Hi, there is no bug it is just a question, I have received that S3 will update their certificate authority, I just wanted to know if it will impact the aws S3 strapi provider ?
this is the mail that I received :
Description
This is a reminder that Amazon Simple Storage Service (S3) and Amazon CloudFront are both migrating their services’ certificates from DigiCert to Amazon Trust Services starting March 23, 2021. If you do not send HTTPS traffic directly to your S3 bucket, or only use custom domains like with your CloudFront distribution, then there is no impact and you can disregard this message. If you do send HTTPS traffic directly to your S3 bucket, or use CloudFront domains covered by *.cloudfront.net, please continue reading and review the FAQ below on which certificates are migrating.
The Amazon Trust Services Certificate Authority originates from AWS’ purchase of the Starfield Services Certificate Authority which has been valid since 2005. This means you shouldn’t have to take any action to use the certificates issued by Amazon Trust Services as it is already included in common trust stores across most web browsers, operating systems, and applications. However, if you build custom certificate trust stores or use certificate pinning, you may need to alter your configurations. As a best practice, we recommend verifying Amazon Trust Services is in your trust store with one of the following tests.
[1] Visit our blog at How to Prepare for AWS’s Move to Its Own Certificate Authority | AWS Security Blog and use the test URLs there.
[2] Fetch the object from https://s3-ats-migration-test.s3.eu-west-3.amazonaws.com/test.jpg and verify a 200 response or that you see the green check mark in the test image.
[3] Create an S3 bucket in any of the following AWS regions and confirm you can fetch a test object over HTTPS: EU-WEST-3, EU-NORTH-1, ME-SOUTH-1, AP-NORTHEAST-3, AP-EAST-1, and US-GOV-EAST-1.
If Amazon Trust Services is not in the trust store, browsers will display an error message like applications will show an application-specific error. If any of the tests fail, you must do one or more of the following actions: [A] Upgrade your operating system or browser that you are using, [B] Update your application to use CloudFront with a custom domain name and your own certificate, or [C] if you are using custom certificate trust stores or certificate pinning, include Amazon Trust Services’ Certificate Authorities
Frequently Asked Questions
Q1: Which CloudFront certificate is migrating? CloudFront’s global wildcard *.cloudfront.net
Q2: Which S3 certificates are migrating? S3 has several regional certificates, and its global wildcard certificate, migrating in the following AWS regions:
Global wildcard *.s3.amazonaws.com in AP-NORTHEAST-1, AP-NORTHEAST-2, AP-NORTHEAST-3, AP-SOUTH-1, AP-SOUTHEAST-1, AP-SOUTHEAST-2, CA-CENTRAL-1, EU-CENTRAL-1, EU-NORTH-1, EU-WEST-1, EU-WEST-2, EU-WEST-3, SA-EAST-1, US-EAST-1, US-EAST-2, US-WEST-1, US-WEST-2 Regional wildcard *.s3.region.amazonaws.com in AP-NORTHEAST-1, AP-NORTHEAST-2, AP-SOUTH-1, AP-SOUTHEAST-1, AP-SOUTHEAST-2, CA-CENTRAL-1, CN-NORTH-1, CN-NORTHWEST-1, EU-CENTRAL-1, EU-WEST-1, EU-WEST-2, SA-EAST-1, US-EAST-1, US-EAST-2, US-GOV-WEST-1, US-WEST-1, US-WEST-2 FIPS wildcard *.s3-fips-us-gov-west-1.amazonaws.com in US-GOV-WEST-1
Do I need to be worried about that ?