By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Client VPN Setup "The config should have either cert and key, auth-user-pass or auth-federate specified."

0

Error message: "The config should have either cert and key, auth-user-pass or auth-federate specified."

How can we fix this problem?

Topics
Networking & Content Delivery
Tags
AWS Client VPN
Language
English
rePost-User-9605316
asked a year ago1849 views
2 Answers
0

Thank you for your reply. But this information is not documented in any AWS documents. Strange.

rePost-User-9605316
answered a year ago
  • Gary Mclean EXPERT
    a year ago

    Yes there is. I added link to my answer

0

AWS Client VPN requires you to use Client and Service certificates for authentication when connecting to the VPN Endpoint or Federated authentication using SSO such as Azure AD, ADFS, AWS Identity centre or Google using SAML

Without one of these options, you cant authenticate users.

If you do not have any way to authenticate users using a directory, you can actually use Identify Centre as an SSO source and authenticate users here via a SAML .

Otherwise you need to use OPENSSL and create your certs and manage users that way. This its self adds an overhead to manage certificates and revocation of them too

https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html

profile picture
EXPERT
Gary Mclean
answered a year ago
  • rd888
    9 months ago

    i downloaded the client config from the Client VPN endpoint in the console. This file does include some certificates but no key. is that why the AWS VPN client will not create the profile?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content