Posted On: Oct 10, 2017
We are pleased to announce support for multiple SSL certificates on Application Load Balancers using Server Name Indication (SNI). You can now host multiple secure (HTTPS) applications, each with its own SSL certificate, behind one load balancer. This greatly simplifies application management as many secure applications or multi-tenant SaaS applications can run behind the same load balancer.
Prior to this launch, Application Load Balancers supported only one certificate for a standard HTTPS listener (port 443) and you had to use Wildcard or Multi-Domain (SAN) certificates to host multiple secure applications behind the same load balancer. The potential security risks with Wildcard certificates and the operational overhead of managing Multi-Domain certificates presented challenges. With SNI support you can associate multiple certificates with a listener and each secure application behind a load balancer can use its own certificate.
Application Load Balancers also support a smart certificate selection algorithm with SNI. If the hostname indicated by a client matches multiple certificates, the load balancer determines the best certificate to use based on multiple factors including the capabilities of the client.
SNI is integrated with AWS Certificate Manager (ACM) and AWS Identity and Access Management (IAM) for certificate management. You can associate up to 25 certificates with a load balancer in addition to a default certificate per listener.
To learn more, please visit AWS Blog and the SSL certificates section of the Application Load Balancer User Guide.