AWS_ACM_4

Ensure ACM only has certificates with single domain names, and none with wildcard domain names

Description

ACM must have certificates with single domain names, and none with wildcard domain names

Remediation

01 Sign in to the AWS Management Console.

02 Navigate to AWS ACM dashboard at https://console.aws.amazon.com/acm/.

03 Select the issued SSL/TLS certificate that you want to examine and click on the Show/Hide Details button to expand the panel with the certificate details. An issued AWS ACM certificate is a SSL/TLS certificate issued by ACM or imported to ACM, that have its Status set to issued.

04 Inside the Details section, verify the domain name protected by the selected ACM certificate, displayed as value for the Domain name attribute. If the Domain name attribute value starts with an asterisk (*), the SSL/TLS certificate was issued for the verified domain name and all its first-level subdomains, therefore the selected AWS ACM certificate is a wildcard certificate.

05 Repeat step no. 3 and 4 to check the type of other SSL/TLS certificates, issued and managed by Amazon Certificate Manager (ACM) within the current region.

06 Change the AWS region from the navigation bar and repeat the audit process for other regions.

Service

ACM

Severity

Low

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!