AWS Security ChangesHomeSearch

AWS amazonq high security documentation change

Service: amazonq · 2025-05-25 · Security-related high

File: amazonq/latest/qbusiness-ug/sharepoint-cloud-console.md

Summary

Updated OpenSSL command to remove insecure -sha1 flag, changed certificate paths, and added security note about SHA-1 deprecation

Security assessment

Explicitly warns against using SHA-1 algorithm for certificate generation, which is a known cryptographic vulnerability. The change removes insecure flags and adds documentation about secure certificate practices.

Diff

diff --git a/amazonq/latest/qbusiness-ug/sharepoint-cloud-console.md b/amazonq/latest/qbusiness-ug/sharepoint-cloud-console.md
index 267e760db..3b2b1881b 100644
--- a//amazonq/latest/qbusiness-ug/sharepoint-cloud-console.md
+++ b//amazonq/latest/qbusiness-ug/sharepoint-cloud-console.md
@@ -63,4 +63,6 @@ OneNote can only be crawled by the connector using a Tenant ID, and with OAuth 2
-                        openssl req -x509 -newkey
-                    rsa:2048 -noenc -sha1 -keyout /tmp/private.key -out /tmp/sharepoint.crt -nodes -set_serial 1
-                    -days 365 -subj
-                    "/CN=amazon/[email protected]/C=US/ST=Texas/L=Dallas/O=amazon/OU=amazon"
+                        openssl req -x509 -newkey rsa:2048 -nodes -keyout /path/to/folder/private.key -out /path/to/folder/sharepoint.crt -days 365 -subj "/CN=ExampleCorp/[email protected] 
+            /C=US/ST=Texas/L=Dallas/O=ExampleCorp/OU=IT" -set_serial 1
+
+###### Note
+
+Avoid using the -sha1 flag when generating certificates. SHA-1 is considered insecure and deprecated. Most modern browsers and systems reject certificates signed with SHA-1. By default, OpenSSL uses a secure algorithm such as SHA-256 when the -sha1 flag is omitted.