Last active
March 24, 2020 22:01
-
-
Save JamoCA/829e15110b1f8b81576e1782f760475d to your computer and use it in GitHub Desktop.
Test to determine if your ColdFusion Application Server can connect to Amazon Trust Services certificates.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!--- 20200323 Test to determine if your ColdFusion Application Server can connect to Amazon Trust Services certificates. | |
BLOG: https://dev.to/gamesover/coldfusion-test-for-new-amazon-trust-services-certificates-1k6o | |
TryCF: https://www.trycf.com/gist/829e15110b1f8b81576e1782f760475d | |
Try this on your installation of ColdFusion. (Proof that it works in a separate test environment is not the same as it working in production.) | |
NOTE: Also try this at https://cffiddle.org/ (It works on TryCF, but I think it may be due to proxied requests.) | |
---> | |
<cfset AmazonTrustServices = [ | |
{ | |
"CN" = "Amazon Root CA 1", | |
"O" = "Amazon", | |
"C" = "US", | |
"U" = "https://good.sca1a.amazontrust.com/" | |
}, | |
{ | |
"CN" = "Amazon Root CA 2", | |
"O" = "Amazon", | |
"C" = "US", | |
"U" = "https://good.sca2a.amazontrust.com/" | |
}, | |
{ | |
"CN" = "Amazon Root CA 3", | |
"O" = "Amazon", | |
"C" = "US", | |
"U" = "https://good.sca3a.amazontrust.com/" | |
}, | |
{ | |
"CN" = "Amazon Root CA 4", | |
"O" = "Amazon", | |
"C" = "US", | |
"U" = "https://good.sca4a.amazontrust.com/" | |
}, | |
{ | |
"CN" = "Starfield Services Root Certificate Authority - G2", | |
"O" = "Starfield Technologies, Inc.", | |
"L" = "Scottsdale", | |
"ST" = "Arizona", | |
"C" = "US", | |
"U" = "https://good.sca0a.amazontrust.com/" | |
} | |
]> | |
<p>In 2018, AWS announced a broad migration of AWS services' SSL/TLS certificates to our own Certificate Authority, | |
Amazon Trust Services. Consistent with this change, and beginning March 2021, Amazon S3 and Amazon CloudFront will | |
begin migrating the Certificate Authority for each services' default certificate. Using our own Certificate Authority, | |
AWS services can better manage the security practices used to handle our default certificates.</p> | |
<p>Your action may be required to ensure your applications continue normal operation after this change. If you already | |
use other AWS services, your application most likely already trusts Amazon Trust Services as many AWS services have | |
already migrated. Visit <a href="https://aws.amazon.com/blogs/security/how-to-prepare-for-aws-move-to-its-own-certificate-authority/">https://aws.amazon.com/blogs/security/how-to-prepare-for-aws-move-to-its-own-certificate-authority/</a>.</p> | |
<cfset serviceCount = arraylen(AmazonTrustServices)> | |
<cfloop from="1" to="#serviceCount#" index="i"> | |
<cfset thisService = AmazonTrustServices[i]> | |
<fieldset> | |
<cfoutput><legend>[#i#/#serviceCount#] #thisService.CN#</legend> | |
<p>#thisService.U#</p> | |
</cfoutput> | |
<cftry> | |
<cfhttp url="#thisService.U#" method="get" redirect="no" getasbinary="never" timeout="5"> | |
<cfif isdefined("CFHTTP.StatusCode") AND VAL(CFHTTP.StatusCode) IS 200> | |
<h3 style="color:green;">Success</h3> | |
<cfdump var="#cfhttp#" expand="false"> | |
<cfelse> | |
<h3 style="color:red;">Fail</h3> | |
<cfdump var="#cfhttp#"> | |
</cfif> | |
<cfcatch> | |
<h3 style="color:red;">Fail/CFError</h3> | |
<cfdump var="#cfcatch.message#"> | |
</cfcatch> | |
</cftry> | |
</fieldset> | |
</cfloop> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment