Expired SSL/TLS certificates should be removed from AWS IAM

iam
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

To enable HTTPS connections to your website or application in AWS, you need an SSL/TLS server certificate. You can use AWS Certificate Manager (ACM) or IAM to store and deploy these certificates. Use IAM as a certificate manager only when HTTPS connections are needed in regions not supported by ACM. IAM securely encrypts and stores private keys in its SSL certificate storage, supporting server certificates across all regions. Note that obtaining a certificate must be done through an external provider when using IAM, and ACM certificates cannot be uploaded to IAM. It is also important to note that expired certificates are not deleted automatically by default.

Rationale

Removing expired SSL/TLS certificates is crucial to avoid accidental deployment of invalid certificates to resources like AWS Elastic Load Balancer (ELB), which can harm the application’s credibility. As a best practice, you should delete expired certificates.

Remediation

For instructions on deleting expired SSL/TLS certificates stored in IAM, refer to AWS CLI Command to Delete Server Certificates.