For an aws classic load balancer with a https listener, the aws ELB docs says that "If the HTTPS listener sends requests to the instances on port 443, communication from the load balancer to the instances is encrypted". I want to know that how communication between the ELB and the instances can be encrypted without having an ssl certificate on the instances and if this communication is encrypted then which keys are used to encrypt it? and how does the instances decrypt the data at their end?
0
votes
1 Answers
3
votes
You would have to install an SSL certificate on each of the instances. It could be the same certificate you have installed on the ELB (if it wasn't an ACM generated certificate) or it could be another SSL certificate or a self-signed SSL certificate.
Whatever SSL certificate is installed on the instance is what will be used to encrypt communication between the ELB and the instance.
