This article explains the application profiles and PKI profile configurations.

NSX Advanced Load Balancer can validate SSL certificates presented by clients against a trusted certificate authority (CA) and a configured certificate revocation list (CRL). Certificate information is passed to the server through various headers through additional options. For certificate authentication, an HTTP application profile and an associated public key infrastructure (PKI) profile have to be configured.

Starting with NSX Advanced Load Balancer release 18.2.3, this has been extended to L4 SSL/TLS applications (via the NSX Advanced Load Balancer CLI).