This section explains the steps to create PKI application profile using NSX Advanced Load Balancer UI and NSX Advanced Load Balancer CLI.

Creating PKI Application Profile Using NSX Advanced Load Balancer UI

  1. Navigate to Templates > Security > PKI Profile. Click Create.

  2. In this example, a new PKI profile is created. Provide the desired name, select the Enable CRL Check option.

  3. In Certificate Authority (CA) tab, select Add and click Upload Certificate Authority File (CA) to upload a file.

  4. Navigate to the Certificate Revocation List (CRL) tab and select Add. You can add the details either by providing the server URL, or by uploading the file saved on your local work station.

  5. Click Save. As shown below, the CA file and the CRL file have been added to the PKI profile (My-PKI-Profile). The application profile must contain a CRL for each of the intermediate CA in the chain of trust.

Creating PKI Application Profile using the NSX Advanced Load Balancer CLI

[admin:My-Avi-Controller-17.2.10]: > configure pkiprofile test                                                                                          
[admin:My-Avi-Controller-17.2.10]: pkiprofile> ca_certs 
New object being created
[admin:My-Avi-Controller-17.2.10]: pkiprofile:ca_certs> certificate --
Please input the value for field certificate (Enter END to terminate input):-----BEGIN CERTIFICATE-----   <————————— Paste cert here
MIIFAzCCA+ugAwIBAgIEUdNg7jANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
r2RsCAwEAAaOCAQkwggEFMA4GA1UdDwEB/wQEAwIBBjAP
jbEnmUK+xJPrSFdDcSPE5U6trkNvknbFGe/KvG9CTBaahqkEOMdl8PUM4ErfovrO
GhGonGkvG9/q4jLzzky8RgzAiYDRh2uiz2vUf/31YFJnV6Bt0WRBFG00Yu0GbCTy
BrwoAq8DLcIzBfvLqhboZRBD9Wlc44FYmc1r07jHexlVyUDOeVW4c4npXEBmQxJ/
B7hlVtWNw6f1sbZlnsCDNn8WRTx0S5OKPPEr9TVwc3vnggSxGJgO1JxvGvz8pzOl
u7sY82t6XTKH920l5OJ2hiEeEUbNdg5vT6QhcQqEpy02qUgiUX6C
-----END CERTIFICATE-----                   <—————————  Press Enter key after pasting cert
END                                         <—————————  Type END and press Enter key
[admin:My-Avi-Controller-17.2.10]: pkiprofile:ca_certs> save
[admin:My-Avi-Controller-17.2.10]: pkiprofile> no crl_check      <—————————  Optional for testing
[admin:My-Avi-Controller-17.2.10]: pkiprofile> save