-side encryption which handles certificate validation and renewal without needing updates on the client-side.
Relevant content
- asked 9 months ago
- asked 10 months ago
- asked a year ago
- AWS OFFICIALUpdated 17 days ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago