Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to set multiple certificates for AWS::ElasticLoadBalancingV2::Listener

Tags:

ssl

listener

amazon-web-services

amazon-cloudformation

Hi I have problem setting multiple certificates for ALB listener. Here is fragment of my CF template:

  DiscoveryListenerHTTPS:
    Type: AWS::ElasticLoadBalancingV2::Listener
    DependsOn:
      - DiscoveryLoadBalancer
      - DiscoveryLoadBalancerTargetGroup
    Properties:
      Certificates:
       - CertificateArn: !Ref CertificateArn1
       - CertificateArn: !Ref CertificateArn2

and response is: Up to '1' certificate ARNs can be specified, but '2' were specified (Service: AmazonElasticLoadBalancingV2; Status Code: 400; Error Code: TooManyCertificates; Request ID: XXXXXXXXX)

like image 243
Marcin Avatar asked Jan 30 '19 18:01

Marcin

People also ask

What is AWS :: ElasticLoadBalancingV2 :: listener?

AWS::ElasticLoadBalancingV2::Listener. RSS. Filter View. All. Specifies a listener for an Application Load Balancer, Network Load Balancer, or Gateway Load Balancer.

Can I have multiple certificates for the same server?

You can install multiple SSL certificates on a domain, but first a word of caution. A lot of people want to know whether you can install multiple SSL certificates on a single domain. The answer is yes.

How do I add a certificate to my AWS load balancer?

We recommend that you use AWS Certificate Manager (ACM) to create or import certificates for your load balancer. ACM integrates with Elastic Load Balancing so that you can deploy the certificate on your load balancer. To deploy a certificate on your load balancer, the certificate must be in the same Region as the load balancer.

How do I have multiple TLS certificates on my AWS server?

Multiple AWS SSL Certifications on Elastic Load Balancer (ELB) AWS support multiple TLS/SSL certificates on Application Load Balancers (ALB) using Server Name Indication (SNI). We can now host multiple TLS secure applications, each with its own TLS certificate, behind a single load balancer.

How do I deploy a certificate to my Elastic Load Balancer?

ACM integrates with Elastic Load Balancing so that you can deploy the certificate on your load balancer. To deploy a certificate on your load balancer, the certificate must be in the same Region as the load balancer. For more information, see Request a public certificate or Importing certificates in the AWS Certificate Manager User Guide.

How to host multiple TLS/SSL certificates on application load balancers (Alb)?

AWS support multiple TLS/SSL certificates on Application Load Balancers (ALB) using Server Name Indication (SNI). We can now host multiple TLS secure applications, each with its own TLS certificate, behind a single load balancer. In order to use SNI, all we need to do is bind multiple certificates to the same secure listener on the load balancer.

3 Answers

EDIT : improved answer thanks to @chris-pollard and @adamkgray answers

This works for me, you can specify multiple SSL certificates for an HTTPS listener.

For HTTPS, you are not allowed to specify directly multiple certificates on the AWS::ElasticLoadBalancingV2::Listener resource. Instead you have to create a AWS::ElasticLoadBalancingV2::ListenerCertificate resource in your template for additional certificates.

Here is an example of a listener by 443 port using a default certificate and then a certificate list with at least one certificate and associated to the listener that was previously created:

Listener443:
    DependsOn:
    - LoadBalancer
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      Certificates:
        - CertificateArn: !Ref CertificateARN
      LoadBalancerArn: !Ref LoadBalancer
      DefaultActions:
        - Type: fixed-response
          FixedResponseConfig:        
            ContentType: text/plain
            MessageBody: "Not Found"
            StatusCode: 404
      Port: 443
      Protocol: HTTPS

  CertificatesList:
    Type: AWS::ElasticLoadBalancingV2::ListenerCertificate
    Properties: 
      Certificates: 
        - CertificateArn: !Ref CertificateARN2
      ListenerArn: !Ref Listener443
like image 73
Miguel Conde Avatar answered Oct 12 '22 09:10

Miguel Conde

Came here looking for the same answer. Found that the answer was not clearly laid out in the comments/answers, so I'm gonna do that. Although you can specify multiple SSL certificates for an HTTPS listener, you are not allowed to specify multiple certificates on the HTTPS listener resource directly in the CFN template. You have to create another resource in your template for additional certificates like this:

AdditionalListenerCertificates:
        Type: AWS::ElasticLoadBalancingV2::ListenerCertificate
        Properties:
            Certificates:
              - CertificateArn: !Join
                - ":"
                - - "arn:aws:acm"
                  - !Ref AWS::Region
                  - !Ref AWS::AccountId
                  - !Join ["/", ["certificate", "<you-certificate-id>"]]
            ListenerArn: !Ref HTTPSListener
like image 39
adamkgray Avatar answered Oct 12 '22 08:10

adamkgray

It's a little clunky; the CF template for creating the listener only sets the default cert.

You should be able to add additional certs to the listener with this object: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html

like image 45
Chris Pollard Avatar answered Oct 12 '22 10:10

Chris Pollard
Sign in to Comment

Related questions

awscli s3 sync wildcards
Drop column in Dynamo DB table
API Key enabled, but requests without key still running
AWS API Gateway CORS ok for OPTIONS, fail for POST
How to play AudioStream response in AWS Polly using JavaScript SDK?
Getting Commit ID in CodePipeline
How do I get CloudFront-Viewer-Country to appear in response headers?
AWS S3 File Download from the client-side
Dynamic References to Specify Secret Manager Values in AWS Cloudformation
Passing data to step function catch
Terraform - Upload file to S3 on every apply
AWS: How to copy multiple file from local to s3?
Amazon AWS RDS vs EC2 with SQL Server [closed]
AWS CloudFormation conditional tagging
Spring Boot and ebextensions
How to create AWS IAM role attaching managed policy only using Boto3
Pyspark Save dataframe to S3
"The specified key does not exist" for VueJS app deployed on deployed on S3 with CloudFront
Terraform - Get a value from parameter store and pass to resource
How to install AWS SAM CLI on Linux without Brew

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!