|   Trend Micro Cloud One™
Open menu

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Last updated: 20 February 2019

Risk level: (should be achieved)

Ensure that your SSL/TLS certificates managed by AWS ACM are renewed 30 days before their validity period ends. Certificate Manager is the AWS service that lets you easily provision, manage, and deploy SSL/TLS certificates for use with other AWS resources such as Elastic Load Balancers, CloudFront distributions or APIs on Amazon API Gateway.

When Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates are not renewed prior to their expiration date, they become invalid and the communication between the client and the AWS resource that implements the certificates (e.g. Cloudfront distribution) is no longer secure.
Note: AWS Certificate Manager automatically renews certificates issued by the service that are used with other AWS resources. However, the ACM service does not renew automatically certificates that are not in use (i.e. not associated anymore with other AWS resources) so the renewal process must be done manually before these certificates become invalid. This conformity rules explains how to implement manually the renewal process 30 days before expiration.


To determine if there are any AWS ACM certificates that are expiring in 30 days, available in you AWS account, perform the following:

Remediation / Resolution

To renew any SSL/TLS certificates that are about to expire using AWS Certificate Manager service, perform the following: _Note: The renewal process outlined below can be implemented only for imported SSL/TLS certificate currently managed by AWS ACM service._


Unlock the Remediation Steps

Gain free unlimited access to our full Knowledge Base

Over 600 rules & best practices for and

Get started for FREE

A verification email will be sent to this address
We keep your information private. Learn more.

Thank you!

Please click the link in the confirmation email sent to

You are auditing:

AWS ACM Certificates Renewal (30 days before expiration) - demo

Risk level: