<  Back to rules search

ACM certificate is active

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Remove expired Secure Socket Layer/Transport Layer Security (SSL/TLS) certificates with AWS Certificate Manager (ACM).

Rationale

Expired AWS ACM SSL/TLS certificates that are deployed to another resource are at risk of triggering front-end errors and compromising the credibility of a web application.

Remediation

Console

Follow the Deleting Certificates Managed by ACM docs to learn how to delete SSL/TLS certifications in the AWS Console.

CLI

  1. Run delete-certificate with the certificate ARN.

    delete-certificate.sh

        aws acm delete-certificate
            --certificate-arn arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012