SSL on ELB+nginx

0
votes

I have an Application Load balancer and 1 EC2 instance currently behind it. Before, I was using another CA for receiving SSL certificates for my domain which was running on the EC2 with nginx. Now, I use SSL from Amazon's Certificate Manager for the load balancer's listener.

Should the domain's certificate be purchased individually on each EC2 instance for https connection to my application after moving it behind the ELB?

Is there any other way to establish https connection without using the separate certificates on the EC2 instances and with just the ACM on the load balancer?

2
amazon-web-servicesnginxssl-certificate
Is there a reason you want the ELB communicating with the EC2 instance via SSL? If not then you can simply terminate SSL at the ELB and communication between the ELB and EC2 instance can occur over HTTP.Mark B
I want all my pages seen in the browser to be protected using SSL, Mark. When I make the connection: http between the ELB and the EC2 all the pages except the first page uses insecure connections. Is that a problem with something else?priya
All connections between the browser and the ELB will be SSL. The browser won't know, and won't care about the protocol being used between the ELB and the EC2 server.Mark B

2 Answers

0
votes

You can use the same certificate on EC2. But whenever you need to update the certificate you have to change in EC2. If you have the EC2 in a private subnet (Not accessible to the internet) you can use the self-signed certificate (self signed certificate nginx). I encountered this problem and solved it by using the self-signed certificate.

0
votes

You can use self-signed certificates on the EC2 instances to enable the load balancer to talk to your EC2 instances via https - the load balancer will not to certificate validation, so you do not need commercial certs.