1.15 Ensure all Public Web Tier SSL\TLS certificates are >30 days from Expiration

Information

Public SSL\TLS certificates that are used for AWS resources such as the ELB or CloudFront should always be renewed prior to expiration both as a security best practice and to ensure the reputation of the web application is not impacted by an expired certificate.
SSL\TLS certificates that are public should be renewed prior to expiration.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Using the Amazon unified command line interface:

* Request a certificate renewal from your CA, and upload the new certificate in IAM:

aws iam upload-server-certificate --server-certificate-name _<ssl_certificate_name>_ --certificate-body file://public_key_cert_file.pem --private-key file://my_private_key.pem --certificate-chain file://my_certificate_chain_file.pem



* For Amazon Certificate Manager users the renewal is managed by ACM service

See Also

https://workbench.cisecurity.org/files/260

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4

Plugin: amazon_aws

Control ID: 276af16d8e05d0d88cc2de0478fc9f28eefbbff6c4278b2fd0d93c7d4fad7347