Load certificate on ALB and EC2

0

Is there any way to use the SSL 443 connection between the ALB and the backend EC2 Server at the same time, that is to say, load the ACM certificate on the ALB and EC2?

已提問 1 年前檢視次數 2188 次
3 個答案
2

If your aim is to have end-to-end encryption on your connection then here's what you can do:

  • Use ACM to provision publicly valid certificate for the ALB
  • Create self-signed certificate on the EC2 instance and use that to listen to port HTTPS 443
    • ALB doesn't validate the targets TLS certificate, it only makes sure there is a TLS certificate if you selected the target groups protocol to be HTTPS.

    • Here's quote from our documentation:

      If a target group is configured with the HTTPS protocol or uses HTTPS health checks, the TLS connections to the targets use the security settings from the ELBSecurityPolicy-2016-08 policy. The load balancer establishes TLS connections with the targets using certificates that you install on the targets. The load balancer does not validate these certificates.

profile pictureAWS
專家
Toni_S
已回答 1 年前
profile pictureAWS
專家
已審閱 1 年前
1
已接受的答案

Hi,

It might not be possible to use ACM certificates on EC2 instances. Instead, you can use a third-party SSL certificate on your ALB and EC2 instances to enable end-to-end SSL connections. In other words, you must install a third-party certificate on the EC2 instance. Then, associate the third-party certificate with the ALB by importing it into AWS ACM.

For more details, please see https://aws.amazon.com/premiumsupport/knowledge-center/acm-ssl-certificate-ec2-elb/

profile pictureAWS
jcvip
已回答 1 年前
0

Likely this is about AWS issues ACM certificates - It is not possible to attach/load/use AWS issued ACM certificate on EC2. ACM is meant for AWS managed services such as ALB (Elastic LoadBalancing) & Cloudfront to give examples. Here is full list of supported services: https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html

wieshka
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南