SSL Certificates

  • SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, machines, and applications operating over a network.

HTTP Listener

  • You can create an HTTPS listener, which uses encrypted connections (also known as SSL offload).

    • This feature enables traffic encryption between your load balancer and the clients that initiate SSL or TLS sessions.

  • To use an HTTPS listener, you must deploy at least one SSL/TLS server certificate on your load balancer.

  • The load balancer uses a server certificate to terminate the front-end connection and then decrypt requests from clients before sending them to the targets.

  • The load balancer requires X.509 certificates (SSL/TLS server certificates).

  • Certificates are a digital form of identification issued by a certificate authority (CA).

Server Name Indication (SNI)

  • When a browser connects to your TLS-enabled ALB, ALB presents a certificate that contains your site’s public key, which has been cryptographically signed by a CA.

    • This way the client can be sure it’s getting the ‘real you’ and that it’s safe to use your site’s public key to establish a secure connection.

  • With SNI support, AWS makes it easy to use more than one certificate with the same ALB.

  • The most common reason you might want to use multiple certificates is to handle different domains with the same load balancer.

  • SNI is supported by over 99.5% of clients connecting to CloudFront.

  • Only works with ALBs and NLBs.

  • Support:

    • CLBs:

      • Only support 1 SSL certificate, so to get multiple certificates, you must use multiple CLBs.

    • ALBs and NLBs:

      • Use SNI to support multiple listeners with multiple certificates.

Last updated