Skip to main content

lacework-global-92

Do not use server certificates uploaded before Heartbleed vulnerability

Description

Ensure that none of the SSL sever certificates used in an AWS Identity and Access Management (IAM) account could have the Heartbleed vulnerability. The Heartbleed vulnerability exists in SSL certificates issued before April 7, 2014.

Remediation

Use the AWS CLI to locate AWS IAM server certificates uploaded before April 7, 2014.

  1. Find IAM server certificates in AWS account.

    aws iam list-server-certificates

    {

      "ServerCertificateMetadataList": [

        {

          "Path": "/",

          "ServerCertificateName": "myCert",

          "ServerCertificateld": "A2B3D235A34",

          "Arn": "arn:aws:iam:: 683948394830:server-certificate/myCert",

          "UploadDate": "2014-03-16T18:57:21Z",

          "Expiration": "2020-12-15T18:54:25Z"

        }

      ]

    }

  2. For each certificate listed, verify that the upload date is April 7, 2014 or later. Replace any certificates uploaded before April 7, 2014.

Last updated on