Free Assessment

AWS_IAM_23

Ensure all SSL/TLS certificates are greater than 30 days from expiration

Description

Public SSLTLS certificates that are used for AWS resources such as the ELB or CloudFront should always be renewed prior to expiration both as a security best practice and to ensure the reputation of the web application is not impacted by an expired certificate.

Remediation

Using the Amazon unified command line interface:

  • Request a certificate renewal from your CA, and upload the new certificate in IAM:
    aws iam upload-server-certificate –server-certificate-name <ssl_certificate_name> –certificate-body file://public_key_cert_file.pem –private-key file://my_private_key.pem –certificate-chain file://my_certificate_chain_file.pem
  • For Amazon Certificate Manager users the renewal is managed by ACM service


References:

  1. http://docs.aws.amazon.com/cli/latest/reference/iam/list-server-certificates.html
  2. http://docs.aws.amazon.com/cli/latest/reference/iam/upload-server-certificate.html
  3. http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
  4. http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html
  5. https://docs.aws.amazon.com/cli/latest/reference/acm/describe-certificate.html
  6. https://docs.aws.amazon.com/cli/latest/reference/acm/list-certificates.html

Service

IAM

Severity

High

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More