Audit ACM certificates and failover CF certificate

mozilla-it / sumo-infra

Infrastructure for support.mozilla.org

1 stars 3 forks source link

Audit ACM certificates and failover CF certificate #16

Closed kfferrando closed 5 years ago

kfferrando commented 5 years ago

We currently have 5 certificates in the us-east-1 region of the SUMO account, with only 1 in use. Let's sync up and see if we can remove any unused certs.

Also, would like to sanity check that the SAN settings of the cert tied to Frankfurt failover have all the needed entries. IE: Shouldn't it contain the support.mozilla.org, support.mozilla.com in addition to the S3 domains?

kfferrando commented 5 years ago

We have created a new cert for use with the website failover that is behind CF in Frankfurt sumo-prod only, that includes support.mozilla.com.

We also deleted extraneous certs in us-east-1 so that only the in-use certs remain.

kfferrando commented 5 years ago

We are good here. All certs in us-west-2, us-east-1, and eu-central-1 are all registering as in-use and no stale certs are present.