AWS - Certificate Manager (ACM) & Private Certificate Authority (PCA)

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Basic Information

AWS Certificate Manager (ACM) is provided as a service aimed at streamlining the provisioning, management, and deployment of SSL/TLS certificates for AWS services and internal resources. The necessity for manual processes, such as purchasing, uploading, and certificate renewals, is eliminated by ACM. This allows users to efficiently request and implement certificates on various AWS resources including Elastic Load Balancers, Amazon CloudFront distributions, and APIs on API Gateway.

A key feature of ACM is the automatic renewal of certificates, significantly reducing the management overhead. Furthermore, ACM supports the creation and centralized management of private certificates for internal use. Although SSL/TLS certificates for integrated AWS services like Elastic Load Balancing, Amazon CloudFront, and Amazon API Gateway are provided at no extra cost through ACM, users are responsible for the costs associated with the AWS resources utilized by their applications and a monthly fee for each private Certificate Authority (CA) and private certificates used outside integrated ACM services.

AWS Private Certificate Authority is offered as a managed private CA service, enhancing ACM's capabilities by extending certificate management to include private certificates. These private certificates are instrumental in authenticating resources within an organization.

Enumeration

ACM

# List certificates
aws acm list-certificates

# Get certificate info
aws acm describe-certificate --certificate-arn <arn> # Check "InUseBy" to check which resources are using it

# Get certificate data
aws acm get-certificate --certificate-arn "arn:aws:acm:us-east-1:188868097724:certificate/865abced-82c9-43bf-b7d2-1f4948bf353d"

# Account configuration
aws acm get-account-configuration

PCM

# List CAs
aws acm-pca list-certificate-authorities

# Get CA info
aws acm-pca describe-certificate-authority --certificate-authority-arn <arn>

# Get CA Permissions
aws acm-pca list-permissions --certificate-authority-arn <arn>

# Get CA certificate
aws acm-pca get-certificate-authority-certificate --certificate-authority-arn <arn>

# Certificate request
aws acm-pca get-certificate-authority-csr --certificate-authority-arn <arn>

# Get CA Policy (if any)
aws acm-pca get-policy --resource-arn <arn>

Privesc

TODO

Post Exploitation

TODO

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousAWS - API Gateway Enum NextAWS - CloudFormation & Codestar Enum

Last updated 8 days ago