Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

VPN endpoint (VPC) replace certificate(s)

0

Hi All, doing some research on how to re-secure the VPN endpoints after a developer left and started threatening for some silly reason. So how can we re-secure the VPN endpoint again since we have an amazon self-made imported cert to Certificate Manager.

I know theoretically every user should have a unique client- cert, but because of time constrainsts, I don't have time to get it all perfect. Thanks for any suggestions!

Themen
Sicherheit, Identität & KonformitätVernetzung & Bereitstellung von Inhalten
Tags
AWS ZertifikatsmanagerVirtuelles privates VPC-Gateway
Sprache
English
enierop
gefragt vor 2 Jahren290 Aufrufe
1 Antwort
0

Hello,

AWS Client VPN provides a number of security features to consider as you develop and implement your own security policies. Check this link out mentioning the security best practices. Link- https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/security-best-practices.html

For your use-case, the following suggestion in the link is beneficial:

Use client certificate revocation lists to revoke access to a Client VPN endpoint for specific client certificates. For example, when a user leaves your organization. CRL:https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-certificates.html

profile pictureAWS
SUPPORT-TECHNIKER
Chirag_R
beantwortet vor 2 Jahren
  • enierop
    vor 2 Jahren

    Thanks, but for now, I don't want revocation lists. And to do the WHOLE stuff. I simply have no time for that. Just want to know how to fix the current certificate.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt