By using AWS re:Post, you agree to the Terms of Use

What Username do AWS VPN Client need when using password-encrypted private key certificate?


We have a Client VPN Endpoint and want to use password encrypted private key certificates. When using Windows "aws vpn client", a pop-up asks username and password. What username should we specify? The CN of the certificate? Anything else? The password is the password we specified when creating client certificate with EasyRSA


1 Answers

Hello there

Client VPN offers the following types of client authentication:

-Active Directory authentication (user-based)
-Mutual authentication (certificate-based)
-Single sign-on (SAML-based federated authentication) (user-based)

You will only be prompted for username/password if you are using user based authentication methods (AD or SAML)

With Active Directory authentication, clients are authenticated against existing Active Directory groups ,so clients have to enter credentials for existing AD groups.For SAML, the credentials are stored by their IdPs.

I would like to mention that using ACM and ACM Private CA for mutual authentication isn't currently supported for use with the AWS provided client for the Client VPN application[2].However you can connect using any other OpenVPN-based client application.




answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions