aws-client-vpn. Right now the Server certificate ARN doesn't show in Create client VPN endpoint.

[kmilo0]

Fix for aws-client-vpn.

Right now the Server certificate ARN doesn't show in Create client VPN endpoint, to fix this

I changed
./easyrsa build-server-full server nopass
to
./easyrsa --san=DNS:server build-server-full server nopass

As in https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/mutual.html

[BradKnowles]

This fixed my issue as well, thanks!

[jchoponis]

confirmed this is the way to fix this. i just ran this on windows and it worked.

worth noting - if you ran the original commands and found your certificate missing a name in the aws console (and it won't show in the cert drop down list when creating the client vpn endpoint) you can always scrub the pki folder and and do the commands for easyrsa over. in fact, when you run easyrsa it will ask if you want to scrub that pki folder and recreate everything. you'll need to to this as well as delete the acm record from aws console to get it working right.

here's an example of the init-pki cmd when you have something in pki folder under easyrsa:

EasyRSA Shell
# ./easyrsa init-pki

WARNING!!!

You are about to remove the EASYRSA_PKI at:
* C:/Program Files/OpenVPN/easy-rsa/pki

and initialize a fresh PKI here.

Type the word 'yes' to continue, or any other input to abort.
  Confirm removal: 

[colddaemon1]

I found the same issue. My suggestion is to use the same FQDN of your Simple AD directory that you create when you generate your certificate