Abstract: A certificate authority service receives a request to issue a short-duration digital certificate usable for authentication of a server of an entity. The request includes a long-duration digital certificate that is not usable for authentication of the server of the entity, the long-duration certificate being usable for validation purposes between the entity and the service. The service determines whether to issue the short-duration digital certificate based on a validity period that is specified in the long-duration digital certificate. Based on the determination, the service issues the short-duration digital certificate that includes a shorter validity period than the long-duration digital certificate. The short-duration digital certificate may enable a client to authenticate the entity and securely communicate with the entity.

Abstract: A computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by public and/or private certificate authorities. In an embodiment, customers may use the certificate management service to generate private certificate authority which can issue signed certificates to network entities within the customer enterprise. In an embodiment, the private certificate authority is hosted by the computing resource service provider, and the certificate management service automates the renewal and management of active certificates. In an embodiment, the certificate management service allows customer applications to create, renew, and revoke certificates issued by both private and public certificate authorities via an application programming interface.

Abstract: A branded fleet server system includes a pre-assembled third-party computer system integrated into a chassis of the branded fleet server system. The pre-assembled third-party computer system is configured to execute proprietary software that is only licensed for use on branded hardware. A virtualization offloading component is included in the server chassis of the branded fleet server along with the pre-assembled third-party computer system. The virtualization offloading component acts as a bridge between the pre-assembled third-party computer system and a virtualized computing service. As such, the virtualization offloading component manages communications, security, metadata, etc. to allow the pre-assembled computer system to function as one of a fleet of virtualization hosts of the virtualized computing service.

Abstract: A computer system detects that a digital certificate is set to expire within a threshold amount of time. In response to detecting that the digital certificate is set to expire, the computer system generates an update to cause a second computer system to perform operations to indicate an upcoming expiration of the digital certificate. The computer system provides the update to the second computer system to cause the second computer system to perform the operations.

Abstract: A certificate authority service receives a request to issue a long-duration digital certificate from an entity for validation purposes between the entity and the service. Upon issuance of the long-duration digital certificate, the entity submits a request to the service for issuance of a short-duration digital certificate that includes a shorter validity period than the long-duration digital certificate. The service may utilize the long-duration digital certificate to validate the entity and, upon validating the entity, issues the short-duration digital certificate to the entity. The entity may subsequently utilize the short-duration digital certificate to enable a user client to authenticate the entity and securely communicate with the entity.

Abstract: A computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by public and/or private certificate authorities. In an embodiment, when a new certificate is generated, a certificate template is used to apply various settings and policies for the new certificate. In various examples, templates may be used to establish default values, enforce required and optional values, place restrictions on one or more data fields, and enforce signature requirements. In some embodiments, the template establishes rules for rejecting certificate requests that don't conform to the template.

Abstract: In an embodiment, a computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by private certificate authorities. In an embodiment, a private certificate authority hosted by the computing resource service provider is able to issue signed certificates to network entities within the customer enterprise. In an embodiment, the certificate management service provides a network-accessible application programming interface to the private certificate authority that allows applications to create and deploy private certificates programmatically. In an embodiment, the system provides the flexibility to create private certificates for applications that require custom certificate lifetimes or resource names.

Abstract: A branded fleet server system includes a pre-assembled third-party computer system integrated into a chassis of the branded fleet server system. The pre-assembled third-party computer system is configured to execute proprietary software that is only licensed for use on branded hardware. A baseboard management controller (BMC) included in the server chassis couples with the pre-assembled computer system via one or more cables coupled to ports of the pre-assembled computer system. The BMC enables remote control of the pre-assembled computer system, such as remote power on and power off. An electro-mechanical device, such as a solenoid, presses a power button of the pre-assembled computer system based on control signals from the BMC to change a power state of the pre-assembled computer system.

Abstract: A branded fleet server system includes a pre-assembled third-party computer system integrated into a chassis of the branded fleet server system. The pre-assembled third-party computer system is configured to execute proprietary software that is only licensed for use on branded hardware. A baseboard management controller (BMC) included in the server chassis couples with the pre-assembled computer system via one or more cables coupled to ports of the pre-assembled computer system. The BMC enables remote control of the pre-assembled computer system, such as remote power on and power off. Also the BMC may enable automatic and remote software and/or firmware updates to be performed at the pre-assembled computer system.

Abstract: A method and apparatus for distributing cryptographic material are disclosed. In the method and apparatus, cryptographic material is obtained and it is determined that the cryptographic material is to be made available for use by one or more computing resources. The cryptographic material is then sent to one or more secure modules, whereby a secure module of the one or more secure modules is programmatically accessible to a computing resource of the one or more computing resources and programmatic access enables the computing resource to request performance of one or more cryptographic operations using the cryptographic material while exporting the cryptographic material to the computing resource is denied.

Abstract: A network security service is provided to detect various intermediaries to a network connection between a client and a destination service, such as a man-in-the-middle (MITM). The network security service may obtain session feature information indicating attributes of the network connection. Based at least in part on the session feature information the network security service may detect an intermediary and perform a security measure.

Abstract: A method and system for generating multiple profiles corresponding to different digital certificates. The profile includes intrinsic attributes and derived attributes associated with a digital certificate. The system enables a customer system to filter digital certificates based on a suitability of the various digital certificates for use with a given application to be executed by or on behalf of the customer system. The suitability may be determined based on a comparison of certificate requirements associated with a customer system's request and one or more of the intrinsic attributes and derived attributes.

Abstract: A concordance service receives a probabilistic data structure query generated based at least in part on a set of query parameters for a search of a plurality of resources. In response to receiving the query, the concordance service uses the probabilistic data structure query and a probabilistic data structure tree to determine a set of nodes of the tree that individually satisfy the set of query parameters. The concordance service verifies that the resources corresponding to the set of nodes satisfy the query parameters. Based at least in part on this verification, the concordance service provides a response to the query.

Abstract: A computer system associated with a certificate authority receives a request to obtain information that can be used to determine a validity status of a digital certificate. In response to the request, the computer system provides the information and updates usage information for the digital certificate to incorporate information obtained from the request. The usage information may be generated based at least in part on previous requests to obtain the information. Based at least in part on the usage information, the computer system will perform at least one operation associated with the digital certificate.

Abstract: A computer system detects that a digital certificate is set to expire within a threshold amount of time. In response to detecting that the digital certificate is set to expire, the computer system generates an update to cause a second computer system to perform operations to indicate an upcoming expiration of the digital certificate. The computer system provides the update to the second computer system to cause the second computer system to perform the operations.

Abstract: A certificate authority receives a request to issue a digital certificate from a customer. In response to the request, the certificate authority determines a network endpoint to be specific to the digital certificate that is to serve information usable to determine whether the digital certificate is valid. The certificate authority issues, to the customer, a digital certificate that specifies a network address for the network endpoint and records information about requests made to the network endpoint to obtain the information usable to determine whether the digital certificate is valid.

Abstract: A computer system detects that a digital certificate is set to expire within a threshold amount of time. In response to detecting that the digital certificate is set to expire, the computer system generates an update to cause a second computer system to perform operations to indicate an upcoming expiration of the digital certificate. The computer system provides the update to the second computer system to cause the second computer system to perform the operations.

Abstract: A method and apparatus for distributing cryptographic material are disclosed. In the method and apparatus, cryptographic material is obtained and it is determined that the cryptographic material is to be made available for use by one or more computing resources. The cryptographic material is then sent to one or more secure modules, whereby a secure module of the one or more secure modules is programmatically accessible to a computing resource of the one or more computing resources and programmatic access enables the computing resource to request performance of one or more cryptographic operations using the cryptographic material while exporting the cryptographic material to the computing resource is denied.

Abstract: Techniques are disclosed for mitigating against registering a domain name that is confusingly similar to a pre-existing domain name, possibly for the purpose of fooling users. In embodiments, a domain name is presented for registration. The domain name is rendered as an image, and optical character recognition is performed on the image to extract the rendered text. This extracted text is compared against a list of domain names for which confusingly similar domain names cannot be registered, and when the extracted text matches a domain name in this list of domain names, registration of the domain name is denied.

Abstract: A method and apparatus for distributing cryptographic material are disclosed. In the method and apparatus, cryptographic material is obtained and it is determined that the cryptographic material is to be made available for use by one or more computing resources. The cryptographic material is then sent to one or more secure modules, whereby a secure module of the one or more secure modules is programmatically accessible to a computing resource of the one or more computing resources and programmatic access enables the computing resource to request performance of one or more cryptographic operations using the cryptographic material while exporting the cryptographic material to the computing resource is denied.