ACM Certificate Has Transparency Logs Disabled

Overview

ACM Certificate Transparency logging is required by Google Chrome and other browsers. Although enabled by default, it can be disabled on a per-certificate basis. This could be problematic for certificates used for public connections. Domain administrators have the capability to search the log for identifying any unforeseen certificates, which may have been issued either unintentionally or maliciously. Additionally, they can detect Certificate Authorities (CAs) that are incorrectly issuing certificates.

Vendor

AWS

Cloud Service

ACM

References

https://docs.aws.amazon.com/acm/latest/APIReference/API_CertificateOptions.html

Severity

Item Types

AWS::CertificateManager::Certificate

Overview​

Vendor​

Cloud Service​

References​

Severity​

Item Types​