AWS - Certificate Manager (ACM) & Private Certificate Authority (PCA)

Reading time: 3 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Basic Information

AWS Certificate Manager (ACM) inatolewa kama huduma inayolenga kuboresha ugawaji, usimamizi, na utekelezaji wa vyeti vya SSL/TLS kwa huduma za AWS na rasilimali za ndani. Hitaji la michakato ya mikono, kama vile ununuzi, upakuaji, na upya wa vyeti, linatolewa na ACM. Hii inawawezesha watumiaji kuomba na kutekeleza vyeti kwa ufanisi kwenye rasilimali mbalimbali za AWS ikiwa ni pamoja na Elastic Load Balancers, usambazaji wa Amazon CloudFront, na APIs kwenye API Gateway.

Sifa muhimu ya ACM ni upya wa kiotomatiki wa vyeti, ikipunguza kwa kiasi kikubwa mzigo wa usimamizi. Zaidi ya hayo, ACM inasaidia uundaji na usimamizi wa kati wa vyeti vya kibinafsi kwa matumizi ya ndani. Ingawa vyeti vya SSL/TLS kwa huduma za AWS zilizounganishwa kama Elastic Load Balancing, Amazon CloudFront, na Amazon API Gateway vinatolewa bila gharama za ziada kupitia ACM, watumiaji wanawajibika kwa gharama zinazohusiana na rasilimali za AWS zinazotumiwa na programu zao na ada ya kila mwezi kwa kila mamlaka ya vyeti ya kibinafsi (CA) na vyeti vya kibinafsi vinavyotumiwa nje ya huduma zilizounganishwa za ACM.

AWS Private Certificate Authority inatolewa kama huduma ya CA ya kibinafsi inayosimamiwa, ikiongeza uwezo wa ACM kwa kupanua usimamizi wa vyeti ili kujumuisha vyeti vya kibinafsi. Vyeti hivi vya kibinafsi ni muhimu katika kuthibitisha rasilimali ndani ya shirika.

Enumeration

ACM

bash
# List certificates
aws acm list-certificates

# Get certificate info
aws acm describe-certificate --certificate-arn <arn> # Check "InUseBy" to check which resources are using it

# Get certificate data
aws acm get-certificate --certificate-arn "arn:aws:acm:us-east-1:188868097724:certificate/865abced-82c9-43bf-b7d2-1f4948bf353d"

# Account configuration
aws acm get-account-configuration

PCM

bash
# List CAs
aws acm-pca list-certificate-authorities

# Get CA info
aws acm-pca describe-certificate-authority --certificate-authority-arn <arn>

# Get CA Permissions
aws acm-pca list-permissions --certificate-authority-arn <arn>

# Get CA certificate
aws acm-pca get-certificate-authority-certificate --certificate-authority-arn <arn>

# Certificate request
aws acm-pca get-certificate-authority-csr --certificate-authority-arn <arn>

# Get CA Policy (if any)
aws acm-pca get-policy --resource-arn <arn>

Privesc

TODO

Post Exploitation

TODO

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks