Ensure that the client-side SSL certificates used by your Amazon API Gateway REST APIs for secure authentication at the API integration endpoint level are rotated before their expiration date. The number of days before the SSL certificate expiration, when the rotation is required, is 30 days (default threshold), however, this value can be configured in the rule settings, on your Cloud Conformity account dashboard.
This rule resolution is part of the Conformity solution.
The SSL client certificates used by Amazon API Gateway service are valid for 365 days. To avoid any downtime for your Amazon API Gateway REST APIs, rotate the associated certificates before they expire.
Note: This conformity rule assumes that your Amazon API Gateway REST APIs have client-side SSL certificates already attached.
To determine if there are any SSL certificates that are about to expire soon, attached to your API Gateway REST APIs, perform the following actions:
Remediation / Resolution
To rotate an SSL client certificate that is about to expire soon, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Rotate Expiring SSL Client Certificates
Risk level: Medium