NSX Advanced Load Balancer supports automation of the process for requesting and installing a certificate signed by a certificate authority (CA). This feature handles initial certificate registration and renewal of certificates based on certificate expiration. This topic explains configuring certificate management integration and automatic certificate renewal.

Create a certificate management profile which provides a way to configure a path to a certificate script. Along with the set of parameters the script needs (CSR, common name, and others) to integrate with a certificate management service within the customer’s internal network. The script itself is left opaque by design to accommodate the various certificate management services different customers may have.

For SSL certificate configuration, select CSR and fill in the necessary fields for the certificate, and select the certificate management profile to which this certificate is bound. The NSX Advanced Load Balancer Controller will then use the CSR and the script to obtain the certificate and also renew the certificate upon expiration. As a part of the renewal process, a new key pair is generated and a certificate corresponding to this is obtained from the certificate management service.

As a part of the SSL certificate configuration, only select CSR, fill in the necessary fields for the certificate, and select the certificate management profile to which this certificate is bound. The NSX Advanced Load Balancer Controller will then use the CSR and the script to obtain the certificate and also renew the certificate upon expiration. As a part of the renewal process, a new key pair is generated and a certificate corresponding to this is obtained from the certificate management service.

Without the addition of this automation, the process for sending the CSR to the external CA, then installing the signed certificate and keys, must be performed by the NSX Advanced Load Balancer user.