Logging and monitoring

ACM certificate without Transparency Logging

Description

We have found an ACM certificate ('{AwsCertificate}') without transparency logging enabled. To guard against SSL/TLS certificates that are issued by mistake or by a compromised CA, some browsers require that public certificates issued for your domain be recorded in a certificate transparency log.
  • Recommended Mitigation

    Enable transparency logging for all ACM certificates