How do I update the certificate used for backend authentication in my AWS elastic load balancer?

Question

How do I update the certificate used for backend authentication in my AWS elastic load balancer?

I can't find anything in the AWS console or docs that explains how to do it.

Answer 1

There is not a way to update the backend authentication via the management console, but you can use the command line interface to do this.

The process is documented at http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/config-backend-auth.html, in the "Using the Command Line Interface" section.

The link above has the necessary details, but conceptually the steps are:

1. Obtain your backend server's public key.
2. Use elb-create-lb-policy to create a new PublicKeyPolicyType policy for that public key.
3. Use elb-create-lb-policy to create a new BackendServerAuthenticationPolicyType based on the new public key policy you just created. (You can also include previously existing public key policies if your load balancer has instances that still have old certificates; simply add more --attribute arguments for those public key policies. You can see existing policies for the load balancer with the elb-describe-lb-policies command.)
4. Use elb-set-lb-policy to tell your load balancer to use your new backend server authentication policy for the desired port.