amazon-web-servicesaws-certificate-manager

Difference Between Public and Private Certificates


While wiring up a proof of concept, I am attempting to determine if a public certificate can be used to secure https requests flowing from public facing web servers to an internal/private Application Load Balancer. The certificate would be on the internal ALB. From what I read in this article, I'd expect that a public certificate can be used and would be easier to configure/maintain/deploy.

Do I need a private certificate for an internal/private Application Load Balancer or will a public certificate serve the same purpose?


Solution

  • Public certificates can only be created and verified for domain names which are publicly accessible.

    To issue you a certificate, the certificate authority requires you to present public proof of ownership such as solving a DNS challenge.

    If the domain that you want to issue the certificate for is private then you won't be able to issue a public certificate for it.