Do you know where your certificates reside when using AWS ACM with a Trusted Enclave? | by Teri Radichel | Cloud Security | January 2024


I was surprised what I discovered when I dug into the details

Part of my series on Automation of cybersecurity measures. AWS Organizations. I AM. Deploy a static website. THE Coded.

Free content on Cybersecurity Jobs | Register at Broadcast list

In my last article, I explained how to import a VPC’s default route table into your CloudFormation templates.

I got sidetracked for a minute (as always) and need to summarize a few other brain thoughts related to deploying static websites. Currently I’m deploying static websites in a Lambda function but ultimately I have other ideas about websites on web servers and also needed a TLS certificate for another tool I was trying to deploy recently… which brings me to this post.

I generally only use AWS ACM certificates because I usually deploy static websites using Lambda functions, for example. For example, I’m deploying a static website to test for cross-site scripting vulnerabilities that can send requests to my own websites to do nefarious things. 😈

I’ve been looking at different ways to automate a private instance of Burp Collaborator – and this comes with some challenges when it comes to certificates. Most examples I see tell you to use Let’s Encrypt with a validation method that requires you to run a web server on your host. What? No thanks. More on this in another article, but first I just wanted to use an AWS Certificate Manager certificate. I’ve been looking into this possibility and how it might work.

The bottom line is that you need the certificate on your EC2 instance for end-to-end encrypted traffic. You must also generate the certificates and provide them to Burp Collaborator in a way that it understands.

You must use a generic TLS certificate for your domain name to establish TLS connections to the Collaborator server. Can we create a wildcard certificate with ACM? Yes.

Leave a comment