Skip to main content


Do not use server certificates uploaded before Heartbleed vulnerability


Ensure that none of the SSL sever certificates used in an AWS Identity and Access Management (IAM) account could have the Heartbleed vulnerability. The Heartbleed vulnerability exists in SSL certificates issued before April 7, 2014.


Use the AWS CLI to locate AWS IAM server certificates uploaded before April 7, 2014.

  1. Find IAM server certificates in AWS account.

    aws iam list-server-certificates


    "ServerCertificateMetadataList": [


    "Path": "/",

    "ServerCertificateName": "myCert",

    "ServerCertificateld": "A2B3D235A34",

    "Arn": "arn:aws:iam:: 683948394830:server-certificate/myCert",

    "UploadDate": "2014-03-16T18:57:21Z",

    "Expiration": "2020-12-15T18:54:25Z"



  2. For each certificate listed, verify that the upload date is April 7, 2014 or later. Replace any certificates uploaded before April 7, 2014.