- Más nuevo
- Más votos
- Más comentarios
If your aim is to have end-to-end encryption on your connection then here's what you can do:
- Use ACM to provision publicly valid certificate for the ALB
- Create self-signed certificate on the EC2 instance and use that to listen to port HTTPS 443
-
ALB doesn't validate the targets TLS certificate, it only makes sure there is a TLS certificate if you selected the target groups protocol to be HTTPS.
-
Here's quote from our documentation:
If a target group is configured with the HTTPS protocol or uses HTTPS health checks, the TLS connections to the targets use the security settings from the ELBSecurityPolicy-2016-08 policy. The load balancer establishes TLS connections with the targets using certificates that you install on the targets. The load balancer does not validate these certificates.
-
Hi,
It might not be possible to use ACM certificates on EC2 instances. Instead, you can use a third-party SSL certificate on your ALB and EC2 instances to enable end-to-end SSL connections. In other words, you must install a third-party certificate on the EC2 instance. Then, associate the third-party certificate with the ALB by importing it into AWS ACM.
For more details, please see https://aws.amazon.com/premiumsupport/knowledge-center/acm-ssl-certificate-ec2-elb/
Likely this is about AWS issues ACM certificates - It is not possible to attach/load/use AWS issued ACM certificate on EC2. ACM is meant for AWS managed services such as ALB (Elastic LoadBalancing) & Cloudfront to give examples. Here is full list of supported services: https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html
Contenido relevante
- OFICIAL DE AWSActualizada hace 3 años
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 2 años