Dieser Inhalt ist in der ausgewählten Sprache nicht verfügbar

Wir arbeiten ständig daran, Inhalte in der ausgewählten Sprache bereitzustellen. Vielen Dank für deine Geduld.

How can I generate server and client certificates and their respective keys on a Windows server and upload them to ACM?

Lesedauer: 4 Minute

How can I generate server and client certificates and their respective keys on a Windows server and upload them to AWS Certificate Manager (ACM)?

Resolution

Generate the server and client certificates and their respective keys

1. Go to the OpenVPN Community Downloads page.

2. Select the Windows Installer (.exe) file for the Windows OS version that you're running. Then, choose Run.

3. Complete the OpenVPN Setup Wizard:
Choose Next.
Review the license agreement, and then choose I Agree.
For Choose Components, select EasyRSA 2 Certificate Management Scripts.
Choose Next, and then choose Install.

4. After the OpenVPN software is installed, open a command prompt and navigate to the easy-rsafolder:

cd \Program Files\OpenVPN\easy-rsa

5. Start the OpenVPN configuration:

init-config

6. Open the vars.bat file in a text editor:

notepad vars.bat

Set KEY_Size=2048. Then, set values for KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL. Don’t leave any of these parameters blank.

Save and close your text editor.

7. Run the following commands to set the above variables for the certificate authority (CA) certificate, initialize the public key infrastructure (PKI), and build the CA certificate:

vars

clean-all

build-ca

At the prompt, leave all fields as the default values. Optionally, you can change the Common Nameto your server's domain name.

8. Run the following command to generate a certificate and private key for the server:

build-key-server server

At the prompt, change the Common Nameto your server's domain name using the format server.example.com. Leave all of the remaining fields as the default values.

9. Run the following command to generate a certificate and private key for the client:

build-key client1

At the prompt,changethe Common Nameto your client's domain name using the format client1.example.com. Leave all of the remaining fields as the default values.

10. (Optional) If needed, create additional client certificates and keys.

build-key client2

At the prompt, change the Common Name to your client's domain name using the format client2.example.com. Leave all of the remaining fields as the default values.

Important: If you don't follow the format specified above for setting common names, the domain names aren't available when you import the certificate into ACM. As a result, the certificate isn't an available option for specifying the server certificate or client certificate when you create the AWS Client VPN endpoint.

Import the server and client certificates and keys into ACM

Note: The server and client certificates, and their respective keys, are available in C:\Program Files\OpenVPN\easy-rsa\keys.

1. Open the following files: server.crt, server.key, client1.crt, client1.key, and ca.crt.

2. Open the ACM console, and then choose Import a certificate.

3. On the Import a certificatepage, copy/paste the content:
From the server.crtfile to Certificate body.
From the server.keyfile to Certificate private key. From the ca.crtfile to Certificate chain.

4. Choose Import to import the server certificate.

5. Choose Import a certificateagain and copy/paste the content:
From the client1.crtfile to Certificate body.
From the client1.key file to Certificate private key. From the ca.crt fileto Certificate chain.

6. Choose Import to import the client certificate.

Or, you can use the AWS Command Line Interface (AWS CLI) to import the server and client certificates and their keys into ACM:

cd C:\Program Files\OpenVPN\easy-rsa\keys

aws acm import-certificate --certificate file://"C:\Program Files\OpenVPN\easy-rsa\keys\server.crt" --private-key file://"C:\Program Files\OpenVPN\easy-rsa\keys\server.key" --certificate-chain file://"C:\Program Files\OpenVPN\easy-rsa\keys\ca.crt"

aws acm import-certificate --certificate file://"C:\Program Files\OpenVPN\easy-rsa\keys\client1.crt" --private-key file://"C:\Program Files\OpenVPN\easy-rsa\keys\client1.key" --certificate-chain file://"C:\Program Files\OpenVPN\easy-rsa\keys\ca.crt"

Confirm that you have successfully created and imported your server and client certificates

1. Open the ACM console.

2. In the certificates list, confirm that Issueddisplays in the Status columnfor your server and client certificates.

Related Information

Mutual Authentication (for AWS Client VPN)

Themen

Vernetzung & Bereitstellung von Inhalten

Relevanter Inhalt

Wie behebe ich den Fehler „Der SMTP-Server benötigt eine sichere Verbindung oder der Client ist nicht authentifiziert“? Die Serverantwort lautete: „Authentifizierung erforderlich“ beim Senden einer E-Mail über SES?
AWS OFFICIALAktualisiert vor 2 Monaten
Wie erstelle ich einen verbundenen Server in RDS für SQL Server mit RDS als Quelle?
AWS OFFICIALAktualisiert vor 6 Monaten
Wie erstelle ich Wartungsaufgaben, um Indizes in meiner RDS-für-SQL-Server-Instance neu zu erstellen?
AWS OFFICIALAktualisiert vor 4 Monaten
Wie stelle ich eine KMS-verschlüsselte Sicherungsdatei aus einer lokalen Umgebung in RDS for SQL Server wieder her?
AWS OFFICIALAktualisiert vor 5 Monaten