Apply SSL Certificate To Classic Loadbalancer

In the previous articles , I have explained how we can

Create classic loadbalancer in aws

Generate SSL certificates using AWS Certificate manager

In this guide , We will learn How we can use SSL/TLS certificate generated using AWS certificate manager for our domain in the Classic load balancer.

Description

 

ACM can be integrated with the Elastic Load balancing.

 

First We need to generate the SSL certificate for our domain using ACM , Or we can import the existing SSL certificates to the ACM in the same region as the load balancer

 

Then we can associate the certificates to the Load balancers.

SSL Certificate

 

  • In order to use SSL/TLS certificate in the load balancer , We need use HTTPS listener in the load balancer.

 

  • Then the load balancer will use the certificate and then decrypts the client request at the frontend before send them the response.

 

HTTPS Listener

 

  • A listener checks for the incoming requests / connections.

 

  • We can define HTTP and HTTPS listeners on the load balancers.

 

  • We can create or modify HTTP and HTTPS listeners any time in the load balancer.

 

  • When we create HTTPS listener, It enable encryption between the load balancer and clients.

 

  • Amazon recommend to use the AWS Certificate Manager for the load balancer.

 

How Certificate Renews

 

Each certificate we generate or purchase comes with a validity period.

 

So we must ensure that the certificates are renewed before its validity ends.

 

  • If the certificate for the load balancer is provides by AWS certificate manager , Then the certificate will be automatically renewed by the AWS.hence the new requests will be served using new certificates.

 

Adding HTTPS Listener

While creating / updating listener , We can configure the protocol and the port for the incoming connections form the users.

 

Open the EC2 console , In the left navigation pane , Choose Load balancers

and then choose Listeners and then click Edit and choose Add

Choose a protocol , Select HTTPS and the Load balancer Port be 443

In the End , You will see SSL certificate , Click Change

You will get the following screen.

For Certificate type , Choose a certificate from ACM (recommended)

Select the certificate and then click Save.

Updating HTTPS Listener

 

We can update the existing HTTPS listener by replacing the existing certifcate from ACM or If you have uploaded a certificate to IAM we can choose that certificate and also we can modify the security policies.

Limitations On Classic Load Balancer

 

Per Region

 

  • load balancer : 20
  • Instances per load balancer : 1000
  • Listeners per load balancer : 100

These quotas cannot be increased.

 

Conclusion

 

We have learnt how we can create an apply SSL certificate to the Classic load balancer , So the connection will be encrypted between the load balancer and the end users.

 

Hope you find it helpful.

 

Please do check out my other articles.

Auto Stop And Start RDS Instances Using Lambda

AWS

Send Application Logs To Cloudwatch

Track S3 Bucket Changes Using Lambda

Setup MFA For SSH On Ubuntu