BradKnowles
commented
3 months ago A new command was posted in pull request #163 that fixed it for me.
Open waynelxb opened 4 months ago
BradKnowles
commented
3 months ago A new command was posted in pull request #163 that fixed it for me.
On the page, https://github.com/acantril/learn-cantrill-io-labs/blob/acba375a76af9a8dbdc6615d98dcd10c1031f4da/aws-client-vpn/02_LABINSTRUCTIONS/STAGE2.md, for generating certificate on Windows, maybe due to the version change of EasyRSA, the following step may need to be updated
1) EasyRSA-Start 2) ./easyrsa init-pki 3) ./easyrsa build-ca nopass For prompt msg: Common Name (eg: your user, host, or server name) [Easy-RSA CA]: server 4) ./easyrsa build-server-full server nopass This command would not assign "server" as a domain name to the server certificate.
5) ./easyrsa build-client-full client1.domain.tld nopass 6) exit 7) aws acm import-certificate --certificate fileb://pki/issued/server.crt --private-key fileb://pki/private/server.key --certificate-chain fileb://pki/ca.crt --profile iamadmin-general If you aws cli already can connect to you aws account, then no need to specify --profile iamadmin-general The following may work. X:\XDirectory\EasyRSA-3\EasyRSA-3.2.0\aws acm import-certificate --certificate fileb://pki/issued/server.crt --private-key fileb://pki/private/server.key --certificate fileb://pki/issued/client1.domain.tld.crt --private-key fileb://pki/private/client1.domain.tld.key --certificate-chain fileb://pki/ca.crt