2

I have created and imported self-signed certificate to amazon certificate manager. On acm console, it looks successfully imported. I want to use this sertificate to aws client VPN endpoint. At "Server certificate ARN" section of "Create Client VPN Endpoint" page in the VPC console, My certification dose not show up in the list.

"aws acm describe-certificate --certificate-arn " command returns my certificate information. But "aws acm list-certificates" command returns "CertificateSummaryList" with null.

I also tried to create VPN endpoint using aws cli "aws ec2 create-client-vpn-endpoint" specifying my certificate arn with "--authentication-options" but it end up to error as well.

Can someone tell me how to fix this?

Sako
  • 105
  • 1
  • 8

2 Answers2

0

Can you please check if your certificate has been created in the same region where you want to create the client vpn endpoint?The certificate arn will list something like

arn:aws:acm:::certificate/xxxxxxxxxxxxxx

If your certificate is created in a different region in might not show up in the drop down menu.

Sumit Menaria
  • 71
  • 3
0

Might be a bit late, but I just had the same issue.
One reason for the certificate not showing up is if it has been created without specifying a domain.
You can specify the domain using the -subj switch in openssl. E.g.

openssl req -new -x509 -nodes -sha1 -days 3650 -subj '/CN=yourdomain.com' -extensions v3_ca -key my-aws-private.key > my-aws-public.crt

See https://www.digicert.com/kb/ssl-support/openssl-quick-reference-guide.htm#Usingthe-subjSwitch

B3N3D1K7
  • 29
  • 2