Load certificate on ALB and EC2

0

Is there any way to use the SSL 443 connection between the ALB and the backend EC2 Server at the same time, that is to say, load the ACM certificate on the ALB and EC2?

asked 23 days ago28 views
3 Answers
1
Accepted Answer

Hi,

It might not be possible to use ACM certificates on EC2 instances. Instead, you can use a third-party SSL certificate on your ALB and EC2 instances to enable end-to-end SSL connections. In other words, you must install a third-party certificate on the EC2 instance. Then, associate the third-party certificate with the ALB by importing it into AWS ACM.

For more details, please see https://aws.amazon.com/premiumsupport/knowledge-center/acm-ssl-certificate-ec2-elb/

profile picture
jcvip
answered 23 days ago
1

If your aim is to have end-to-end encryption on your connection then here's what you can do:

  • Use ACM to provision publicly valid certificate for the ALB
  • Create self-signed certificate on the EC2 instance and use that to listen to port HTTPS 443
    • ALB doesn't validate the targets TLS certificate, it only makes sure there is a TLS certificate if you selected the target groups protocol to be HTTPS.

    • Here's quote from our documentation:

      If a target group is configured with the HTTPS protocol or uses HTTPS health checks, the TLS connections to the targets use the security settings from the ELBSecurityPolicy-2016-08 policy. The load balancer establishes TLS connections with the targets using certificates that you install on the targets. The load balancer does not validate these certificates.

profile picture
EXPERT
Toni_S
answered 22 days ago
profile picture
EXPERT
reviewed 21 days ago
0

Likely this is about AWS issues ACM certificates - It is not possible to attach/load/use AWS issued ACM certificate on EC2. ACM is meant for AWS managed services such as ALB (Elastic LoadBalancing) & Cloudfront to give examples. Here is full list of supported services: https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html

wieshka
answered 23 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions