What Username do AWS VPN Client need when using password-encrypted private key certificate?

0

We have a Client VPN Endpoint and want to use password encrypted private key certificates. When using Windows "aws vpn client", a pop-up asks username and password. What username should we specify? The CN of the certificate? Anything else? The password is the password we specified when creating client certificate with EasyRSA

Thanks.

질문됨 3년 전2117회 조회
3개 답변
1

I am using the aws vpn client for macos. I had the same client connection behavior, a popup asking for username/password for an endpoint configured for mutual tls. I used the same ACM-created server cert as the client cert, as it was a POC. (I would think an ACM-created client cert will work just fine.) The root cause was that I had not decrypted the private key with the passphrase. After downloading from the ACM, run this: openssl rsa -in private_key.txt -out decrypted_private_key.txt. Then cat the decrypted file and put it's contents in the client config file <key> </key> block.

답변함 2년 전
1

I have the same behavior. What worked for me was to decrypt de private key with : openssl rsa -in private_key.txt -out decrypted_private_key.txt and put the content of decrypted_private_key.txt into <key></key> of the vpn client config file.

답변함 2년 전
0

The above solutions work! Thanks to those who provided the fixes above.

However, they require distributing unencrypted key material in the configuration file, making life harder for admins of small projects that don't have AD or SAML built yet. Tunnelblick has no problem supporting encrypted secrets, why not the AWS VPN Client?

ottomon
답변함 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인