Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook
Devcon 2020 Goes Virtual! LEARN MORE >

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

AWS Certificate Expiry

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    AWS Certificate Expiry

    Hi All,

    I have had the following notification from AWS about the MariaDB to which my alpha-anywhere application is connected.

    As we are only accessing the application via the web addresses provided by Alpha, am I correct in thinking the Alpha will manage the update of the certificate. Do I have to do anything to action this?

    "
    You are receiving this message because your AWS Account has one or more Amazon RDS, or Amazon Aurora database instances in the EU-WEST-2 Region using a SSL/TLS Certificate that is expiring on August 22, 2024.

    If your applications connect to these instances using the SSL/TLS protocol, you will need to take action before August 22, 2024 to prevent connectivity failures to your existing database instances. Even if you do not currently use SSL for your connections, you could still be affected if your databases server certificate expires, so we still recommend updating your CA.

    To protect your communications with your database instances, a CA generates time-bound certificates that are checked by your database client software to authenticate any database instance before exchanging information. Following industry best practices, AWS renews the CA and creates new certificates on a routine basis to ensure customer connections are properly protected for years to come.

    The current CA in the EU-WEST-2 Region will expire on August 22, 2024. Before this date you will need to update your DB server certificate. The following is the general process to do this:

    First, update your application clients with the new certificate, if your application client is using a trust store then add the new CA certificates into the trust stores of your client applications. RDS provides download links to the CA certificates in our User Guide [2]. For more detailed instructions on updating the trust stores on your client application see our documentation [3].

    Second, update the certificate on all your affected database instances to one of the newly issued CAs. ‘rds-ca-rsa2048-g1’ is the default recommended CA because there is no algorithm change. The other CAs use new key algorithms so it could require more testing of your client setup to ensure compatibility. For more information on the new CAs see our documentation [4].

    Third, if you want to use a different CA than the default ‘rds-ca-rsa2048-g1’, you will need to set an account level CA override so your new instances will use the CA of your choice. To do this a modify-certificates API is available that will allow you to override the default CA on newly created database instances to either the old or one of the new CAs. This override will only apply while the CA you are overriding to is valid. To use this API you will need to be running the AWS CLI version 1.17 or later. For more information see the modify-certificates API documentation [1]. There is also a describe-certificates API [5], that will indicate your current default CA override if you have one set. To set a specific CA during instance creation use the ca-certificate-identifier option on the create-db-instance API to create a DB instance with a specific CA. For more information, see the create-db-instance API documentation [6].
    "


    Any advise would be greatly appreciated.

    Chris
    Tags: None
    #2
    I use AWS RDS (SQL Server) too. I received the same email a while back. Navigate to RDS, select your DB, select Modify, scroll down to 'Connectivity'. Update the certificate authority. Won't effect your users in case you're wondering.

    Ashampoo_Snap_Wednesday, March 13, 2024_10h4m35s.png
    Mike Brown - Contact Me
    Programmatic Technologies, LLC
    Programmatic-Technologies.com
    Independent Developer & Consultant​​

    Comment

      #3
      Mikes comment of "Won't effect your users in case you're wondering." is only true for systems that have been published with 8862 and above. For systems older than that they will crash hard. Here is the Alpha documentation in the release notes for 8862. I unfortunately learnt the hard way. Another useful piece of information is that if you do run into problems and there are too many errors generated for a bad certificate your RDS server will block the Alpha IP Address sending the requests. You will need to run the 'flush hosts' command in a query to get them talking again.

      Alpha Cloud - Amazon RDS - Amazon RDS Certificate and Certificate Authority File Rotation - As of August 2024, Amazon will be replacing both certificates and the certificate authority files used for Amazon RDS; and which are expiring.

      What You Need To Do
      Sometime before expiration, you will need to change the certificate on your Amazon RDS database to use one of the new ones provided by Amazon. It is likely that Amazon will automatically replace expired certificates, but if you have not planned for the change, you application may stop working at that time.

      Prior to updating your Amazon RDS certificates, be sure you have installed this build (or a later one), or replaced the older certificate authority file on your existing installation as discussed below.

      If you are running an older build on Alpha Cloud, you will want to wait to make the change until Alpha Cloud has been updated, as discussed below. Alternatively, you can explicitly include the new certificate authority file in your deployment. Please contact [email protected] for help if this is a requirement.

      If applications other than Alpha Anywhere are accessing your Amazon RDS database, please refer to documentation for those applications and verify that you have made the necessary changes.

      How Alpha Anywhere is Affected
      When you select TLS/SSL on the connection string dialog in Alpha Anywhere, we automatically handle the certificate authority file for you to assure a secure connection with the intended database server.

      Beginning with this build and beyond, Alpha Anywhere will no longer automatically assign "rds-combined-ca-bundle.pem" as the certificate authority file for connections to Amazon AWS RDS. Instead it will use "global-bundle-2023-09.pem" when connecting to Amazon RDS using TLS/SSL.

      As a result, your application will work with the old and the new certificates as long as you deploy this build and beyond.

      No change is required for applications to continue working with the old certificate as the replacement bundle includes the old certificate authority certificates and the new ones.


      Where the Certificate Authority Files Are Located
      During installation of Alpha Anywhere Application Server (all editions), a folder called "redist\SQLDatabases\Certificates\AmazonRDS" is populated with certificate authority files required to validate the Amazon RDS server security host.

      The "official" name of the file (and as downloaded) is "global-bundle.pem". Both "global-bundle.pem" and "global-bundle-2023-09.pem" are included in the installation and can be found in the folder named above. We have included an additional copy of the file with the date in the name to document the actual date so it is clearer when the file was added.

      The older file is called "rds-combined-ca-bundle.pem. We have left it in the folder.

      If you want to download the Amazon RDS Certificate Authority file directly, you can do so from https://truststore.pki.rds.amazonaws...bal-bundle.pem

      Older Alpha Anywhere Builds
      If you are running an older build that does not have the new certificate authority file installed, you can manually update your installation.

      Download "global-bundle.pem" and overwrite "rds-combined-ca-bundle.pem" in the folder on your deployed server.

      Don't forget to do the same thing in the binary folder for Alpha Anywhere so you can test against your server.

      Alpha Cloud
      Newer builds will work on Alpha Cloud without any changes to the application on your part. If all of your deployed applications are using the latest build, you can safely update the server certificate on Amazon AWS.

      For older builds, we will be automating the same change discussed in the section above (overwriting rds-combined-ca-bundle.pem with the contents of global-bundle.pem).

      This change will be announced during a future control plane recycle.


      Again, if you are running an older build on Alpha Cloud, please wait until the announcement to change the root certificate on your Amazon RDS database! Alternatively, you can explicitly include the new certificate authority file in your deployment. Please contact [email protected] if this is a requirement.

      Amazon Documentation Regarding the Certificate Rotation
      According to the following documents, the new file (global-bundle.pem) includes the root certificates for all regions and from 2019 to handle the transition better. As we understand it, the expiration on the RDS database certificates is August 2024, and presumably the root certificates from 2019 will expire around that time frame.

      https://docs.aws.amazon.com/AmazonRD...-cert-rotation

      https://docs.aws.amazon.com/AmazonRD...ateAuthorities
      David Weinstein
      Best Tech
      [email protected]t

      Comment

        #4
        Thank you very much for your input regarding this.

        My application is in Alpha Cloud running on an older version (7902).

        Therefore I believe only the following applies to me "Again, if you are running an older build on Alpha Cloud, please wait until the announcement to change the root certificate on your Amazon RDS database! "

        Has this announcement been made? Can anyone provide a link?

        Assuming that it has would you consider then I am safe to just upgrade the certificate in AWS?

        Thanks as always

        Chris

        Comment

        Previous template Next
        Working...
        X