Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Severity: High

Description: This control ensures that no ACM certificate should have domain name with wildcard (*) character. ACM certificate with wildcard (*) character in domain name is not a recommended practice. The certificates with wildcard character domain names will be applied all the sub-domains which is not advised as per security guidelines.

Remediation Steps:

Perform following to ensure ACM certificates should not have domain with wildcard(*) character :

  1. Login to the AWS Management Console at https://console.aws.amazon.com.

  2. Navigate to ACM console.

  3. For imported certificates, while creating the self sign certificate please make sure domain name does not contain wildcard(*).

  4. For requesting a certificate in ACM, click on Request a certificate button.

  5. Select either of the two options, Request a public certificate or Request a private certificate

  6. For public certificate, in step 1 add domain name without a wildcard(*) character

  7. Proceed with next steps with required settings.

  8. For private certificate On the Request a certificate page, choose Request a private certificate and Request a certificate to continue.

  9. On the Select a certificate authority (CA) page, click the Select a CA field to view the list of available private CAs.

  10. Choose a CA from the list. Choose Next.

  11. On the Add domain names page, type your domain name without wildcard (*) character.

  12. When you finish with next steps, choose Review and request.

Important:

Reference:

  • No labels