Application Load Balancer can authenticate X.509 certificate based identities with Mutual TLS support
News
This article introduces Mutual TLS support for Amazon's Application Load Balancer (ALB), allowing authentication of clients using X.509 certificates during TLS encrypted connections.
Specifically, the article covers:
- Two options for client certificate validation: passthrough mode (sends client certificate chain to target application) or verify mode (offloads authentication to ALB)
- Support for client certificates from third-party CAs or AWS Private Certificate Authority (PCA)
- Optional revocation checks for compromised client certificates
- Configuration via AWS APIs or Management Console, including creating a Trust Store resource for verify mode
- Availability in all commercial AWS regions and GovCloud
- Pricing details and links to further documentation
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.