InformationPublic SSL\TLS certificates that are used for AWS resources such as the ELB or CloudFront should always be renewed prior to expiration both as a security best practice and to ensure the reputation of the web application is not impacted by an expired certificate.
SSL\TLS certificates that are public should be renewed prior to expiration.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
SolutionUsing the Amazon unified command line interface:
* Request a certificate renewal from your CA, and upload the new certificate in IAM:
aws iam upload-server-certificate --server-certificate-name _<ssl_certificate_name>_ --certificate-body file://public_key_cert_file.pem --private-key file://my_private_key.pem --certificate-chain file://my_certificate_chain_file.pem
* For Amazon Certificate Manager users the renewal is managed by ACM service