Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can I use Single AWS ELB to host 2 SSL Certs for 2 Different Domains?

On AWS, I'm hosting Multiple (totally different) Domains on EC2 covered by an ELB on top. I already have 1 Wildcard SSL Cert for 1 Domain and its childs. (xxxx.site1.com)

Then now can I add one more Single SSL Cert (on same ELB) for 1 another different Domain, like (www.site2.com) please?

I'm asking this because some Articles are saying, it won't work and just crush.

Please kindly advise.

like image 723
夏期劇場 Avatar asked Feb 20 '14 09:02

夏期劇場


2 Answers

No. The only way you could do it is if you use a second port for HTTPS connections (other than 443) which doesn't apply to real world scenarios since 443 is the default port for HTTPS

Having said that, you can simply create a second ELB and assign your second wildcard certificate to it. You can also forward your traffic to the same backend server as the one where the first ELB is forwarding its traffic to.

Hope this helps.

like image 90
Rico Avatar answered Sep 23 '22 01:09

Rico


Yes. But not by terminating SSL on the load balancer. You have to enable Proxy Protocol on the ELB and transparently forward TCP requests to the web server. There are more details in this article on how to configure the ELB with example NGINX configurations:

Multiple SSL domains on AWS ELB with Nginx

Using the AWS CLI to enable:

aws elb create-load-balancer-policy \  
  --load-balancer-name acme-balancer \
  --policy-name EnableProxyProtocol \
  --policy-type-name ProxyProtocolPolicyType \
  --policy-attributes AttributeName=ProxyProtocol,AttributeValue=True

aws elb set-load-balancer-policies-for-backend-server \  
  --load-balancer-name acme-balancer \
  --instance-port 9443 \
  --policy-names EnableProxyProtocol

aws elb describe-load-balancers --load-balancer-name acme-balancer

There is also a mod_proxy_protocol module available if you are using Apache.

This does NOT add an additional distribution layer; ELB still handles distributing the traffic, connection draining. However, SSL termination is handled by each individual server.

like image 31
Garth Kerr Avatar answered Sep 27 '22 01:09

Garth Kerr