AWS network-firewall documentation change
Summary
Clarified that AWS Certificate Manager public certificates can be used despite cross-signing limitations
Security assessment
Improves documentation about certificate validation requirements for TLS inspection security feature
Diff
diff --git a/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.md b/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.md index 7d6dc5e64..1a18f6dd6 100644 --- a//network-firewall/latest/developerguide/tls-inspection-certificate-requirements.md +++ b//network-firewall/latest/developerguide/tls-inspection-certificate-requirements.md @@ -47 +47 @@ For server certificates for inbound inspection, Network Firewall supports the sa -Network Firewall can't validate cross-signed root certificates, such as those issued by Let's Encrypt. Usage of cross-signed certificates can cause asynchronous failures in your firewall. +Network Firewall can't validate cross-signed root certificates, such as those issued by Let's Encrypt. AWS Certificate Manager public certificates are cross-signed but can be used for TLS inspection. Usage of cross-signed certificates can cause asynchronous failures in your firewall.