In my application, I have multiple instances of the server running behind a load balancer. Usually, SSL offloading takes place at the load-balancer in the case of AWS Application Load Balancers, and the connection between the ALB and server instances remains unencrypted.
I wish to prevent the latter from happening by re-encrypting the information, i.e. establishing a new SSL connection between the load balancer and the server using self-signed certificates installed in each of the server instance.
My question is - How would the load balancer trust & verify the self-signed certificate of the server? Usually, in test mode without the ALB, what I do is add the server CA to the trusted roots in the client program, and the verification proceeds successfully. Is there a way to do this in case of a load balancer? Can I add my own trusted roots to the load balancer for SSL verification process?
