AWS Client VPN 인증서 준비

서버 증명서와 클라이언트 인증서의 준비

적당한 서버에서 아래 내용 수행

$ mkdir -p ~/aws-client-vpn/certs
$ cd ~/aws-client-vpn/
$ git clone https://github.com/OpenVPN/easy-rsa.git
$ cd easy-rsa/easyrsa3
$ ./easyrsa init-pki
$ ./easyrsa build-ca nopass
...
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:aws-client-vpn.naver.com    # <-- "aws-client-vpn.naver.com" 라고 입력
  
$ ./easyrsa build-server-full server nopass
  
$ ./easyrsa build-client-full client1.domain.tld nopass
  
$ cp pki/ca.crt ~/aws-client-vpn/certs/
$ cp pki/issued/server.crt ~/aws-client-vpn/certs/
$ cp pki/private/server.key ~/aws-client-vpn/certs/
$ cp pki/issued/client1.domain.tld.crt ~/aws-client-vpn/certs
$ cp pki/private/client1.domain.tld.key ~/aws-client-vpn/certs/
$ cd ~/aws-client-vpn/certs/
  
$ aws acm import-certificate --certificate file://server.crt --private-key file://server.key --certificate-chain file://ca.crt --region ap-northeast-1
  
$ aws acm import-certificate --certificate file://client1.domain.tld.crt --private-key file://client1.domain.tld.key --certificate-chain file://ca.crt --region ap-northeast-1

위처럼 ACM에 대한 Import까지 끝났습니다.

클라이언트 인증서와 키(client1.domain.tld.crt, client1.domain.tld.key)는 SCP에서 로컬 PC로 다운로드 합니다