NSX Advanced Load Balancer supports the update of non-self-signed certificates.

Use Case

If a certificate expires or it needs to be replaced, multiple virtual services can be impacted. You can manually update each virtual service, one by one, to use a replacement certificate, presents administrative burden. By updating the certificate in place, NSX Advanced Load Balancer lifts that burden. Updating the pre-existing named certificate is automatically followed by a push to all affected SEs, which in turn causes all affected virtual services to continue without interruption.

UI Interface

  1. Navigate to Templates > Security > SSL/TLS Certificates.

  2. Click the pencil icon at the extreme right of the row to open the certificate editor.

    Note:

    Any row listing a self-signed certificate will present no such option.

  3. If the SSLKeyAndCertificate object is created using a certificate signing request (CSR), you can take the CSR and upload the new certificate by importing the file.

  4. If the SSLKeyAndCertificate object is created by importing the private key and certificate, you can edit and upload a new key-cert pair.