1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
I have set this up before, so I will answer to my best..
- Techinically you can delete the EC2. However, you will not be able to issue any more client certifcates. You would need some where to create new client certs. This could be as simple as on a windows 11 desktop. It’s not the ec2 that’s needed it’s just an operating system to run the scripts some where. Also youll need this instance/easy-rsa folder to renew your CA and Server cert at a later date. Youll also need to track/update revoked certificates also and keep that file in a central place to update the VPN.
- No, its only used to generate certificates. You can stop it and power it up when you need to. You can also move the easy-rsa to cold storage like S3 or a local ZIP file. You can re-hydrate these files when needed again.
- I havent done it, but very likely you could. easy-rsa I believe just uses OPEN-SSL. So long as the certs are in the correct format, I do not see why not
- No, afraid you cant. They need to be signed by the CA that gets created. The only way I see this working is with an AWS Private CA and its quite expensive for this process.
- You need a CA certificate. You will not be able to get one. You need a CA cert thats allowed to sign/create server/client certs. This is why easy-rsa creats a CA cert from fresh thats private
관련 콘텐츠
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 9달 전
- AWS 공식업데이트됨 일 년 전