Cloudfork implements the REST API of the Amazon Web Services using both secure (https) and non-secure (http) communication. In order to use the https protocol to access S3,SimpleDB,SQS or EC2, you need to prepare the Smalltalk image by registering a trusted certificate. Without that certificate, your application will produce an error saying “CA Not in Trust Registry!” (CA = Certificate Authority). The steps below describe how to register the correct certificate in a VisualWorks (or WebVelocity) image.
Unless already loaded in your image, you need to install the HTTPS parcel (use Parcel Manager).
Amazon WebServices uses the following root certificate “VeriSign Class 3 Secure Server CA”. You can verify this by inspecting the chain object in the debugger that can be opened if you have a failed secure test.
One way to get this certificate file is to export it from the list of certificates known to your Internet Browser. For FireFox users, open Preferences>Advanced>Encryption>View Certificates. Under VeriSign, Inc., select the certifcate, export it using the format “X.509 Certificate with chain (PEM)” and name it “VeriSignClass3SecureServerCA.pem”.
The following script will import the Base-64 encoded certificate file.
| certificate registry | registry := Security.X509.X509Registry default. certificate := Security.X509.Certificate fromFile:'VeriSignClass3SecureServerCA.pem'. registry addCertificate: certificate.
Please be aware of what is stated in the VisualWorks SecurityGuide.pdf (page 72): “Adding a CA certificate to your registry is deceivingly simple and does not convey the degree of trust actually involved in that action. Be sure to understand what it is you are trusting a CA to do and ensure that it matches the security requirements of your application.”