Is this for the situation where you dont have a certificate associated with the domain so when users access the site and hit the load balancer, it will encrypt that traffic and show as safe?
Is this the opposite of terminating SSL at the ALB level?
thank you so much!
2 Answers
The reason you add an SSL cert to your Load Balancers is so that it can support secure traffic (ie HTTPS instead of just regular HTTP). This also unloads some work from your application server as it doesn’t have to perform that overhead work.
SSL certificate contains a public and private key pairs that you can encrypt/decrypt traffic. If you want to terminate your SSL connection at your load balancer, then you have to associate a SSL certificate with your LB. If you’re using layer 4 load balancer such as CLB with TCP listener, you can offload the SSL termination to the backend servers so you don’t have to associate a SSL certificate with your LB.
You will also need this to be able configure http to https redirects