SSL Certificates

SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, machines, and applications operating over a network.

HTTP Listener

You can create an HTTPS listener, which uses encrypted connections (also known as SSL offload).
- This feature enables traffic encryption between your load balancer and the clients that initiate SSL or TLS sessions.
To use an HTTPS listener, you must deploy at least one SSL/TLS server certificate on your load balancer.
The load balancer uses a server certificate to terminate the front-end connection and then decrypt requests from clients before sending them to the targets.
The load balancer requires X.509 certificates (SSL/TLS server certificates).
Certificates are a digital form of identification issued by a certificate authority (CA).

When a browser connects to your TLS-enabled ALB, ALB presents a certificate that contains your site’s public key, which has been cryptographically signed by a CA.
- This way the client can be sure it’s getting the ‘real you’ and that it’s safe to use your site’s public key to establish a secure connection.
With SNI support, AWS makes it easy to use more than one certificate with the same ALB.
The most common reason you might want to use multiple certificates is to handle different domains with the same load balancer.
SNI is supported by over 99.5% of clients connecting to CloudFront.
Only works with ALBs and NLBs.
Support:
- CLBs:
  - Only support 1 SSL certificate, so to get multiple certificates, you must use multiple CLBs.
- ALBs and NLBs:
  - Use SNI to support multiple listeners with multiple certificates.

Last updated 4 years ago

Was this helpful?

SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, machines, and applications operating over a network.

You can create an HTTPS listener, which uses encrypted connections (also known as SSL offload).
- This feature enables traffic encryption between your load balancer and the clients that initiate SSL or TLS sessions.
To use an HTTPS listener, you must deploy at least one SSL/TLS server certificate on your load balancer.
The load balancer uses a server certificate to terminate the front-end connection and then decrypt requests from clients before sending them to the targets.
The load balancer requires X.509 certificates (SSL/TLS server certificates).
Certificates are a digital form of identification issued by a certificate authority (CA).

When a browser connects to your TLS-enabled ALB, ALB presents a certificate that contains your site’s public key, which has been cryptographically signed by a CA.
- This way the client can be sure it’s getting the ‘real you’ and that it’s safe to use your site’s public key to establish a secure connection.
With SNI support, AWS makes it easy to use more than one certificate with the same ALB.
The most common reason you might want to use multiple certificates is to handle different domains with the same load balancer.
SNI is supported by over 99.5% of clients connecting to CloudFront.
Only works with ALBs and NLBs.
Support:
- CLBs:
  - Only support 1 SSL certificate, so to get multiple certificates, you must use multiple CLBs.
- ALBs and NLBs:
  - Use SNI to support multiple listeners with multiple certificates.

Last updated 4 years ago

Was this helpful?