Logging and monitoring

Elb listener certificate with Transparency Logging disabled


We have found an ACM certificate attached to Elb listener without transparency logging enabled. To guard against SSL/TLS certificates that are issued by mistake or by a compromised CA, some browsers require that public certificates issued for your domain be recorded in a certificate transparency log. The domain name is recorded. The private key is not. Certificates that are not logged typically generate an error in the browser.
  • Recommended Mitigation

    Enable transparency logging for all used certificates