Logging and monitoring

Elb listener certificate with Transparency Logging disabled

Risk Level

Informational (4)

Platform(s)

Description

We have found an ACM certificate attached to Elb listener without transparency logging enabled. To guard against SSL/TLS certificates that are issued by mistake or by a compromised CA, some browsers require that public certificates issued for your domain be recorded in a certificate transparency log. The domain name is recorded. The private key is not. Certificates that are not logged typically generate an error in the browser.
  • Recommended Mitigation

    Enable transparency logging for all used certificates