The NSX Advanced Load Balancer CLI interface can be used to configure L4 SSL/TLS application profiles for client SSL certificate validation.
Procedure
- Login to the NSX Advanced Load Balancer CLI (shell).
- Edit or create the application profile for your L4 SSL/ TLS application. For instance,
my-L4-app-profile.> [admin:our-controller]: > configure applicationprofile my-L4-app-profile
- Declare the profile to be type L4.
> [admin:our-controller]: applicationprofile> type application_profile_type_l4
- Enter
tcp_app_profilesubmode.> [admin:our-controller]: applicationprofile> tcp_app_profile
- Enter the
ssl_client_certificate_mode. If you key in just a portion of the keyword, followed by pressing the Tab key twice, three choices appear.> [admin:our-controller]: applicationprofile:tcp_app_profile> ssl_client_certificate_mode ssl_client_certificate_ ssl_client_certificate_none Enum option does not have an e_description option ssl_client_certificate_request Enum option does not have an e_description option ssl_client_certificate_require Enum option does not have an e_description option
- Select the desired validation type.
> [admin:our-controller]: applicationprofile:tcp_app_profile> ssl_client_certificate_mode ssl_client_certificate_require
- For either
ssl_client_certificate_request or ssl_client_certificate_requiremode, a PKI profile is required and must exist previous to saving the application profile.> [admin:our-controller]: applicationprofile:tcp_app_profile> pki_profile_ref my-L4-pki
- Save the configuration.
> [admin:our-controller]: applicationprofile:tcp_app_profile> save > [admin:our-controller]: applicationprofile> save > [admin:our-controller]:
