AWS Private CA root certificate authority should be disabled

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

AWS Private CA root certificate authority should be disabled. Root CAs are the trust anchor for your PKI hierarchy and should be kept offline (disabled) when not actively signing subordinate CA certificates to minimize the risk of compromise.

Remediation

Disable your root certificate authority.

From the console

  1. Open the AWS Private CA console.
  2. Select your root CA.
  3. Choose Actions > Disable.
  4. Confirm the action.

From the command line

aws acm-pca update-certificate-authority \
    --certificate-authority-arn <root-ca-arn> \
    --status DISABLED