Here is our current infrastructure:
My question is how to set up the SSL certificate to support https connection.
Here are 2 ideas that I have:
thanks
The load balancer uses the certificate to terminate the connection and then decrypt requests from clients before sending them to the instances. The SSL and TLS protocols use an X. 509 certificate (SSL/TLS server certificate) to authenticate both the client and the back-end application.
TLS termination on Network Load Balancers also offers centralized deployment of SSL certificates by integrating with AWS Certificate Manager (ACM) and Identity Access Manager (IAM). You can also optionally configure encryption to the targets.
Google Cloud uses SSL certificates to provide privacy and security from a client to a load balancer. To achieve this, the load balancer must have an SSL certificate and the certificate's corresponding private key.
Definitely terminate SSL at the load balancer!!! Anything behind that should NOT be visible outside. Why wouldn't two ports for secure/insecure work just fine?
You don't actually need more certificates at all. Because the externally seen FQDN is the same you use the same certificate on each machine.
This means that WCF (if you're using it) will work. WCF with the SSL terminating on the external load balancer is painful if you're signing/encrypting at a message level rather than a transport level.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With