So, I'm running three EC2 instances behind an AWS load balancer. I want to purchase an SSL certificate to use with these machines. Should I just purchase the certificate for the load balancer's public IP address and install the certificate on each machine? Will this work?
Asked
Active
Viewed 4,398 times
2 Answers
11
AWS Elastic Load Balancer supports SSL termination at the load balancer. This means you can install your SSL certificate on the load balancer itself. The load balancer will then talk unencrypted HTTP between the load balancer and your EC2 instance.
This way you only have to install the certificate on the ELB instead of every machine. Have your Apache/Nginx/Lighttpd/whatever use plain HTTP, not SSL. Let the load balancer handle all of the SSL.

Avleen
- 1,042
- 7
- 4
-
2Terrific. This is explained in more detail on the AWS Blog: http://aws.typepad.com/aws/2010/10/elastic-load-balancer-support-for-ssl-termination.html – rrbrambley Jan 23 '11 at 06:46
-
+1 for a spot on answer. :) – Andrew M. Jan 23 '11 at 14:59
-
Does this work when you want to serve multiple separate SSL websites? Can you associate multiple SSL certs with the LB? – Trent Scott Sep 18 '11 at 03:20
-
1I haven't tested it, but I expect that you can use a UC certificate, which allows you to specify multiple hostnames in one certificate. – Avleen Oct 19 '11 at 02:37
2
Definitely terminate the SSL at the load balancer and check x-forwarded-proto header in your code. Installing the SSL cert on ELB is dead easy if you follow this article: http://cloudarch.co.uk/2011/10/elastic-load-balancer-ssl-setup-guide-pem-encoded-csr/#comment-561
Took me about 5 minutes.

Joel
- 171
- 1
- 1
-
Welcome to Server Fault! Whilst this may theoretically answer the question, [it would be preferable](http://meta.stackexchange.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – Scott Pack Oct 13 '12 at 21:10