[nodesocket]

Do ALBs support more than a single SSL certificate?

[zob_cloud]

ELB Classic & ELB Application Load Balancer don't support multiple SSL certificates. There is support multiple Subject Alternative Names (SANs https://en.wikipedia.org/wiki/Subject_Alternative_Name)

And there is support for wildcard certificates, *.example.com

You can request a cert through AWS Certificate Manager with multiple names, more info https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-requ...

This is not using Server Name Indicator / SNI.

[pat2man]

Like via SNI? No mention of it and the screenshots make it seem unlikely.

[pgib]

The Amazon Certificate Manager uses SNI, and you can request certificates with multiple hosts and even wildcard domains. I would imagine if you upload your own multi-domain certificate that it would work in the same way, but I have never tested that.

[imperalix]

I think you mean SAN instead of SNI. SNI is like host headers for TLS connections, while SAN on certs allow you have to very valid for multiple names.

[koolba]

If the top level is the same you can use a wildcard (*.example.com) cert.

[pyre]

You're missing the use-case where you want to use a wildcard certificate and an EV certificate. You can't get an EV wildcard certificate.

[koolba]

> You're missing the use-case where you want to use a wildcard certificate and an EV certificate. You can't get an EV wildcard certificate.

Yes that's not possible as EV certs are not issue for wildcards.

My counter is that EV certs are for chumps and the entire concept is a scamola. The only justification I'd accept for getting one is proper A/B testing that an EV cert lead to increased revenue. There's no inherent security argument for them.

[brianwawok]

EV certs don't stop domain hijacking + cheapo SSL cert attack vector?