AWS Client VPN client certificate revocation lists

Client VPN client certificate revocation lists are used to revoke access to a Client VPN endpoint for specific client certificates. You can generate the revocation list as well as import or an existing list or export your current list a revocation list file. Generating a list is performed using the OpenVPN software on either Linux/macOS or on Windows. Importing and exporting can be done using either the Amazon VPC Console or by using the AWS CLI.

For more information about generating the server and client certificates and keys, see Mutual authentication in AWS Client VPN

Note

If a client certificate revocation list has expired, you cannot connect to the Client VPN endpoint. You'll need to create a new one and import it into the Client VPN endpoint.

You can add only a limited number of entries to a client certificate revocation list. For more information about the number of entries you can add to a revocation list, see Client VPN quotas.

Tasks

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

View authorization rules

Generate a client certificate revocation list