0

Hi We are using Amazon S3 as Image Store.

We have a Web application (java + liberty server) from where we upload the images in Amazon S3 using HTTPS. We store the SSL Certificate From Amazon S3 in our server Keystore.

The issue we didn't know when certificate get Expires or we keep checking for update and update our Server Keystore with the new certificate.

Is there any other solution we can so that we don't want rely on the expiration of certificate or any best practice

Thanks in advance

Annavi
  • 141
  • 1
  • 12
  • Is there a reason why you don't use the normal mechanism -- using the certificate chain -- in order to validate the certificate presented by S3? – Michael - sqlbot Dec 09 '15 at 19:57
  • Thx for reply.what is normal mechanism?currently we store S3 certificate in server keystore and validate the certificate from S3.can you help me understand the certificate chain you mentioned – Annavi Dec 09 '15 at 20:04
  • 1
    Ordinarily, you can store the CA certificates, and trust any certificate they authorize via a chain of intermediate certs that are also supplied by the web server during negotiation, and this provides for an automatic chain of trust: http://security.stackexchange.com/a/20833/32112 See particularly, "Why can you trust Google.com by trusting GeoTrust?" – Michael - sqlbot Dec 09 '15 at 20:40
  • thanks a lot i have added the CA it worked – Annavi Dec 09 '15 at 21:48

0 Answers0