Severity: High
Description: This control ensures that no ACM certificate should have domain name with wildcard (*) character. ACM certificate with wildcard (*) character in domain name is not a recommended practice. The certificates with wildcard character domain names will be applied all the sub-domains which is not advised as per security guidelines.
Remediation Steps:
Perform following to ensure ACM certificates should not have domain with wildcard(*) character :
Login to the AWS Management Console at https://console.aws.amazon.com.
Navigate to ACM console.
For imported certificates, while creating the self sign certificate please make sure domain name does not contain wildcard(*).
For requesting a certificate in ACM, click on Request a certificate button.
Select either of the two options, Request a public certificate or Request a private certificate
For public certificate, in step 1 add domain name without a wildcard(*) character
Proceed with next steps with required settings.
For private certificate On the Request a certificate page, choose Request a private certificate and Request a certificate to continue.
On the Select a certificate authority (CA) page, click the Select a CA field to view the list of available private CAs.
Choose a CA from the list. Choose Next.
On the Add domain names page, type your domain name without wildcard (*) character.
When you finish with next steps, choose Review and request.
Important:
Reference: