AWS Private CA root certificate authority should be disabled

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Description

AWS Private CA root certificate authority should be disabled. Root CAs are the trust anchor for your PKI hierarchy and should be kept offline (disabled) when not actively signing subordinate CA certificates to minimize the risk of compromise.

Remediation

Disable your root certificate authority.

From the console

  1. Open the AWS Private CA console.
  2. Select your root CA.
  3. Choose Actions > Disable.
  4. Confirm the action.

From the command line

aws acm-pca update-certificate-authority \
    --certificate-authority-arn <root-ca-arn> \
    --status DISABLED