AWS network-firewall medium security documentation change
Summary
Clarified TLS inspection certificate requirements (e.g., AWS Certificate Manager compatibility)
Security assessment
Addresses certificate validation issues during TLS inspection, explicitly mentioning AWS Certificate Manager as a valid option. This prevents misconfigurations that could bypass security controls, directly impacting secure traffic inspection.
Diff
diff --git a/network-firewall/latest/developerguide/firewall-troubleshooting-endpoint-failures.md b/network-firewall/latest/developerguide/firewall-troubleshooting-endpoint-failures.md index b684e76da..196e2eac6 100644 --- a//network-firewall/latest/developerguide/firewall-troubleshooting-endpoint-failures.md +++ b//network-firewall/latest/developerguide/firewall-troubleshooting-endpoint-failures.md @@ -58 +58 @@ Error | Invalid chain of trust | The firewall's TLS inspection configuration co -Error | Invalid root certificate | The firewall's TLS inspection configuration contains a certificate that Network Firewall can't validate. Network Firewall can't validate cross-signed root certificates, such as Let's Encrypt certificates. For more information, see [Using SSL/TLS certificates with TLS inspection configurations in AWS Network Firewall](./tls-inspection-certificate-requirements.html). | Replace the certificate with a valid certificate. +Error | Invalid root certificate | The firewall's TLS inspection configuration contains a certificate that Network Firewall can't validate. Network Firewall can't validate cross-signed root certificates, such as Let's Encrypt certificates. AWS Certificate Manager public certificates are cross-signed but can be used for TLS inspection. For more information, see [Using SSL/TLS certificates with TLS inspection configurations in AWS Network Firewall](./tls-inspection-certificate-requirements.html). | Replace the certificate with a valid certificate.