Skip to main content

How to Install a Valid SSL Certificate on OpenVPN Access Server in EC2 for Secure Web Access

To install a valid SSL certificate in an OpenVPN Access Server on EC2, follow these steps to secure your connection with HTTPS.

Prerequisites

  • OpenVPN Access Server installed on your EC2 instance
  • certbot and openssl installed on the server
  • Inbound security group rule to allow TCP on port 80 temporarily for certificate generation

Step-by-Step Guide

  1. Install Certbot and OpenSSL
    Make sure Certbot and OpenSSL are installed:

    sudo yum install certbot python2-certbot-apache -y
  2. Generate a Certificate Signing Request (CSR)
    Use OpenSSL to create a new private key and CSR for the SSL certificate:

    sudo openssl req -out server.csr -new -newkey rsa:4096 -sha256 -nodes -keyout server.key

    Follow the prompts to enter details like country, state, and common name (domain name) for the CSR.

  3. Request the SSL Certificate
    Use Certbot to obtain the SSL certificate by verifying your domain through the webroot method. Replace <domain> with your actual domain:

    sudo certbot certonly --csr ./server.csr --key-path ./server.key --webroot -w /var/www/html -d <your_domain>
  4. Update Security Group
    Temporarily add an inbound rule to your security group to allow HTTP (port 80) traffic for the domain validation process. After validation, remove this rule for security.

  5. Upload Certificate to OpenVPN Access Server
    Once the SSL certificate is issued, upload the following files to the OpenVPN Access Server:

    • CA Bundle (certificate chain file)
    • The SSL Certificate file
    • Private Key (server.key generated earlier)
  6. Restart OpenVPN Access Server

  7. Verify SSL Certificate Installation
    Access the OpenVPN Admin URL (https://<your_domain>:943/admin) to confirm the SSL certificate is active.