Details

Public SSLTLS certificates that are used for AWS resources such as the ELB or CloudFront should always be renewed prior to expiration both as a security best practice and to ensure the reputation of the web application is not impacted by an expired certificate.

SSLTLS certificates that are public should be renewed prior to expiration.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Using the Amazon unified command line interface:

* Request a certificate renewal from your CA, and upload the new certificate in IAM:

aws iam upload-server-certificate –server-certificate-name __ –certificate-body file://public_key_cert_file.pem –private-key file://my_private_key.pem –certificate-chain file://my_certificate_chain_file.pem

* For Amazon Certificate Manager users the renewal is managed by ACM service

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/260

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system amazon_aws.

References

• 800-53|SI-4

Source

• Tenable.com/audits