About the ip-172-31-86-210.ec2.internal Certificate
This certificate with serial number 52:69:9f:bc:a9:3c:76:aa:15:9e:ca:bb:e0:ea:40:73:a5:eb:91:6b for ip-172-31-86-210.ec2.internal was issued on by itself (self-signed).
This Certificate is currently within its validity period but we haven't checked the revocation status of this certificate, you can do this simply on revocationcheck.com. We have found some issues with the compliance of this certificate, they are be shown below. We hope this Certificate review for ip-172-31-86-210.ec2.internal provides you with the detailed information you were looking for.
We have identified some issues with this certificate:
- CAs must include keyIdentifer field of AKI in all non-self-issued certificates (RFC 5280: 4.2.1.1)
- Subscriber Certificate: authorityInformationAccess MUST contain the HTTP URL of the Issuing CA's OSCP responder. (BRs: 7.1.2.3)
- Subscriber Certificate: authorityInformationAccess MUST be present. (BRs: 7.1.2.3)
- Subscriber certificates must contain at least one policy identifier that indicates adherence to CAB standards (BRs: 7.1.2.3)
- Subscriber Certificate: certificatePolicies MUST be present and SHOULD NOT be marked critical. (BRs: 7.1.2.3)
- Subscriber certificates MUST have the extended key usage extension present (BRs: 7.1.2.3)
- TLS server certificates issued on or after September 1, 2020 00:00 GMT/UTC must not have a validity period greater than 398 days (https://support.apple.com/en-us/HT211025)
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
- Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)
- Apple recommends that certificates be issued with a maximum validity of 397 days. TLS server certificates issued on or after September 1, 2020 00:00 GMT/UTC should not have a validity period greater than 397 days (https://support.apple.com/en-us/HT211025)