How to enable SSL Renegotiation on ALB to accept a self signed certificate?


Our architecture currently has an ALB fronting some containers in Fargate. The ALB uses self signed certificate to support SSL connections from clients, then it routes traffic via HTTP to the application inside the Fargate container. Now, we need to change that architecture so that the ALB creates a new SSL connection to the backend application. I see that I can set the ALB's targets to use HTTPS / 443 and I can also set the backend app to accept traffic on 443. Given that the backend app will have its own self signed cert, then for the purposes of this part of the traffic flow, the ALB represents the client and would need to accept the certificate served by the backend app.
How/where do I configure the ALB's trust store to accept that certificate?

asked 10 months ago1921 views
2 Answers
Accepted Answer

Shortly after posting question I found this documentation In the Routing configuration section it essentially says that the ALB will accept ANY SSL certificate on traffic between ALB and backend application

The load balancer establishes TLS connections with the targets using certificates that you install on the targets. The load balancer does not validate these certificates. Therefore, you can use self-signed certificates or certificates that have expired.

answered 10 months ago
profile picture
reviewed 10 months ago
  • That's right and that's exactly was discussed in below mentioned thread.


Please refer this thread, it has the same ask, you should be able to achieve this quite easily.

Hope you find this useful.


profile pictureAWS
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions