This topic describes how to configure extended certificates to bind multiple domain names to an Application Load Balancer (Application Load Balancer (ALB)) endpoint. You can also configure forwarding rules to forward different domain name requests to different backend servers.

Scenarios

ALB automatically matches a valid certificate based on the HTTPS domain name that is requested by the client. If no valid certificate is matched, the default listener certificate is used. In this example, the following configurations are used:

  • The default certificate is specified as the listener certificate, and RS1 is specified as the default listener server group.
  • The domain name *.example1.com is bound to the extended certificate example1, and client requests from *.example1.com are forwarded to Server Group RS1.
  • The domain name *.example2.com is bound to the extended certificate example2, and client requests from *.example2.com are forwarded to Server Group RS2.
Architecture

Prerequisites

  • Server Group RS1 and RS2 are created. For more information, see Manage server groups.
  • Log on to the SSL Certificates Service console, purchase a certificate or upload a third-party certificate, and then bind it to the domain name. The following certificates are used in this example:
    • The default certificate.
    • The extended certificate example1 to which *.example1.com is bound.
    • The extended certificate example2 to which *.example2.com is bound.

Add an HTTPS listener

  1. Log on to the ALB console.
  2. In the top navigation bar, select the region where the ALB instance is deployed.
  3. On the Instances page, find the ALB instance, and click Create Listener in the Actions column.
  4. Configure the listener.
    The following configurations are used in this topic. For more information about the parameters, see Add an HTTPS listener.
    • Server Certificate: In this example, the default certificate is selected.
    • Backend Servers: In this topic, Server Group RS1 is selected.

Step 2: Add an extended certificate

  1. On the Instances page, find the ALB instance that you want to manage and click the ID of the instance.
  2. On the Listener tab, find the HTTPS listener that you created, and click Manage Certificate in the Actions column.
  3. Choose Certificates > Server Certificates, and click Add Extended Validation Certificate.
  4. In the Add Extended Validation Certificate dialog box, select the certificate example1, and click OK.
  5. Repeat the step and select example2, and then click OK.
    Note The maximum number of extended certificates that can be added to an ALB instance (excluding the default listener certificate):
    • Basic Edition: 10
    • Standard Edition: 25

Step 3: Configure forwarding rules

  1. On the Instances page, find the ALB instance that you want to manage and click the ID of the instance.
  2. On the Listener tab, find the HTTPS listener that you created and click View/Modify Forwarding Rule in the Actions column.
  3. Choose Forwarding Rules > Inbound Forwarding Rules, and click Add New Rule.
  4. Set the parameters and click OK.
    The following configurations are used in this example:
    • Forwarding condition: Domain Name is set to www.example2.com.
    • Forwarding action: Forward is set to RS2.

Step 4: Test the connectivity

Enter https://www.example1.com and https://www.example2.com in the browser address bar. The result shows that you can use both domain names to access ALB . The following forwarding policies are used:

  • Requests from https://www.example1.com are forwarded to Server Group RS1 based on the default forwarding rule.
  • Requests from https://www.example2.com are forwarded to Server Group RS2 based on the specified forwarding rule.