How to Install a Valid SSL Certificate on OpenVPN Access Server in EC2 for Secure Web Access
To install a valid SSL certificate in an OpenVPN Access Server on EC2, follow these steps to secure your connection with HTTPS.
Prerequisites
- OpenVPN Access Server installed on your EC2 instance
certbot
andopenssl
installed on the server- Inbound security group rule to allow TCP on port 80 temporarily for certificate generation
Step-by-Step Guide
-
Install Certbot and OpenSSL
Make sure Certbot and OpenSSL are installed:sudo yum install certbot python2-certbot-apache -y
-
Generate a Certificate Signing Request (CSR)
Use OpenSSL to create a new private key and CSR for the SSL certificate:sudo openssl req -out server.csr -new -newkey rsa:4096 -sha256 -nodes -keyout server.key
Follow the prompts to enter details like country, state, and common name (domain name) for the CSR.
-
Request the SSL Certificate
Use Certbot to obtain the SSL certificate by verifying your domain through the webroot method. Replace<domain>
with your actual domain:sudo certbot certonly --csr ./server.csr --key-path ./server.key --webroot -w /var/www/html -d <your_domain>
-
Update Security Group
Temporarily add an inbound rule to your security group to allow HTTP (port 80) traffic for the domain validation process. After validation, remove this rule for security. -
Upload Certificate to OpenVPN Access Server
Once the SSL certificate is issued, upload the following files to the OpenVPN Access Server:- CA Bundle (certificate chain file)
- The SSL Certificate file
- Private Key (
server.key
generated earlier)
-
Restart OpenVPN Access Server
-
Verify SSL Certificate Installation
Access the OpenVPN Admin URL (https://<your_domain>:943/admin
) to confirm the SSL certificate is active.