Hello All,
Not sure if this is expected behavior, if so why is it different to aws-cli, but the terraform aws_acm_certificate fails to import the certificate, key & chain generated by the easy-rsa binaries (latest version available on their github), while I can import the same certificates using aws-cli (2.9.3) . Here is what I’m trying to do.
Generate easy-rsa certificates for client vpn:
git clone https://github.com/OpenVPN/easy-rsa.git;
cd easy-rsa;
./easyrsa3/easyrsa init-pki;
./easyrsa3/easyrsa build-ca nopass (example.com);
./easyrsa3/easyrsa build-server-full example.com nopass;
Terraform code:
resource "aws_acm_certificate" "vpn_cert" {
private_key = "pki/private/example.com.key"
certificate_body = "pki/issued/example.com.crt"
certificate_chain = "pki/ca.crt"
}
Results in following error:
Error: importing ACM Certificate: ValidationException: The certificate field contains more than one certificate. You can specify only one certificate in this field.
But I am able to import same certs using aws cli with below command successfully:
aws acm import-certificate --certificate fileb://pki/issued/example.com.crt --private-key fileb://pki/private/example.com.key --certificate-chain fileb://pki/ca.crt --region us-west-2