Certificate Has Expired

  • Query id: c3831315-5ae6-4fa8-b458-3d4d5ab7a3f6
  • Query name: Certificate Has Expired
  • Platform: Terraform
  • Severity: Medium
  • Category: Access Control
  • URL: Github

Description

Expired SSL/TLS certificates should be removed
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: upload a self-signed certificate
  community.aws.aws_acm:
    certificate: "{{ lookup('file', 'expiredCertificate.pem' ) }}"
    privateKey: "{{ lookup('file', 'key.pem' ) }}"
    name_tag: my_cert
    region: ap-southeast-2
Positive test num. 2 - tf file
resource "aws_api_gateway_domain_name" "example2" {
  certificate_body = file("expiredCertificate.pem")
  domain_name     = "api.example.com"
}

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: upload a self-signed certificate2
  community.aws.aws_acm:
    certificate: "{{ lookup('file', 'validCertificate.pem' ) }}"
    privateKey: "{{ lookup('file', 'key.pem' ) }}"
    name_tag: my_cert
    region: ap-southeast-2
Negative test num. 2 - tf file
resource "aws_api_gateway_domain_name" "example" {
  certificate_body = file("validCertificate.pem")
  domain_name     = "api.example.com"
}