Daily Archives: July 11, 2025

AWS

AWS SSL Certificates

Leave a comment

SSL/TLS allows network traffic to be encrypted during transmission.  SSL stands for Secure Socket Layer, it encrypts all connections between client and server.   TLS stands for Transport Layer Security, it performs the exact same task as SSL but is a newer version.   Today TLS certificates are most commonly used, but most people still refer to them as SSL.  Public SSL certificates are granted by a Certificate Authority and are used to encrypt traffic.

Working of SSL Certificate:

    1. Client —  Load Balance (validate certificate) — EC2 Instance

    2. Load Balancers use an X. certificate for SSL/TLS

    3. Management of certificates are handled by ACM (AWS Certificate Manager)

    4. You have option of uploading your own Certificate

    5. HTTPS listener service requires:

        a. Specification of default certificate

        b. Optional list of certificates to support multiple domains.

        c. Client can use SNI (Service Name Indication) to an instance

SSL – Server Name Indication (SNI) explained.

    1. SNI prevents the problem of loading many certificates onto a single web server.

    2. Its a new protocol so not all web servers use it.

    3. While using SNI, client gives the hostname of server in initial SSL handshake.

    4. The Load Balancer will find correct certificate based on hostname.

    5. Only available on ALB, NLB, CloudFront.

Load Balancer support

    1. CLB

        a. Supports only SSL

        b. Only support one cert, must have multiple CLB to support multiple hostname with different cert.

    2. ALB and NLB

        a. Support multiple listener with multiple certs.

        b. Uses Server Name Indication (SNI)

=================================================

1.  Logon to AWS as an IAM user at URL:  https://signin.aws.amazon.com/

2.  From the Home Console type EC2 in the search bar, select the star next to EC2, and select EC2

3.  On the left hand menu bar select Load Balancers.

4.  Select the load balancer you would like to add SSL certificate to scroll down and select Add Listener button

5.  Add the Protocol HTTPS, Port 443, and select a Forward to target group and select target group.

6.  Click on Request new ACM certificate

7.  Click Request a certificate

8.  Check Request a public certificate and Next button.

 9.  Enter your domain name and select the certificate and press Add button back on the Add Listener page.