Security for transporting data over HTTP is provided by a Secure Sockets Layer (SSL). SSL is widely used on the internet to authenticate a service to a client, and then to provide encryption to the transport channel. Since on AWSone of the endpoints is the user's browser and the other is the Elastic Load Balancer (ELB), which was configured earlier in Chapter 4, Designing for and Implementing Scalability, configuring the ELB to accept SSL certificates will secure the transport channel between the user's browser and the ELB. This implies the data is not secured between the ELB and the application running in an EC2 instance, but since it is on a VPC within the AWS infrastructure it is secure.

Digital certificates are issued by Certification Authorities (CAs) who are trusted third parties that sign certificates for network entities they have authenticated using secure means. Normally, you would create a CSR and have the CSR signed by the CA. Here we will not use a commercial CA to sign a certificate but instead use a self-signed certificate. As a consequence of that the browser will not be able to verify the self-signed digital certificate or the authenticity of the website and will generate an exception. However, it will create a secure transport channel between the browser and the ELB.