Open in app

Sign up

Sign in

Write

Sign up

Sign in

Mastodon
System Weakness

System Weakness is a publication that specialises in publishing upcoming writers in cybersecurity and ethical hacking space. Our security experts write to make the cyber universe more secure, one vulnerability at a time.

Follow publication

Member-only story

SSL/TLS Encryption in AWS Elastic Load Balancers: Secure Connections with Certificates and Server Name Indication

Alice the Architect
System Weakness
Published in
3 min readOct 8, 2024

--

In today’s cloud environment, securing data in transit is crucial for ensuring that communications between clients and servers remain private and protected. SSL/TLS certificates play a key role in achieving this by encrypting traffic between clients and load balancers, ensuring data integrity and confidentiality.

SSL and TLS: What’s the Difference?

SSL (Secure Socket Layer) was originally developed to secure communications over the internet. However, it has since been succeeded by TLS (Transport Layer Security), a more modern and secure protocol. Although TLS is the standard today, many people still refer to it as SSL, leading to some confusion.

SSL/TLS Certificates and Certificate Authorities

SSL/TLS certificates are used to authenticate the identity of websites and encrypt data. These certificates are issued by Certificate Authorities (CAs) like Comodo, Symantec, GoDaddy, GlobalSign, DigiCert, and Let’s Encrypt. AWS allows you to manage your SSL/TLS certificates through AWS Certificate Manager (ACM), making it easier to provision, manage, and deploy certificates.

Certificates have a lifespan and must be renewed before they expire. The expiration date is set at the time of issuance by the CA or ACM, ensuring that security practices remain up to date.

How SSL/TLS Works in Elastic Load Balancing

AWS Elastic Load Balancers (ELB) support SSL/TLS encryption, which ensures secure communication between clients and your backend services.

  • X.509 Certificates: AWS ELBs use X.509 certificates (commonly referred to as SSL/TLS server certificates) to enable encryption. You can manage certificates through ACM or upload your own.
  • HTTPS Listener: To configure SSL/TLS for your load balancer, you need to set up an HTTPS listener. This requires specifying a default certificate to be used by the listener. You can also add multiple certificates to support multiple domains. When clients connect to the load balancer, they can use Server Name Indication (SNI) to specify…

--

--

System Weakness
System Weakness
Follow

Published in System Weakness

6.9K Followers
Last published 1 day ago

System Weakness is a publication that specialises in publishing upcoming writers in cybersecurity and ethical hacking space. Our security experts write to make the cyber universe more secure, one vulnerability at a time.

Follow
Alice the Architect
Alice the Architect
Subscribe

Written by Alice the Architect

106 Followers
18 Following
Subscribe

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech