Apply SSL Certificate To Network Loadbalancer

In the previous articles , I have explained how we can

Generate SSL certificates using AWS Certificate manager

Create network loadbalancer in aws

In this guide , We will learn How we can use SSL/TLS certificate generated using AWS certificate manager for our domain in the Network load balancer.

You should also check out this blog , To setup SSL for ALB

Description

ACM can be integrated with the Elastic Load balancing.

First We need to generate the SSL certificate for our domain using ACM , Or we can import the existing SSL certificates to the ACM in the same region as the load balancer

Then we can associate the certificates to the Load balancers.

SSL Certificate

In order to use SSL/TLS certificate in the load balancer , We need use HTTPS listener in the load balancer.

Then the load balancer will use the certificate and then decrypts the client request at the frontend before send them the response.

HTTPS Listener

A listener checks for the incoming requests / connections.

We can define HTTP and HTTPS listeners on the load balancers.

We can create or modify HTTP and HTTPS listeners any time in the load balancer.

When we create HTTPS listener, It enable encryption between the load balancer and clients.

Amazon recommend to use the AWS Certificate Manager for the load balancer.

How Certificate Renews

Each certificate we generate or purchase comes with a validity period.

So we must ensure that the certificates are renewed before its validity ends.

• If the certificate for the load balancer is provides by AWS certificate manager , Then the certificate will be automatically renewed by the AWS.hence the new requests will be served using new certificates.

• If the certificate is imported into the ACM, Then we need to setup monitoring for ssl certificate expiry and renew it before the validity ends.

Adding TLS Listener

While creating / updating listener , We can configure the protocol and the port for the incoming connections form the users.

Open the EC2 console , In the left navigation pane , Choose Load balancers

Select the load balancer and then choose Listeners and then click Add listener

Each listeners will have a target groups.Hence any incoming requests to the load balancer will be forwarded to the instances in the target group and the response will be served to the clients.

For protocol , Choose TLS

For port , Choose 443

Under Default actions , Choose forward and then select the target group from the drop down menu.

Select the default security policy and For Default SSL Certificate

Choose From ACM (recommened) and select the certificate from ACM.

and then click Save.

Updating Listener

You can update the TLS listener by replacing with the new ACM certificate or using the certificate from IAM , Or you can import an existing SSL certificate.

Limitations On Network Load Balancer

Per Region

• Network Load balancer : 50
• target groups : 3000
• Listeners per Load balancer : 50
• Certificates per load balancer : 25
• Targets per load balancer : 500

Conclusion

We have learnt how we can create an apply TLS certificate to the Network load balancer , So the connection will be encrypted between the load balancer and the end users.

Hope you find it helpful.

Please do check out my other articles.