- 最新
- 投票最多
- 评论最多
Hello DanF,
I hope all is good,
Please consider the below points when you are using Private domains.
- Create a private certificate from a subordinate CA using AWS Private Certificate Authority (AWS Private CA).
- Sign the ACM subordinate CA (you can use an ACM Root CA or an external CA)
- You must create a service-linked role to generate and use the certificate for the AWS side of the Site-to-Site VPN tunnel endpoint.
- specify the certificate when you create the customer gateway. https://docs.aws.amazon.com/vpn/latest/s2svpn/vpn-tunnel-authentication-options.html#certificate
Thanks for the reply.
Steps 1,2 & 4 I'm confident are done correctly.
For #3, I see here: "You don't need to manually create a service-linked role. When you create a customer gateway with an associated ACM private certificate in the AWS Management Console, the AWS CLI, or the AWS API, Site-to-Site VPN creates the service-linked role for you."
- This was done.
- See 1.
- Found (not clear in initial documentation) no steps are required. https://docs.aws.amazon.com/vpn/latest/s2svpn/using-service-linked-roles.html
- Yes, selected. I created subordinate cert and applied to Customer Gateway in AWS Console.
As a workaround, I exported the AWS enpoint.0 cert, put in /etc/swanctl/x509/ on the customer gateway and ran # swanctl --load-creds. This allowed the VPN to show UP in the AWS Console.
Assuming I didn't miss anything, please, I'm asking for help with: "How do I get the AWS Site-to-Site VPN tunnel endpoint to get a domain name using the CN of the Subordinate CA?"
相关内容
- AWS 官方已更新 1 年前
- AWS 官方已更新 10 个月前
- AWS 官方已更新 2 年前