- Newest
- Most votes
- Most comments
Using an ALB will allow you to terminate the SSL based encryption at the ALB. This eliminates the processing burden of encrypting and decrypting traffic sent through SSL on the web server, allowing it to focus its resources for serving web content. By utilising Amazon Certificate Manager with an ALB, the certificate will be stored securely, regularly rotated and updated automatically by AWS with no action on your part. This also greatly reduces your SSL administration not only during the initial build and ongoing certificate renewals but also simplifies auto scaling configurations in addition to addressing certain types of security attacks away from the web servers, there is also cost savings to be had with certificate renewals and reduced server specifications without the decryption/encryption overhead.
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 8 months ago
- asked 4 years ago
- asked a year ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Some questions to better understand:
Is there a reason for using NLB instead of Application Load Balancer? ALB will multiplex connections to your instances, thus reducing workload and might be a better fit. What configuration does your TLS listener has? Is your test being done with browser or from an application?
My purpose is configuring SSL certificates for https. Currently, there is only one EC2 server, so I think the NLB can work for me. By the way, I am not very clear if I should choose ALB instead of NLB.
TLS listener configuration: port 443, wildcard certificates, default is *.dm.com, two for SNI *.app.dm.com and *.h5.dm.com, nothing else.
I ran test from an application.