- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hello DanF,
I hope all is good,
Please consider the below points when you are using Private domains.
- Create a private certificate from a subordinate CA using AWS Private Certificate Authority (AWS Private CA).
- Sign the ACM subordinate CA (you can use an ACM Root CA or an external CA)
- You must create a service-linked role to generate and use the certificate for the AWS side of the Site-to-Site VPN tunnel endpoint.
- specify the certificate when you create the customer gateway. https://docs.aws.amazon.com/vpn/latest/s2svpn/vpn-tunnel-authentication-options.html#certificate
Thanks for the reply.
Steps 1,2 & 4 I'm confident are done correctly.
For #3, I see here: "You don't need to manually create a service-linked role. When you create a customer gateway with an associated ACM private certificate in the AWS Management Console, the AWS CLI, or the AWS API, Site-to-Site VPN creates the service-linked role for you."
- This was done.
- See 1.
- Found (not clear in initial documentation) no steps are required. https://docs.aws.amazon.com/vpn/latest/s2svpn/using-service-linked-roles.html
- Yes, selected. I created subordinate cert and applied to Customer Gateway in AWS Console.
As a workaround, I exported the AWS enpoint.0 cert, put in /etc/swanctl/x509/ on the customer gateway and ran # swanctl --load-creds. This allowed the VPN to show UP in the AWS Console.
Assuming I didn't miss anything, please, I'm asking for help with: "How do I get the AWS Site-to-Site VPN tunnel endpoint to get a domain name using the CN of the Subordinate CA?"
Contenus pertinents
- demandé il y a un an
- demandé il y a 10 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a un an