AWS Private CA root certificate authority should be disabled

Docs > Plateforme de sécurité Datadog > OOTB Rules > AWS Private CA root certificate authority should be disabled

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

AWS Private CA root certificate authority should be disabled. Root CAs are the trust anchor for your PKI hierarchy and should be kept offline (disabled) when not actively signing subordinate CA certificates to minimize the risk of compromise.

Remediation

Disable your root certificate authority.

From the console

Open the AWS Private CA console.
Select your root CA.
Choose Actions > Disable.
Confirm the action.

From the command line

aws acm-pca update-certificate-authority \
    --certificate-authority-arn <root-ca-arn> \
    --status DISABLED