Setting up SSL certificate for subdomain alias

Question

We have an application hosted on AWS backed by Application load balancer.

The subdomain subdomain.example.com and domain example.com is managed by an external registrar and they have their NS records we they cannot change. They could setup a CNAME record pointing to alias prod.internaldomain.com which is managed by AWS route 53 and routes the request to AWS Application load balancer (ALB) prod.elb-xyz.eu-west-1.elb.amazonaws.com DNS which is generated dynamically and does not have an IP address.

my question is, if we install the SSL cert subdomain.example.com on AWS ALB prod.elb-xyz.eu-west-1.elb.amazonaws.com would it work? or is there any other way?

Answer 1

The only restriction you need to be aware of is that the CN on the SSL certificate needs to match the Host header of the HTTP request.

If your users are accessing your service using HTTPS on the URL of https://subdomain.example.com, and you have a DNS record of subdomain.example.com pointing to your ALB of prod.elb-xyz.eu-west-1.elb.amazonaws.com with an SSL certificate with a CN of subdomain.example.com it will work.