Certificate has expired

이 제품은 선택한 Datadog 사이트에서 지원되지 않습니다. ().
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: 5a443297-19d4-4381-9e5b-24faf947ec22

Cloud Provider: AWS

Platform: Ansible

Severity: Medium

Category: Access Control

Learn More

Description

Expired SSL/TLS certificates cause service outages by breaking TLS handshakes and undermine trust in encrypted connections. This can result in failed client connections and compliance or security issues. In Ansible, tasks using the community.aws.acm_certificate module must reference a certificate whose certificate.expiration_date is a future date. This rule flags community.aws.acm_certificate tasks where certificate.expiration_date is in the past. Renew or replace any expired certificates—for example, request a new ACM certificate or update the task to point to a renewed certificate—so certificate.expiration_date reflects a valid future date.

Compliant Code Examples

- name: upload a self-signed certificate2
  community.aws.acm_certificate:
    certificate: "{{ lookup('file', 'validCertificate.pem' ) }}"
    privateKey: "{{ lookup('file', 'key.pem' ) }}"
    name_tag: my_cert
    region: ap-southeast-2

Non-Compliant Code Examples

- name: upload a self-signed certificate
  community.aws.acm_certificate:
    certificate: "{{ lookup('file', 'expiredCertificate.pem' ) }}"
    privateKey: "{{ lookup('file', 'key.pem' ) }}"
    name_tag: my_cert
    region: ap-southeast-2