Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed in order to follow IAM security best practices.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Removing expired SSL/TLS certificates eliminates the risk that an invalid certificate will be deployed accidentally to a resource such as AWS Elastic Load Balancer (ELB), which will trigger font-end errors and damage the credibility of the application/website behind the ELB.
To determine if there are any expired SSL/TLS certificates currently available in IAM, perform the following:Note: Getting the certificates expiration information via AWS Management Console is not currently supported. To request information about the SSL/TLS certificates stored in IAM via the AWS API use the Command Line Interface (CLI).
Remediation / Resolution
To delete any expired SSL/TLS certificates currently available in AWS IAM, perform the following:Note: Removing invalid certificates via AWS Management Console is not currently supported. To delete SSL/TLS certificates stored in IAM via the AWS API use the Command Line Interface (CLI).
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Expired SSL/TLS Certificate
Risk level: Low