on 04-04-2019 10:31 AM
Dear experts,
one of our Trust Certificates from AWS has expired and I'd like to renew it:
Screenshot 1: 2019-04-04-11-08-40-window.png
Whenever I fetch the certificate with Google Chrome the following one is shown:
Screenshot 2: inked2019-04-04-11-11-00-window-li.jpg
As this is not the certificate I want to update, I looked up the alternative appliciants within the certificate and the following ones are displayed:
Screenshot 3: inked2019-04-04-11-17-11-window-li.jpg
If I'm correct this segment is stating that the certificate I am looking for ('eu-west-1.queue.amazonaws.com') is included in 'sqs.eu-west-1.amazonaws.com'.
My question is: Is this really the case and 'eu-west-1.queue.amazonaws.com' is therefore obsolete or is there another way to get the certificate for 'eu-west-1.queue.amazonaws.com'?
Thanks in Advance,
Nils
Hi Nils,
the guide on the amazon certificates is here: https://help.sap.com/viewer/0f9408e4921e4ba3bb4a7a1f75f837a7/1902.500/en-US/ea05476cc4424219aa70b4ec...
You can either install the intermediate and root certificates in your trust store (certificate chain) OR you install the leaf certificate in your trust store.
You can check it on your own: both the sqs.eu-west-1 and the email.eu-west-1 are using the Amazon Root CA 1 (one of Amazon's certificate authorities).
So when uploading the Amazon Root CA 1 (leaf certificate) into your Certificate Trust List, you are good to go in both cases (sqs* and email*).
Please mark your question as answered, if my comment helped.
Best regards,
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tim,
thanks for your fast answer, though 'email.eu-west-1.amazonaws.com' is already inbound:
Screenshot: inked2019-04-04-12-17-50-window-li.jpg
I don't really understand what you're trying to tell me... I'm asking specifically for 'eu-west-1.queue.amazonaws.com'. Do you reckon that 'email.eu-west-1.amazonaws.com' is in fact concordant to 'eu-west-1.queue.amazonaws.com'? Why do the two of those exist as seperate units in the system then?
BR,
Nils
(1/2)
Hi Tim,
thanks for helping out.
In your updated answer you are comparing 'email.eu-west-1.amazonaws.com' and 'sqs.eu-west-1.amazonaws.com'. Both of those are fine in my system and up to date. The one that is the troublemaker is 'eu-west-1.queue.amazonaws.com':
Screenshot 1: inked2019-04-04-12-17-50-window-li-2.jpg
Prior to asking this question I followed the guide you provided (https://help.sap.com/viewer/0f9408e4921e4ba3bb4a7a1f75f837a7/1902.500/en-US/ea05476cc4424219aa70b4ecd208cdb9.html).
(Comment continues below)
(2/2)
For 'eu-west-1.queue.amazonaws.com' I just changed the URL to 'https://eu-west-1.queue.amazonaws.com/' and followed the procedure described in the guide.
The problem that occurs now is that 'https://eu-west-1.queue.amazonaws.com/' provides the same certificate as 'https://sqs.eu-west-1.amazonaws.com/':
Screenshot 2: inked2019-04-04-15-02-07-window-li.jpg
Screenshot 3: inked2019-04-04-11-11-00-window-li.jpg
Therefore, if I upload the certificate I get for 'https://eu-west-1.queue.amazonaws.com/' to MC, 'eu-west-1.queue.amazonaws.com' is still marked as expired in the system and 'sqs.eu-west-1.amazonaws.com' gets renewed.
My conclusion is that 'email.eu-west-1.amazonaws.com' is in fact concordant to 'eu-west-1.queue.amazonaws.com'. That means I could just delete the expired 'eu-west-1.queue.amazonaws.com' and never think about it again. Is that true? If not, where can I find a running certificate for 'eu-west-1.queue.amazonaws.com'?
I hope this helps to clarify my problem!
BR,
Nils
(P. S.: I can't submit the comment in one go, propably too long)
Hi Nils,
yes, you should be fine after deleting the expired 'eu-west-1.queue.amazonaws.com' in that case.
FYI: Most of our client are uploading the Amazon Root CA 1 (leaf certificate) into their Certificate Trust Lists. I have just double checked it, the CA 1 certificate is valid until 2037, so in that case you really don't have to worry about it for quite some time.
Hope this helps!
Best regards,
Tim
Hey Tim,
thanks for the confirmation! (I will mark your original comment as accepted because for some reason that's not possible with sub comments.)
Just two more things concerning your 'FYI':
Does the 'Amazon Root CA 1' certificate replace the other Amazon related certificates ('email.eu-west-1.amazonaws.com' and 'sqs.eu-west-1.amazonaws.com')?
Is this the place I get the right one from: 2019-04-05-09-43-48-window.png ?
I uploaded the one in the Screenshot to MC and it looks like this: 2019-04-04-11-08-40-window.png , so I should be good to go, correct?
Kind regards,
Nils
User | Count |
---|---|
5 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.