使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

VPN endpoint (VPC) replace certificate(s)

0

Hi All, doing some research on how to re-secure the VPN endpoints after a developer left and started threatening for some silly reason. So how can we re-secure the VPN endpoint again since we have an amazon self-made imported cert to Certificate Manager.

I know theoretically every user should have a unique client- cert, but because of time constrainsts, I don't have time to get it all perfect. Thanks for any suggestions!

主题
安全、身份和合规性网络和内容交付
标签
AWS 证书管理器VPC 虚拟专用网关
语言
English
enierop
已提问 2 年前290 查看次数
1 回答
0

Hello,

AWS Client VPN provides a number of security features to consider as you develop and implement your own security policies. Check this link out mentioning the security best practices. Link- https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/security-best-practices.html

For your use-case, the following suggestion in the link is beneficial:

Use client certificate revocation lists to revoke access to a Client VPN endpoint for specific client certificates. For example, when a user leaves your organization. CRL:https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-certificates.html

profile pictureAWS
支持工程师
Chirag_R
已回答 2 年前
  • enierop
    2 年前

    Thanks, but for now, I don't want revocation lists. And to do the WHOLE stuff. I simply have no time for that. Just want to know how to fix the current certificate.

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容