Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > ACM >

ACM Certificate Validation

MEDIUM
Source
CloudSploit
ID
acm-certificate-validation
management console

ACM Certificate Validation

ACM certificates should be configured to use DNS validation.

With DNS validation, ACM will automatically renew certificates before they expire, as long as the DNS CNAME record is in place.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS console and search for “Certificate Manager”.Step

  2. Click into each certificate that has been requested. Step

  3. Expand the domains associated with the certificate.Step

  4. Ensure each domain listed has DNS validation configured. If DNS validation is used, DNS records will be listed for the domain and the type will be CNAME.Step

  5. Ensure that the records provided by AWS are configured and valid within your DNS provider (such as Route 53).

  6. If DNS validation is not used, request a new certificate for the same domains using DNS validation and update the downstream services to use this new certificate. Once done, delete the old certificate to ensure it can no longer be used.Step

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use