我们在AWS VPC中有一个面向内部的应用程序负载均衡器。正在公共子网中运行的Web应用程序正在访问此目录。该Web应用程序位于自定义域网址的后面,并且使用SSL证书进行安全保护。由于API负载均衡器未与SSL一起应用,因此从Web应用程序到API LB的通信失败。
是否可以在AWS中为面向内部的负载均衡器获取SSL证书?
答案 0 :(得分:1)
Yes this is entirely possible using the AWS ACM service, there are two options, you can use Amazon's public service to generate certs but I assume that is not what you want to do here. So you can alternatively create a Private CA through this service and distribute your certificates from there which can then be placed on Loadbalancers etc. You will most likely want to look at these pages:
https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html https://aws.amazon.com/certificate-manager/
Have a read first before diving right in but it's a pretty nifty feature for this sort of thing, once the CA is setup then creating certs is so fast and instantly attachable to resources.