Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Test to determine if your ColdFusion Application Server can connect to Amazon Trust Services certificates.
<!--- 20200323 Test to determine if your ColdFusion Application Server can connect to Amazon Trust Services certificates.
BLOG: https://dev.to/gamesover/coldfusion-test-for-new-amazon-trust-services-certificates-1k6o
TryCF: https://www.trycf.com/gist/829e15110b1f8b81576e1782f760475d
Try this on your installation of ColdFusion. (Proof that it works in a separate test environment is not the same as it working in production.)
NOTE: Also try this at https://cffiddle.org/ (It works on TryCF, but I think it may be due to proxied requests.)
--->
<cfset AmazonTrustServices = [
{
"CN" = "Amazon Root CA 1",
"O" = "Amazon",
"C" = "US",
"U" = "https://good.sca1a.amazontrust.com/"
},
{
"CN" = "Amazon Root CA 2",
"O" = "Amazon",
"C" = "US",
"U" = "https://good.sca2a.amazontrust.com/"
},
{
"CN" = "Amazon Root CA 3",
"O" = "Amazon",
"C" = "US",
"U" = "https://good.sca3a.amazontrust.com/"
},
{
"CN" = "Amazon Root CA 4",
"O" = "Amazon",
"C" = "US",
"U" = "https://good.sca4a.amazontrust.com/"
},
{
"CN" = "Starfield Services Root Certificate Authority - G2",
"O" = "Starfield Technologies, Inc.",
"L" = "Scottsdale",
"ST" = "Arizona",
"C" = "US",
"U" = "https://good.sca0a.amazontrust.com/"
}
]>
<p>In 2018, AWS announced a broad migration of AWS services' SSL/TLS certificates to our own Certificate Authority,
Amazon Trust Services. Consistent with this change, and beginning March 2021, Amazon S3 and Amazon CloudFront will
begin migrating the Certificate Authority for each services' default certificate. Using our own Certificate Authority,
AWS services can better manage the security practices used to handle our default certificates.</p>
<p>Your action may be required to ensure your applications continue normal operation after this change. If you already
use other AWS services, your application most likely already trusts Amazon Trust Services as many AWS services have
already migrated. Visit <a href="https://aws.amazon.com/blogs/security/how-to-prepare-for-aws-move-to-its-own-certificate-authority/">https://aws.amazon.com/blogs/security/how-to-prepare-for-aws-move-to-its-own-certificate-authority/</a>.</p>
<cfset serviceCount = arraylen(AmazonTrustServices)>
<cfloop from="1" to="#serviceCount#" index="i">
<cfset thisService = AmazonTrustServices[i]>
<fieldset>
<cfoutput><legend>[#i#/#serviceCount#] #thisService.CN#</legend>
<p>#thisService.U#</p>
</cfoutput>
<cftry>
<cfhttp url="#thisService.U#" method="get" redirect="no" getasbinary="never" timeout="5">
<cfif isdefined("CFHTTP.StatusCode") AND VAL(CFHTTP.StatusCode) IS 200>
<h3 style="color:green;">Success</h3>
<cfdump var="#cfhttp#" expand="false">
<cfelse>
<h3 style="color:red;">Fail</h3>
<cfdump var="#cfhttp#">
</cfif>
<cfcatch>
<h3 style="color:red;">Fail/CFError</h3>
<cfdump var="#cfcatch.message#">
</cfcatch>
</cftry>
</fieldset>
</cfloop>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment