Register the CA Certificates with AD Connector
To register your CA certificate in AD Connector, use the following CLI command:
aws ds register-certificate --directory-id your_directory_id --certificate-data file://your_file_path --type ClientCertAuth --client-cert-auth-settings '{"OCSPUrl":"http://your_OCSP_address"}' --region us-gov-west-1
For the certificate data, point to the location of your CA certificate. To provide a secondary OCSP responder address, use the optional ClientCertAuthSettings object. The response provides a certificate ID.
Note
Each certificate must be registered individually.
To upload multiple certificates, the following PowerShell command can be used on Windows-based systems where the AWS CLI V2 has been installed:
Get-ChildItem "C:\{file location}" -Filter *.cer | Foreach-Object { aws ds register-certificate --directory-id your_directory_id --certificate-data file://$_ --type ClientCertAuth --client-cert-auth-settings '{\"OCSPUrl\":\"http://{your_ocsp_address}\"}' --endpoint https://ds-fips.us-gov-west-1.amazonaws.com }
To verify the status of a CA certificate registration or a list of registered CA certificates, run the following command:
aws ds list-certificates --directory-id your_directory_id
The following screenshot shows the successful listing of certificates registered with the specified AD Connector.
List certificates registered with AD Connector