Ensure that all the expired Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates managed by AWS Certificate Manager are removed in order to adhere to Amazon Security Best Practices. Certificate Manager is the AWS service that lets you easily provision, manage, and deploy SSL/TLS certificates for use with other Amazon services such as Elastic Load Balancing and CloudFront.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
excellence
Removing expired AWS ACM certificates eliminates the risk that an invalid SSL/TLS certificate will be deployed accidentally to another resource such as Elastic Load Balancing (ELB), action that can trigger front-end errors and damage the credibility of the web application/website behind the ELB.
Audit
To determine if there are any expired SSL/TLS certificates managed by AWS Certificate Manager, perform the following :
Remediation / Resolution
To delete any expired SSL/TLS certificates managed by AWS Certificate Manager, perform the following:
References
- AWS Documentation
- AWS Certificate Manager FAQs
- What Is AWS Certificate Manager?
- Concepts
- ACM Certificate Characteristics
- AWS Command Line Interface (CLI) Documentation
- acm
- list-certificates
- delete-certificate
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
ACM Certificate Expired
Risk level: High