02 - ACM Expiring Certificates

Expiring SSL Certificates

When a web browser encounters an expired certificate, the browser will normally present the user with a warning message indicating that the certificate has expired. Some browsers will continue connecting to the site after presenting the user with the warning, while others will prompt the user with a dialog box requesting their approval to proceed. These warnings are extremely confusing for the typical web user, and cause most users to question the authenticity of the site they are attempting to view. Renewing any certificates that are about to expire is considered a security best practice to ensure an expired certificate is not inadvertently used. Having a a full inventory of your certificates as well as expiration date can help ensure you stay compliant with the NIST & PCI-DSS frameworks.

Audit & Remediation

Login into your AWS account
Navigate to the ACM service at: https://console.aws.amazon.com/acm
select the certificate you would like to validate its age
validate the date of Not after as this is the date that the certificate will expire

if the date is 7 days or less out and the ACM service is not set to automatically renew your certificate, update the certificate
Click the Actions button from the dashboard top menu and select Reimport certificate option from the dropdown menu and do the follow actions:

For Certificate body*, paste the PEM-encoded certificate to import, purchased from your SSL certificate provider.
For Certificate private key*, paste the PEM-encoded, un-encrypted private key that matches the SSL/TLS certificate public key.
(Optional) For Certificate chain, paste the PEM-encoded certificate chain delivered with the certificate body specified at step a.
Click Review and import button to continue the process.

On the Review and import page, review the imported certificate details then click Import to confirm the action and complete the renewal process.
Repeat the steps outlined here in each AWS region

See all certificates in a single place!

Do you want to see all of your ACM certificates in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.