AWS-ACM-ACM-Certificate-Validation

Severity: High

Description: This control ensures that no ACM certificate should have domain name with wildcard (*) character. ACM certificate with wildcard (*) character in domain name is not a recommended practice. The certificates with wildcard character domain names will be applied all the sub-domains which is not advised as per security guidelines.

Remediation Steps:

Perform following to ensure ACM certificates should not have domain with wildcard(*) character :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to ACM console.

3. For imported certificates, while creating the self sign certificate please make sure domain name does not contain wildcard(*).

4. For requesting a certificate in ACM, click on Request a certificate button.

5. Select either of the two options, Request a public certificate or Request a private certificate

6. For public certificate, in step 1 add domain name without a wildcard(*) character

7. Proceed with next steps with required settings.

8. For private certificate On the Request a certificate page, choose Request a private certificate and Request a certificate to continue.

9. On the Select a certificate authority (CA) page, click the Select a CA field to view the list of available private CAs.

10. Choose a CA from the list. Choose Next.

11. On the Add domain names page, type your domain name without wildcard (*) character.

12. When you finish with next steps, choose Review and request.

Important:

Reference:

• AWS Certificate Manager public certificates - AWS Certificate Manager

• Request a private certificate in AWS Certificate Manager - AWS Certificate Manager

• Import certificates into AWS Certificate Manager - AWS Certificate Manager