Important maintenance notice: Amazon Simple Email Service SSL/TLS certificate changes

[martinusso]

I received the following message:

Dear Amazon SES customer,

To continue improving the security of our cloud platform, Amazon SES will migrate the SSL certificates for the HTTPs and SMTP interfaces to use a new certificate chain signed using the SHA256 algorithm. The update will start on September 22, 2015 at 1a.m. PDT and will impact the US-EAST-1, EU-WEST-1, and US-WEST-2 Regions. This update is part of a wider AWS initiative for which you can find more details in this AWS security bulletin: http://aws.amazon.com/security/security-bulletins/aws-to-switch-to-sha256-hash-algorithm-for-ssl-certificates/.

While we expect a silent update, it is possible that your infrastructure is interacting with Amazon SES using an old certificate bundle that is incompatible with the new certificate. In this case, after the migration date your calls to Amazon SES will fail with SSL handshake exceptions. To resolve the problem, you will need to import a new certificate authority (CA) certificate into your certificate bundle. For more information on how to test and update your environment, please follow the instructions provided in the SSL Certificate Requirements topic in the AWS SDK for Java Developer Guide: http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/use-sha256.html.

If you have any questions, please don’t hesitate to contact us through the Amazon SES forum (https://forums.aws.amazon.com/forum.jspa?forumID=90) or through AWS Support (https://aws.amazon.com/support/).

Best regards,

The Amazon SES team

[esasse]

...and? :)

[martinusso]

I'll verify the instructions provided and make the needed changes.

[esasse]

Great, thanks!