Register the CA Certificates with AD Connector - Access Amazon WorkSpaces with Common Access Cards

Register the CA Certificates with AD Connector

To register your CA certificate in AD Connector, use the following CLI command:

aws ds register-certificate --directory-id your_directory_id --certificate-data file://your_file_path --type ClientCertAuth --client-cert-auth-settings '{"OCSPUrl":"http://your_OCSP_address"}' --region us-gov-west-1

For the certificate data, point to the location of your CA certificate. To provide a secondary OCSP responder address, use the optional ClientCertAuthSettings object. The response provides a certificate ID.

Note

Each certificate must be registered individually.

To upload multiple certificates, the following PowerShell command can be used on Windows-based systems where the AWS CLI V2 has been installed:

Get-ChildItem "C:\{file location}" -Filter *.cer | Foreach-Object { aws ds register-certificate --directory-id your_directory_id --certificate-data file://$_ --type ClientCertAuth --client-cert-auth-settings '{\"OCSPUrl\":\"http://{your_ocsp_address}\"}' --endpoint https://ds-fips.us-gov-west-1.amazonaws.com }

To verify the status of a CA certificate registration or a list of registered CA certificates, run the following command:

aws ds list-certificates --directory-id your_directory_id

The following screenshot shows the successful listing of certificates registered with the specified AD Connector.

A screenshot showing list certificates registered with AD Connector.

List certificates registered with AD Connector