You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some custom third-party s3 providers already use new GlobalSign certificates, but we have some inconsistencies with aws-cli v1 and v2, as v1 uses updated certifi with updated certificate list, but v2 still depends on outdated cacert.pem.
Thanks for the feature request. Upon discussing with the team, the recommendation here is to install certifi to get access to newer certs. That should be used by default if it is installed. Further investigation by the team is required involving changes to cacert.pem, but this feature request is not planned.
This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
Describe the feature
Can we add new GlobalSign Root R6 certificate (https://support.globalsign.com/ca-certificates/root-certificates/globalsign-root-certificates) to cacert.pem file as it is used by default in aws-cli shipped by amazon? Yes we can override this behavior by env variables, but it's an extra step that can be avoided for publicly acknowleged root certificate.
Use Case
Some custom third-party s3 providers already use new GlobalSign certificates, but we have some inconsistencies with aws-cli v1 and v2, as v1 uses updated certifi with updated certificate list, but v2 still depends on outdated cacert.pem.
Proposed Solution
add GlobalSign Root R6 certificate to cacert.pem
Other Information
No response
Acknowledgements
SDK version used
ALL
Environment details (OS name and version, etc.)
aws-cli/2.15.59 Python/3.11.8 Linux/6.8.0-31-generic exe/x86_64.ubuntu.24
The text was updated successfully, but these errors were encountered: