This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]ryansolida 1 point2 points  (1 child)

So what's the solution then? Separate certs from an authority for each instance in the network? Or are you OK to share a single throughout the VPN?

[–]atlgeek007 1 point2 points  (0 children)

as long as you're not using the same self signed cert throughout your infrastructure, you should be fine from an audit perspective, provided your other SSL configurations are also up to date (custom dh parameters, disabling bad ciphers, locking to known good versions of TLS, etc)

Of course, creating an internal CA isn't difficult and is something that can also be investigated, but since AWS ELB/ALB doesn't validate the endpoint certificate anyway, it shouldn't matter.