En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Client VPN Endpoint Creation - Not Detecting Client Certificate in ACM

2

Hi,

Running in to an issue where a certificate in ACM is not being recognized as available for usage as a client certificate when attempting to create a client VPN endpoint.

Steps to recreate:

  1. I followed the directions to create a client and server certificate per this link: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/authentication-authrization.html#mutual

  2. The steps above seemed to work; there are two new certificates visible in the ACM console.

  3. On the Create Client VPN Endpoint console screen under Authentication Information, I select the ARN of the previously imported ACM server certificate as the "Server certificate ARN".

  4. Check the "Use mutual authentication" checkbox

  5. In the dropdown for the "Client certificate ARN", the only ACM certificate visible is the server certificate from Step 3. I expected to see and use the client certificate that was uploaded to ACM but it does not appear in the drop-down.

Any guidance would be much appreciated.

Sujets
Réseaux et diffusion de contenu
Balises
Réseaux et diffusion de contenu
Langue
English
AWS-User-9164621
demandé il y a 6 ans3,4 k vues
3 réponses
2
Réponse acceptée

From what I recall - this issues comes when "Domain Name" on certificates is empty. Can you please confirm in your ACM if your certificates have appropriate Domain Name ?

Edit: To fix it, you need to use FQDN e.g. ./easyrsa build-client-full client2.example.com nopass

This will generate certificate with correct domain i.e. client2.example.com and that should make it visible in the Client VPN console. I'll provide feedback to the service team as well on this as we should clarify our documentation bit more.

AWS
EXPERT
Shakeel_A
répondu il y a 6 ans
profile picture
EXPERT
Oleksii Bebych
vérifié il y a un an
profile picture
EXPERT
Sedat Salman
vérifié il y a 2 ans
  • aperna
    il y a 8 mois

    Why does amazon let me import certificates without a FQDN in the first place if Services like AWS Client VPN does not let me use them... This is poorly designed.

1

I am facing the same issue, where the server domain name is not populating. Its empty after importing to AWS certificate manager.

riri
répondu il y a un an
0

Also the server needs FQDN eg ./easyrsa build-server-full vpn.example.com nopass

then it will show in the client vpn console , otherwise i can't select it the server certificate menu (import was ok)

Popa Adrian Marius
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents