Load certificate on ALB and EC2

0

Is there any way to use the SSL 443 connection between the ALB and the backend EC2 Server at the same time, that is to say, load the ACM certificate on the ALB and EC2?

질문됨 일 년 전2188회 조회
3개 답변
2

If your aim is to have end-to-end encryption on your connection then here's what you can do:

  • Use ACM to provision publicly valid certificate for the ALB
  • Create self-signed certificate on the EC2 instance and use that to listen to port HTTPS 443
    • ALB doesn't validate the targets TLS certificate, it only makes sure there is a TLS certificate if you selected the target groups protocol to be HTTPS.

    • Here's quote from our documentation:

      If a target group is configured with the HTTPS protocol or uses HTTPS health checks, the TLS connections to the targets use the security settings from the ELBSecurityPolicy-2016-08 policy. The load balancer establishes TLS connections with the targets using certificates that you install on the targets. The load balancer does not validate these certificates.

profile pictureAWS
전문가
Toni_S
답변함 일 년 전
profile pictureAWS
전문가
검토됨 일 년 전
1
수락된 답변

Hi,

It might not be possible to use ACM certificates on EC2 instances. Instead, you can use a third-party SSL certificate on your ALB and EC2 instances to enable end-to-end SSL connections. In other words, you must install a third-party certificate on the EC2 instance. Then, associate the third-party certificate with the ALB by importing it into AWS ACM.

For more details, please see https://aws.amazon.com/premiumsupport/knowledge-center/acm-ssl-certificate-ec2-elb/

profile pictureAWS
jcvip
답변함 일 년 전
0

Likely this is about AWS issues ACM certificates - It is not possible to attach/load/use AWS issued ACM certificate on EC2. ACM is meant for AWS managed services such as ALB (Elastic LoadBalancing) & Cloudfront to give examples. Here is full list of supported services: https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html

wieshka
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠