I am creating an Audit mitigation actions inside AWSIoT>Manage>Security>Audit>AuditResults>AuditCreate. I want to create an audit task to check if a device certificate is expired or expiring.
Based on the Mitigation Action documentation the Audit check = DEVICE_CERTIFICATE_EXPIRING_CHECK supports the following mitigation actions: PUBLISH_FINDING_TO_SNS, UPDATE_DEVICE_CERTIFICATE, ADD_THINGS_TO_THING_GROUP.
I want run the UPDATE_DEVICE_CERTIFICATE but I do not know how to trig this event. In order to trig this event I need to have a certificate expired or expiring in within 31 days.
When I create a thing all the certificates are created with the expiration date to December 31, 2049.
If I can't set an expiration date during the certification creation how can I test this process?
You need to create your own CA, register it in AWS and then create certs based on this CA.
Here is the part of the documentation that guides you through the process.
When you create certificate using AWS, it uses AWS IoT CA, and set the expiry time in 2049. This cannot be changed, that's why you need to use your own CA to then set the expiry when you want.