How can I associate an ACM SSL/TLS certificate with a Classic, Application, or Network Load Balancer?

Last updated: 2019-05-13

How can I associate an AWS Certificate Manager (ACM) SSL/TLS certificate with a load balancer?  

Short Description

ACM is integrated with Elastic Load Balancing. You can Request a Public Certificate using ACM or Import a Certificate into ACM. After you create or import your certificate, you can associate the certificate to your Classic, Application, or Network Load Balancer.

Resolution

Follow these steps to associate an ACM SSL certificate with your load balancer.

Note: ACM certificates must be requested or imported in the same AWS Region as your Load Balancer.

Associate an ACM SSL certificate with a Classic Load Balancer

  1. Open the Amazon EC2 console.
  2. In the navigation pane, choose Load Balancers. Then, choose your Classic Load Balancer.
  3. Choose the Listeners tab, and then choose Edit.
  4. For Load Balancer Protocol, choose HTTPS.
  5. For SSL Certificate, choose Change.
  6. Select Choose a certificate from ACM.
  7. Select the certificate from Certificates drop-down list, and then choose Save.

Associate an ACM SSL certificate with an Application Load Balancer

  1. Open the Amazon EC2 console.
  2. In the navigation pane, choose Load Balancers, and then choose your Application Load Balancer.
  3. Choose Add listener.
  4. For Protocol choose HTTPS.
  5. For port, choose 443.
  6. For Default action(s), choose Forward to, and then select your ALB target group from the drop-down menu.
  7. For Default SSL certificate, choose From ACM (recommended) and then choose the ACM certificate.
  8. Choose Save.

Note: Application Load Balancers support multiple SSL/TLS certificates using Server Name Identification (SNI). If you request a public certificate from ACM, you can't export private keys for ACM issued public certificates. You can't directly install Amazon-issued certificates on Amazon Elastic Compute Cloud (EC2) instances. Instead, use the certificate with a load balancer and register the EC2 instance behind the load balancer.

Associate an ACM SSL certificate with a Network Load Balancer

  1. Open the Amazon EC2 console.
  2. In the navigation pane, choose Load Balancers, and then choose your Network Load Balancer.
  3. Choose Add listener.
  4. For Protocol, choose TLS.
  5. For port, choose 443.
  6. For Default action(s), choose Forward to, and then select your NLB target group from the dropdown menu.
  7. For Default SSL certificate, choose From ACM (recommended) and choose the ACM certificate.
  8. Choose Save.