How do I use private certificates for mutual authentication with AWS Certificate Manager to create and connect to a Client VPN endpoint?

Resolution

To use ACM and AWS Private Certificate Authority to create private digital certificates, complete the following steps:

1. Create a private CA.
   Note: You can also create a subordinate CA, if needed.
2. Use the private CA to request private certificates for your server and client.
3. Use the certificates to create a Client VPN endpoint.
4. Export the client certificate. After you create a passphrase, you receive a client certificate body, certificate chain, and certificate private key.
5. To decrypt the private key, run the following command in OpenSSL:

   [ec2-user@ip-172-20-20-14 ~]$ openssl rsa -in private_key.txt -out decrypted_private_key.txtEnter pass phrase for private_key.txt: YOUR_PASSPHRASE
   
   writing RSA key

   Note: Replace YOUR_PASSPHRASE with your passphrase.
6. Download the Client VPN endpoint configuration file.
7. Add the contents of the decrypted_private_key.txt file and the contents of the client certificate body to the configuration file.
8. Export the client configuration file.
9. Add the client certificate and key information to the client configuration file.
10. To connect to the Client VPN endpoint, use an OpenVPN client or the Client VPN desktop application.