1

When Sticky Sessions are enabled on an AWS ELB it seems that the ELB will terminate SSL (AWS forum discussing this). I need information from the user's certificate to verify some things, so I need the ELB to forward this information to the EC2 instances.

How can I get the ELB to give me the user's certificate information? Is there a way to create custom headers? All I was able to find were these three headers: Amazon docs on x-forwarded-headers.

As discussed in the first link I posted another option is persistent sessions. Is this my only option?

Zack
  • 69
  • 1
  • 3
  • 11
  • Are you sure you actually mean client certificates? They are very rare in TLS setups. – l0b0 Aug 09 '16 at 17:59

1 Answers1

2

ELB won't give you information regarding the certificate. And you cannot customize/add forwarded headers.

If you need the client certificate, you'll need to use TCP forwarding rather than HTTP/HTTPS.

This way, the ELB will simply forward the connection as-is on to the EC2 instance. It won't terminate the SSL connection, and you won't get sticky sessions.

Matt Houser
  • 33,983
  • 6
  • 70
  • 88