The NSX Advanced Load Balancer CLI interface can be used to configure L4 SSL/TLS application profiles for client SSL certificate validation.

Procedure

  1. Login to the NSX Advanced Load Balancer CLI (shell).
  2. Edit or create the application profile for your L4 SSL/ TLS application. For instance, my-L4-app-profile.
    > [admin:our-controller]: > configure applicationprofile my-L4-app-profile
  3. Declare the profile to be type L4.
    > [admin:our-controller]: applicationprofile> type application_profile_type_l4
  4. Enter tcp_app_profile submode.
    > [admin:our-controller]: applicationprofile> tcp_app_profile
  5. Enter the ssl_client_certificate_mode. If you key in just a portion of the keyword, followed by pressing the Tab key twice, three choices appear.
    > [admin:our-controller]: applicationprofile:tcp_app_profile> ssl_client_certificate_mode ssl_client_certificate_
    ssl_client_certificate_none      Enum option does not have an e_description option
    ssl_client_certificate_request   Enum option does not have an e_description option
    ssl_client_certificate_require   Enum option does not have an e_description option
  6. Select the desired validation type.
    > [admin:our-controller]: applicationprofile:tcp_app_profile> ssl_client_certificate_mode ssl_client_certificate_require
    
  7. For either ssl_client_certificate_request or ssl_client_certificate_require mode, a PKI profile is required and must exist previous to saving the application profile.
    > [admin:our-controller]: applicationprofile:tcp_app_profile> pki_profile_ref my-L4-pki
  8. Save the configuration.
    > [admin:our-controller]: applicationprofile:tcp_app_profile> save
    > [admin:our-controller]: applicationprofile> save
    > [admin:our-controller]: