Dieser Inhalt ist in der ausgewählten Sprache nicht verfügbar

Wir arbeiten ständig daran, Inhalte in der ausgewählten Sprache bereitzustellen. Vielen Dank für deine Geduld.

How do I create and connect to a Client VPN endpoint using private certificates for mutual authentication with AWS Certificate Manager?

Lesedauer: 2 Minute

I want to create and connect to an AWS Client VPN endpoint using private certificates for mutual authentication with AWS Certificate Manager (ACM). How can I do this?

Short description

With Client VPN, there are several options for configuring client authentication. One of these options is mutual authentication, which is a type of certificate-based authentication. These certificates can be self-signed or generated using ACM. To create private digital certificates using ACM and AWS Certificate Manager Private Certificate Authority, complete the following steps.

Resolution

1. Using ACM, create a private CA. If needed, you can also create a subordinate CA (optional).

2. Using the private CA that you created in the previous step, generate private certificates for your server and client.

3. Using the certificates that created in the previous step, create an AWS Client VPN endpoint.

4. Export the client certificate that you created in step 2. After you are prompted for a passphrase, you receive a client certificate body, certificate chain, and certificate private key.

5. Decrypt the private key with the passphrase that you specified in step 4. You can decrypt the private key by running the following command in OpenSSL libraries:

[ec2-user@ip-172-20-20-14 ~]$ openssl rsa -in private_key.txt -out decrypted_private_key.txt
Enter pass phrase for private_key.txt: YOUR_PASSPHRASE

writing RSA key

Note: Be sure to replace YOUR_PASSPHRASE with your custom passphrase.

6. Download and prepare the Client VPN endpoint configuration file. The client certificate and key values required to prepare the configuration file are provided in the client certificate that you exported in the previous step.

7. Find the decrypted_private_key.txt file from your decrypted private key in step 5. Add the contents of this file along with the contents of the client certificate body to the Client VPN configuration file.

8. Export and configure the client configuration file.

9. Connect to the Client VPN endpoint using any OpenVPN-based or the AWS Client VPN desktop application.

Themen

Vernetzung & Bereitstellung von Inhalten

Relevanter Inhalt

Wie überwache ich mein Transit-Gateway und Site-to-Site-VPN auf einem Transit-Gateway mit Network Manager?
AWS OFFICIALAktualisiert vor 8 Monaten
Wie kann ich über den privaten Netzwerkzugriffsmodus in meiner Amazon-MWAA-Umgebung auf die Apache-Airflow-Benutzeroberfläche zugreifen?
AWS OFFICIALAktualisiert vor einem Jahr
Wie lösche oder beende ich einen VPN-Client-Endpunkt oder Verbindung auf AWS Client VPN?
AWS OFFICIALAktualisiert vor 6 Monaten
Wie berechne ich die Bandbreite und richte einen CloudWatch-Alarm für AWS-Direct-Connect-, AWS-Site-Site-VPN- oder Transit-Gateway-Verbindungen ein?
AWS OFFICIALAktualisiert vor 3 Monaten