1 Answer
- Newest
- Most votes
- Most comments
0
I have set this up before, so I will answer to my best..
- Techinically you can delete the EC2. However, you will not be able to issue any more client certifcates. You would need some where to create new client certs. This could be as simple as on a windows 11 desktop. It’s not the ec2 that’s needed it’s just an operating system to run the scripts some where. Also youll need this instance/easy-rsa folder to renew your CA and Server cert at a later date. Youll also need to track/update revoked certificates also and keep that file in a central place to update the VPN.
- No, its only used to generate certificates. You can stop it and power it up when you need to. You can also move the easy-rsa to cold storage like S3 or a local ZIP file. You can re-hydrate these files when needed again.
- I havent done it, but very likely you could. easy-rsa I believe just uses OPEN-SSL. So long as the certs are in the correct format, I do not see why not
- No, afraid you cant. They need to be signed by the CA that gets created. The only way I see this working is with an AWS Private CA and its quite expensive for this process.
- You need a CA certificate. You will not be able to get one. You need a CA cert thats allowed to sign/create server/client certs. This is why easy-rsa creats a CA cert from fresh thats private
Relevant content
- asked 8 months ago
- Accepted Answerasked 6 months ago
- asked a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago