How to connect an ELB HTTPS to an EC2 HTTPS Tomcat
Setup:
Classic ELB:
EC2 Tomcat:
Additional Notes:
Infrastructure Overview: Salesforce -> SSL ELB -> SSL EC2
As SSL Certificate is deployed on ELB, it will terminate the connection on ELB with client, decrypt the requests and then send them to the backend instances. Thats why, the request works with clientAuth = false.
If you just need an authentication per Salesforce certificate(depends on your security policies), set security groups such that traffic is allowed on ELB only on port 443 and clientAuth = false as ELB has already made sure that the connection is encrypted with client.
In case, you need additional security, you can follow the instructions here to setup authentication with back-end instances as well. Hope it helps.
