Expired SSL/TLS certificates should be removed from AWS IAM
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Description
To enable HTTPS connections to your website or application in AWS, you need an SSL/TLS server certificate. You can use AWS Certificate Manager (ACM) or IAM to store and deploy these certificates. Use IAM as a certificate manager only when HTTPS connections are needed in regions not supported by ACM. IAM securely encrypts and stores private keys in its SSL certificate storage, supporting server certificates across all regions. Note that obtaining a certificate must be done through an external provider when using IAM, and ACM certificates cannot be uploaded to IAM. It is also important to note that expired certificates are not deleted automatically by default.
Rationale
Removing expired SSL/TLS certificates is crucial to avoid accidental deployment of invalid certificates to resources like AWS Elastic Load Balancer (ELB), which can harm the application’s credibility. As a best practice, you should delete expired certificates.
For instructions on deleting expired SSL/TLS certificates stored in IAM, refer to AWS CLI Command to Delete Server Certificates.