AWS amazonq high security documentation change
Summary
Updated OpenSSL command to remove insecure -sha1 flag, changed certificate paths, and added security note about SHA-1 deprecation
Security assessment
Explicitly warns against using SHA-1 algorithm for certificate generation, which is a known cryptographic vulnerability. The change removes insecure flags and adds documentation about secure certificate practices.
Diff
diff --git a/amazonq/latest/qbusiness-ug/sharepoint-cloud-console.md b/amazonq/latest/qbusiness-ug/sharepoint-cloud-console.md index 267e760db..3b2b1881b 100644 --- a//amazonq/latest/qbusiness-ug/sharepoint-cloud-console.md +++ b//amazonq/latest/qbusiness-ug/sharepoint-cloud-console.md @@ -63,4 +63,6 @@ OneNote can only be crawled by the connector using a Tenant ID, and with OAuth 2 - openssl req -x509 -newkey - rsa:2048 -noenc -sha1 -keyout /tmp/private.key -out /tmp/sharepoint.crt -nodes -set_serial 1 - -days 365 -subj - "/CN=amazon/[email protected]/C=US/ST=Texas/L=Dallas/O=amazon/OU=amazon" + openssl req -x509 -newkey rsa:2048 -nodes -keyout /path/to/folder/private.key -out /path/to/folder/sharepoint.crt -days 365 -subj "/CN=ExampleCorp/[email protected] + /C=US/ST=Texas/L=Dallas/O=ExampleCorp/OU=IT" -set_serial 1 + +###### Note + +Avoid using the -sha1 flag when generating certificates. SHA-1 is considered insecure and deprecated. Most modern browsers and systems reject certificates signed with SHA-1. By default, OpenSSL uses a secure algorithm such as SHA-256 when the -sha1 flag is omitted.