https://www.reddit.com/r/aws/comments/aeohf5/any_ideas_to_successfully_connect_to_an_aws/
$ openssl x509 -in mycert.crt -text
...
Authority Information Access:
OCSP - URI:http://ocsp.rootca1.amazontrust.com
CA Issuers - URI:http://crt.rootca1.amazontrust.com/rootca1.cer
...
$ openxxl x509 -in <(http://crt.rootca1.amazontrust.com/rootca1.cer) -text -inform DER
$ openxxl x509 -in <(http://crt.rootg2.amazontrust.com/rootg2.cer) -text -inform DER
$ openxxl x509 -in <(http://x.ss2.us/x.cer) -text -inform DERclient
dev tun
proto udp
remote cvpn-endpoint-0123456789abcdef.prod.clientvpn.eu-west-1.amazonaws.com 443
remote-random-hostname
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
...
...
blah blah blah blah
...
...
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
...
...
blah blah blah blah
...
...
...
-----END CERTIFICATE-----
</ca>
auth-user-pass
auth-federate
auth-retry interact
auth-nocache
reneg-sec 0