AWS - Certificate Manager (ACM) & Private Certificate Authority (PCA)

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Basic Information

AWS Certificate Manager (ACM) is provided as a service aimed at streamlining the provisioning, management, and deployment of SSL/TLS certificates for AWS services and internal resources. The necessity for manual processes, such as purchasing, uploading, and certificate renewals, is eliminated by ACM. This allows users to efficiently request and implement certificates on various AWS resources including Elastic Load Balancers, Amazon CloudFront distributions, and APIs on API Gateway.

A key feature of ACM is the automatic renewal of certificates, significantly reducing the management overhead. Furthermore, ACM supports the creation and centralized management of private certificates for internal use. Although SSL/TLS certificates for integrated AWS services like Elastic Load Balancing, Amazon CloudFront, and Amazon API Gateway are provided at no extra cost through ACM, users are responsible for the costs associated with the AWS resources utilized by their applications and a monthly fee for each private Certificate Authority (CA) and private certificates used outside integrated ACM services.

AWS Private Certificate Authority is offered as a managed private CA service, enhancing ACM's capabilities by extending certificate management to include private certificates. These private certificates are instrumental in authenticating resources within an organization.

Enumeration

ACM

# List certificates
aws acm list-certificates

# Get certificate info
aws acm describe-certificate --certificate-arn <arn> # Check "InUseBy" to check which resources are using it

# Get certificate data
aws acm get-certificate --certificate-arn "arn:aws:acm:us-east-1:188868097724:certificate/865abced-82c9-43bf-b7d2-1f4948bf353d"

# Account configuration
aws acm get-account-configuration

PCM

# List CAs
aws acm-pca list-certificate-authorities

# Get CA info
aws acm-pca describe-certificate-authority --certificate-authority-arn <arn>

# Get CA Permissions
aws acm-pca list-permissions --certificate-authority-arn <arn>

# Get CA certificate
aws acm-pca get-certificate-authority-certificate --certificate-authority-arn <arn>

# Certificate request
aws acm-pca get-certificate-authority-csr --certificate-authority-arn <arn>

# Get CA Policy (if any)
aws acm-pca get-policy --resource-arn <arn>

Privesc

TODO

Post Exploitation

TODO

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Last updated