1
00:00:00,090 --> 00:00:02,160
‫So let's have a look at how we can enable

2
00:00:02,160 --> 00:00:07,160
‫SSL certificates on both the ALB and the NLB.

3
00:00:07,470 --> 00:00:09,180
‫So if I look at the ALB,

4
00:00:09,180 --> 00:00:11,760
‫I just have to add one listener, for example,

5
00:00:11,760 --> 00:00:15,720
‫I will add a listener, and the protocol will be HTTPS

6
00:00:15,720 --> 00:00:18,600
‫and the ports by default will be 443.

7
00:00:18,600 --> 00:00:21,995
‫And then we can say, okay if the clients are using

8
00:00:21,995 --> 00:00:24,030
‫the port 403 for HTTPS protocol,

9
00:00:24,030 --> 00:00:27,603
‫then forward to a specific target group.

10
00:00:28,620 --> 00:00:31,440
‫And then we can also have secure listener settings.

11
00:00:31,440 --> 00:00:36,120
‫So we can say, we can actually set a SSL security policy

12
00:00:36,120 --> 00:00:39,960
‫to see how to negotiate the certificates itself,

13
00:00:39,960 --> 00:00:42,690
‫and this is based on if you need, for example,

14
00:00:42,690 --> 00:00:46,830
‫previous compatibility with older version of SSL or TLS

15
00:00:46,830 --> 00:00:49,560
‫and so on, so you can leave this as default

16
00:00:49,560 --> 00:00:52,767
‫and then you need to say where this SSL

17
00:00:52,767 --> 00:00:54,840
‫or TLS certificate is located

18
00:00:54,840 --> 00:00:58,530
‫and so it can be in ACM, Amazon Certificate Manager,

19
00:00:58,530 --> 00:00:59,580
‫but I currently don't have any,

20
00:00:59,580 --> 00:01:02,820
‫so I won't see here one or from IAM,

21
00:01:02,820 --> 00:01:05,790
‫but this is not recommended as domain method.

22
00:01:05,790 --> 00:01:08,880
‫Or you can import it by just pasting the private key,

23
00:01:08,880 --> 00:01:12,210
‫the body and the certificate chain here if need be

24
00:01:12,210 --> 00:01:14,730
‫and then this will import the certificate itself

25
00:01:14,730 --> 00:01:17,310
‫into ACM directly.

26
00:01:17,310 --> 00:01:20,970
‫So it's a similar process for the network cloud balancer.

27
00:01:20,970 --> 00:01:24,240
‫So if I go in the network balancer right here,

28
00:01:24,240 --> 00:01:25,410
‫and have a look at the listeners,

29
00:01:25,410 --> 00:01:29,820
‫I can add a listener of it being TLS,

30
00:01:29,820 --> 00:01:33,810
‫and then we can forward to a demo target group right here

31
00:01:33,810 --> 00:01:35,280
‫and then for security policy,

32
00:01:35,280 --> 00:01:37,800
‫we can set whatever policy we want,

33
00:01:37,800 --> 00:01:40,560
‫as well as choose where the certificate is from

34
00:01:40,560 --> 00:01:44,940
‫so from SCM, IAM, or import, and finally we can set

35
00:01:44,940 --> 00:01:47,193
‫an application layer protocol negotiation,

36
00:01:48,104 --> 00:01:48,937
‫which I won't go over

37
00:01:48,937 --> 00:01:51,270
‫but this is a pretty advanced setting for TLS.

38
00:01:51,270 --> 00:01:53,270
‫So that's it, you've seen how to use SSL

39
00:01:54,180 --> 00:01:56,100
‫or TLS certificates on your load balancers.

40
00:01:56,100 --> 00:01:59,223
‫I hope you liked it and I will see you in the next lecture.