AWS wickr documentation change
Summary
Added instructions for creating IP-based self-signed certificates and updated domain name references to include IP addresses
Security assessment
The change provides additional TLS certificate configuration guidance, which relates to secure communication setup. However, there is no evidence of addressing a specific security vulnerability.
Diff
diff --git a/wickr/latest/wickrenterpriseinstall/tls-certificate-settings.md b/wickr/latest/wickrenterpriseinstall/tls-certificate-settings.md index be9253cce..d524fcce6 100644 --- a//wickr/latest/wickrenterpriseinstall/tls-certificate-settings.md +++ b//wickr/latest/wickrenterpriseinstall/tls-certificate-settings.md @@ -48,0 +49,5 @@ If you would like to create your own self signed certificate for use with Wickr +If you would like to create an IP based self signed certificate, use the following command instead. In order to use the IP based certificate, ensure that the Wildcard Hostname field is enabled under Ingress settings. For more information, see [Ingress settings](https://docs.aws.amazon.com/wickr/latest/wickrenterpriseinstall/ingress-settings.html). + + + openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout $YOUR_DOMAIN.key -out $YOUR_DOMAIN.crt -subj "/CN=$YOUR_DOMAIN" -addext "subjectAltName=IP:$YOUR_DOMAIN" -addext "extendedKeyUsage = serverAuth" + @@ -51 +56 @@ If you would like to create your own self signed certificate for use with Wickr -Replace $YOUR_DOMAIN in the example with the domain name you intend to use. +Replace $YOUR_DOMAIN in the example with the domain name or IP address you intend to use.