VPN endpoint (VPC) replace certificate(s)


Hi All, doing some research on how to re-secure the VPN endpoints after a developer left and started threatening for some silly reason. So how can we re-secure the VPN endpoint again since we have an amazon self-made imported cert to Certificate Manager.

I know theoretically every user should have a unique client- cert, but because of time constrainsts, I don't have time to get it all perfect. Thanks for any suggestions!

1 Answer


AWS Client VPN provides a number of security features to consider as you develop and implement your own security policies. Check this link out mentioning the security best practices. Link- https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/security-best-practices.html

For your use-case, the following suggestion in the link is beneficial:

Use client certificate revocation lists to revoke access to a Client VPN endpoint for specific client certificates. For example, when a user leaves your organization. CRL:https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-certificates.html

profile pictureAWS
answered 2 years ago
  • Thanks, but for now, I don't want revocation lists. And to do the WHOLE stuff. I simply have no time for that. Just want to know how to fix the current certificate.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions