From 16f52b7bef745097f7076dde76715db378b54343 Mon Sep 17 00:00:00 2001
From: JJ <nicetry@noemail.com>
Date: Wed, 19 Mar 2025 14:56:26 +0000
Subject: first commit

---
 .../notes/aws-solutions-architect/14.ssl-tls.md    | 38 ++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 content/notes/aws-solutions-architect/14.ssl-tls.md

(limited to 'content/notes/aws-solutions-architect/14.ssl-tls.md')

diff --git a/content/notes/aws-solutions-architect/14.ssl-tls.md b/content/notes/aws-solutions-architect/14.ssl-tls.md
new file mode 100644
index 0000000..033f662
--- /dev/null
+++ b/content/notes/aws-solutions-architect/14.ssl-tls.md
@@ -0,0 +1,38 @@
+---
+title: 14 - ssl tls
+course: ["aws solutions architect"]
+---
+
+## SSL / TLS Basics
+
+SSL refers to Secure Socket Layer and is a way to encrypt network traffic that is in flight.
+
+For AWS it refers to encrypting traffic between the client and the load balancer. Traffic between the load balancer and instances are handled over plain HTTP.
+
+The S in HTTPS refers to 'secure', which means the traffic is using SSL.
+
+Nowadays, traffic is encrypted using TLS (Transport Layer Security), which is a newer version of SSL, but people still refer to it as SSL.
+
+SSl certs are issued by a Certificate Authority (CA) and have an expiration date.
+
+![](/images/aws/ssl.png)
+
+## Load Balancer and SSL
+
+- LB uses an X.509 Certificate
+- ACM (AWS Certificate Manager) manages certs
+- You must set a default SSL cert
+- Clients can use SNI (Server Name Indication) to specify the hostname they reach
+
+## Server Name Indication (SNI)
+
+- This helps manage multiple SSLs on one Server
+- Client must indicate server hostname to get the right SSL
+
+![](/images/aws/sni.png)
+
+## Load Balancer Support
+
+- _CLB_: supports 1 SSL
+- _ALB_: supports multiple with SNI
+- _NLB_: support multiple with SNI
-- 
cgit v1.2.3