Certificate Has Expired

  • Query id: 5a443297-19d4-4381-9e5b-24faf947ec22
  • Query name: Certificate Has Expired
  • Platform: Ansible
  • Severity: Medium
  • Category: Access Control
  • CWE: 298
  • URL: Github

Description

Expired SSL/TLS certificates should be removed
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: upload a self-signed certificate
  community.aws.aws_acm:
    certificate: "{{ lookup('file', 'expiredCertificate.pem' ) }}"
    privateKey: "{{ lookup('file', 'key.pem' ) }}"
    name_tag: my_cert
    region: ap-southeast-2

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: upload a self-signed certificate2
  community.aws.aws_acm:
    certificate: "{{ lookup('file', 'validCertificate.pem' ) }}"
    privateKey: "{{ lookup('file', 'key.pem' ) }}"
    name_tag: my_cert
    region: ap-southeast-2