By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Auto-renewal of SSL cert with HSM

0

Hello, we are looking at setting up SSL on our website with an HSM to store the keys.

I read this article: https://aws.amazon.com/blogs/security/using-aws-cloudhsm-backed-certificates-with-microsoft-internet-information-server/

But there I do not see anything about auto-renewal of the cert. Everything is done manually. How would we automatically renew the certificate with AWS cloud HSM?

I also saw these guides, which show that there are commands for renewing a cert...is there some util for autorenew, or I would just have to write a script for it? https://docs.aws.amazon.com/cloudhsm/latest/userguide/ssl-offload-enable-traffic-and-verify-certificate-windows.html https://docs.aws.amazon.com/cloudhsm/latest/userguide/key_mgmt_util-reference.html

Topics
Security, Identity, & Compliance
Tags
AWS CloudHSMAWS Certificate Manager
Language
English
Nienaber
asked a year ago393 views
1 Answer
0

Hi. The certificate is a convenient vehicle for the client to verify [using standard SSL tools] that it is talking to its own cluster, before sending across login credentials. There is no mechanism to rotate the cluster certificate, as the HSM has no notion of a root CA or chain of trust. The customer CA key pair IS that root of trust from the clusters point of view. Therefore, there is no signficance to the certificate expiring and the expiry date is not checked in our stack.

AWS
JorgeCastilloM
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content