I have a single EC2 instance (amazon linux) behind an ELB. I have configured up the free Amazon SSL certificate but I'm now wondering if i need to install that cert on my server as i did with my old thrid-part certificate of is Amazon do some magic that measn I no longer nee to do that.
If so what are the implications for the old cert i have installed and and my virtual hosting environment and specifally my my ssl.vhosts.conf and vhosts.conf files?
Since the certificate lives on the load balancer, the HTTP application does not need to be aware of it.
Certificates on Amazon's Certificate Manager are free because they are tied to Amazon's ecosystem. You are not able to gain access to the private key used to create the certificate, nor can you export it from ACM.
The key concept to what they're going for here, is that you use an ACM certificate on a load balancer, and have your load balancer forward traffic to your servers using unencrypted HTTP. Your servers then don't need to worry, or concern themselves over implementing SSL. You can turn all that off and just go about your hosting as though it's a site running on HTTP only.
If in the instance that you do need to know whether the visitor is using HTTP or HTTPS (in case you need to redirect them), the ELB sends a couple of HTTP headers to your server inside the request it makes for the user. One of these is X-Forwarded-Proto. This is set to either http or https, and you can examine it within your Apache/nginx configuration, or your application's code and act accordingly.
