Expired SSL Certificates

When a web browser encounters an expired certificate, the browser will normally present the user with a warning message indicating that the certificate has expired. Some browsers will continue connecting to the site after presenting the user with the warning, while others will prompt the user with a dialog box requesting their approval to proceed. These warnings are extremely confusing for the typical web user, and cause most users to question the authenticity of the site they are attempting to view. Removing any SSL Certificates that have already expired from ACM is considered a security best practice to ensure an expired certificate is not inadvertently used. Having a a full inventory of your certificates as well as expiration date can help ensure you stay compliant with the NIST & PCI-DSS frameworks.

Audit & Remediation



  • You can safely remove any certificate that has a status of Expired
  • Repeat the steps outlined here in each AWS region
See all certificates in a single place!

Do you want to see all of your ACM certificates in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.


Other Key Features


Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +