In NSX Advanced Load Balancer, certificates from the admin tenant can be shared by non-admin tenants when the shared_ssl_certificates flag is set to True in the Controller.
Default Behavior
System default certificates are used by objects in any tenant. For example, these include System-Default-Cert, System-Default-Cert-EC, System-Default-Portal-Cert, System-Default-Portal-Cert-EC256, System-Default-Root-CA, and System-Default-Secure-Channel-Cert, a set of objects that can be expected to expand over time. Objects created in a specific tenant (including the admin tenant) can only be viewed and used in their respective tenant. Certificates are automatically chained and will only be chained to certificates in the respective tenant.
Shared SSL Certificates
In NSX Advanced Load Balancer, the shared_ssl_certificates are added to the Controller Properties object. By default, this is set to False. If shared_ssl_certificates is set to True, the following behavior applies:
All certificates from the admin tenant are viewed from non-admin tenants.
Certificates from the admin tenant can be used in non-admin objects, that is, virtual services, pools, and so on.
Application certificates in non-admin tenants will be chained to issuer certificates in the admin tenant.
NSX Advanced Load Balancer will not chain certificates from the admin tenant to issuer certificates in non-admin tenants. As a result, if there is an Intermediate certificate in the admin tenant and the corresponding CA certificate is in the non-admin tenant, these objects will not be linked.
If there are any cross-tenant links (that is, an Intermediate certificate in the admin tenant and Application certificate in the non-admin tenant), the NSX Advanced Load Balancer will prevent changing the shared_ssl_certificates flag.
For unchained Application certificate in a non-admin tenant and the corresponding Intermediate certificate in the admin tenant, the user toggles the shared_ssl_certificates flag from
FalsetoTrue, and the Intermediate and Application certificates will not be chained. If you want these certificates to be chained, delete and recreate the application certificate.You can configure this feature using NSX Advanced Load Balancer REST API or CLI. This feature is currently not supported on the NSX Advanced Load Balancer UI.
Note:
When certificate sharing is enabled in NSX Advanced Load Balancer before version 21.1.4, the certificate with the most days to expiry is always selected.
When certificate sharing is enabled in NSX Advanced Load Balancer version 21.1.4, the Intermediate or CA certificate with the highest expiry in the current tenancy is always selected. If the current tenant has no Intermediate or CA, the corresponding Intermediate or CA from the admin tenant (if any) is selected.
Usage Guidelines
The following guidelines are applicable as the certificates in the admin tenant can be chained to any certificate in the system:
Toggle the shared_ssl_certificates flag to
Trueand create shared Intermediate or Root certificates in the admin tenant before creating Application certificates.Application certificates must be in the tenant with the corresponding application.
Although certificate additions or updates in the admin tenant are CPU-intensive, these actions must have minimal impact, as they are infrequent operations.
CLI Configuration
[admin:10-10-28-16]: > configure controller properties Updating an existing object. Currently, the object is: +--------------------------------------------+--------------------+ | Field | Value | +--------------------------------------------+--------------------+ | uuid | global | | unresponsive_se_reboot | 300 sec | | crashed_se_reboot | 900 sec | | se_offline_del | 172000 sec | | vs_se_create_fail | 1500 sec | | vs_se_vnic_fail | 300 sec | | vs_se_bootup_fail | 480 sec | | se_vnic_cooldown | 120 sec | | vs_se_vnic_ip_fail | 120 sec | | fatal_error_lease_time | 120 sec | | upgrade_lease_time | 360 sec | | query_host_fail | 180 sec | | vnic_op_fail_time | 180 sec | | dns_refresh_period | 60 min | | se_create_timeout | 900 sec | | max_dead_se_in_grp | 1 | | dead_se_detection_timer | 360 sec | | api_idle_timeout | 15 min | | allow_unauthenticated_nodes | False | | cluster_ip_gratuitous_arp_period | 60 min | | vs_key_rotate_period | 360 min | | secure_channel_controller_token_timeout | 60 min | | secure_channel_se_token_timeout | 60 min | | max_seq_vnic_failures | 3 | | vs_awaiting_se_timeout | 60 sec | | vs_apic_scaleout_timeout | 360 sec | | secure_channel_cleanup_timeout | 60 min | | attach_ip_retry_interval | 360 sec | | attach_ip_retry_limit | 4 | | persistence_key_rotate_period | 0 min | | allow_unauthenticated_apis | False | | warmstart_se_reconnect_wait_time | 480 sec | | vs_se_ping_fail | 60 sec | | se_failover_attempt_interval | 300 sec | | max_pcap_per_tenant | 4 | | ssl_certificate_expiry_warning_days[1] | 30 days days | | ssl_certificate_expiry_warning_days[2] | 7 days days | | ssl_certificate_expiry_warning_days[3] | 1 days days | | seupgrade_fabric_pool_size | 20 | | seupgrade_segroup_min_dead_timeout | 360 sec | | allow_ip_forwarding | False | | appviewx_compat_mode | False | | upgrade_dns_ttl | 5 sec | | bm_use_ansible | True | | vs_se_attach_ip_fail | 600 sec | | max_seq_attach_ip_failures | 3 | | cleanup_expired_authtoken_timeout_period | 60 min | | cleanup_sessions_timeout_period | 60 min | | consistency_check_timeout_period | 60 min | | process_locked_useraccounts_timeout_period | 1 min | | process_pki_profile_timeout_period | 1440 min | | enable_memory_balancer | True | | warmstart_vs_resync_wait_time | 300 sec | | api_perf_logging_threshold | 10000 milliseconds | | se_from_marketplace | IMAGE | | cloud_reconcile | True | | enable_api_sharding | True | | vs_scaleout_ready_check_interval | 60 sec | | shared_ssl_certificates | False | +--------------------------------------------+--------------------+ [admin:10-10-28-16]: controllerproperties> shared_ssl_certificates Overwriting the previously entered value for shared_ssl_certificates [admin:10-10-28-16]: controllerproperties> save +--------------------------------------------+--------------------+ | Field | Value | +--------------------------------------------+--------------------+ | uuid | global | | unresponsive_se_reboot | 300 sec | | crashed_se_reboot | 900 sec | | se_offline_del | 172000 sec | | vs_se_create_fail | 1500 sec | | vs_se_vnic_fail | 300 sec | | vs_se_bootup_fail | 480 sec | | se_vnic_cooldown | 120 sec | | vs_se_vnic_ip_fail | 120 sec | | fatal_error_lease_time | 120 sec | | upgrade_lease_time | 360 sec | | query_host_fail | 180 sec | | vnic_op_fail_time | 180 sec | | dns_refresh_period | 60 min | | se_create_timeout | 900 sec | | max_dead_se_in_grp | 1 | | dead_se_detection_timer | 360 sec | | api_idle_timeout | 15 min | | allow_unauthenticated_nodes | False | | cluster_ip_gratuitous_arp_period | 60 min | | vs_key_rotate_period | 360 min | | secure_channel_controller_token_timeout | 60 min | | secure_channel_se_token_timeout | 60 min | | max_seq_vnic_failures | 3 | | vs_awaiting_se_timeout | 60 sec | | vs_apic_scaleout_timeout | 360 sec | | secure_channel_cleanup_timeout | 60 min | | attach_ip_retry_interval | 360 sec | | attach_ip_retry_limit | 4 | | persistence_key_rotate_period | 0 min | | allow_unauthenticated_apis | False | | warmstart_se_reconnect_wait_time | 480 sec | | vs_se_ping_fail | 60 sec | | se_failover_attempt_interval | 300 sec | | max_pcap_per_tenant | 4 | | ssl_certificate_expiry_warning_days[1] | 30 days days | | ssl_certificate_expiry_warning_days[2] | 7 days days | | ssl_certificate_expiry_warning_days[3] | 1 days days | | seupgrade_fabric_pool_size | 20 | | seupgrade_segroup_min_dead_timeout | 360 sec | | allow_ip_forwarding | False | | appviewx_compat_mode | False | | upgrade_dns_ttl | 5 sec | | bm_use_ansible | True | | vs_se_attach_ip_fail | 600 sec | | max_seq_attach_ip_failures | 3 | | cleanup_expired_authtoken_timeout_period | 60 min | | cleanup_sessions_timeout_period | 60 min | | consistency_check_timeout_period | 60 min | | process_locked_useraccounts_timeout_period | 1 min | | process_pki_profile_timeout_period | 1440 min | | enable_memory_balancer | True | | warmstart_vs_resync_wait_time | 300 sec | | api_perf_logging_threshold | 10000 milliseconds | | se_from_marketplace | IMAGE | | cloud_reconcile | True | | enable_api_sharding | True | | vs_scaleout_ready_check_interval | 60 sec | | shared_ssl_certificates | True | +--------------------------------------------+--------------------+ [admin:10-10-28-16]: > configure sslkeyandcertificate admin-intermediate [admin:10-10-28-16]: sslkeyandcertificate> certificate [admin:10-10-28-16]: sslkeyandcertificate:certificate> certificate -- -----BEGIN CERTIFICATE----- [280/18075] MIIFZzCCA0+gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwPzELMAkGA1UEBhMCVVMx CzAJBgNVBAgMAkNBMQwwCgYDVQQKDANBdmkxFTATBgNVBAMMDEludGVybWVkaWF0 ZTAeFw0xNzEyMjAyMzM0MzVaFw0zNzEyMTUyMzM0MzVaMEkxCzAJBgNVBAYTAlVT MQswCQYDVQQIDAJDQTEMMAoGA1UECgwDQXZpMR8wHQYDVQQDDBZTYW1lLU5hbWUt SW50ZXJtZWRpYXRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAy0kq S48Ngxg1KJ1hmwMxbSEJnGuz0bfxf/FbcVK0OQZzOfl7K1nrg8CIjLyywEkgzBqf /b1GwEwNRNvCxAgIP78kCw39chdGzW2jRcjiWPV6OrOizrkXHKlhCJ7LnONSeQH1 rGehFSzpLT8g6KY+DCkeVQBVscV4cFJFTL484EoOhgxMuqj0jij3T+GctqsK5p2Y VCy71ZEbJvvET3x6/rDNIJU9njJxCvlJyk3T78sTSsW7+xjhCRVsvBAHyUhUGWuC 9ol6EcJdOBUVUKIJX8t+qT1iGtMEd2oV0rUv+2cvHJrhZW24BSVnebW05n32z9Je oPcHgdrH0ZJN9O0DV46QP1HTdVe7GvY1Fd+UjUFh4oIjwQyYSpO/smBHUffCmtyX wljCbmjYM2yKyQe04C/+s8ZO+AFFtqx6srvnElQTXtfxkTWYPSrodDKmxqY81aR9 TFd5wWtApMeFT9DK5dDlneBpqn0gDE+JixlEx+pEZM6SDdO1arAg3PKZotuzndo0 1c0mqG6Lp5r464xi5g4kbPHNe1PFe+2tDCEW9BuYADe0v8PvpHMbGJNxOt+w8CcV R/muH/KoKYs8Y9Ej03MRob1r7Xpv4/NO/1KLHhggxlihiUib1GVDguRNJmMYloo+ 8FfoSMixPRJxUg03yZA479e4QSNI+5AryxzohXUCAwEAAaNjMGEwHQYDVR0OBBYE FEamhG8kGg3PCElsgH8XYIWO04BXMB8GA1UdIwQYMBaAFEqs0+NaumvRXZkP+sTw NMNvbr61MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 DQEBCwUAA4ICAQCVeQKhOIDK0z8XdohL/vkypGGayBtU17lFfwZEiWuIeeLnZDrB vzz1T1j91tx6MBWFEbP2FoJYCwaU9YSuOP8mhtmJM4v1MgC3aOGdMa3nKo2PbS9M ECMLFB6Jpo7zVjVxwEz7WXA7/YJgR0g5ft/turJnbbUis0K0FBO/aYzc9gyBvg8I GTB6GX6DDNuwT5EOjkynT3SqnRrnD2piZ0oQ2IIDMaYm/r/DFaMLoU6GRLmj74N0 P3Lefks4JX5C2KKEuM3/6/udMlmNrObjkIACe34icImkdxSXjmKj8Mg4YG8PBRU1 /j1yizB6GokGq2//0BkRMzBLJfUifOVa9mH/C303kA/CvJ42nQyDPLU77nunng3f T//+/dQYk+OuMTTuVul2WSef+wW+kEspE8uTo/GH1ZmMRV0T7aPxt8/ASDbhEcQM Okhbo49AhxuTHlOWS3xKxVIbxJ4P/P0v8c5bb/4D5gdGgBCoXQptiBRtS2suBt1M g0eCtusMuUqPkwB5o5IU2MPGbHiiPzB4up5ZJHYe97rtKduM1cD+0v+w7ZxDrqdD ebfAJjqaZLKNWEmy5fYt0lWUgDsA8aWUSLN2j/R3BbtXHcClmsZap3CSFzJlhbPz 9tQBVsfx6UJYZR2eAXTpEtEMYous6tKHcRS04/mCPBq+WhoYG39aX85g2Q== -----END CERTIFICATE----- END [admin:10-10-28-16]: sslkeyandcertificate:certificate> save [admin:10-10-28-16]: sslkeyandcertificate> save +------------------------+------------------------------------------------------------------------------+ | Field | Value | +------------------------+------------------------------------------------------------------------------+ | uuid | sslkeyandcertificate-2348ba24-1a56-4e9d-9833-c8c3c1158714 | | name | admin-intermediate | | type | SSL_CERTIFICATE_TYPE_CA | | certificate | | | version | 2 | | serial_number | 4098 | | self_signed | False | | issuer | | | common_name | Intermediate | | organization | Avi | | state | CA | | country | US | | distinguished_name | C=US, ST=CA, O=Avi, CN=Intermediate | | subject | | | common_name | Same-Name-Intermediate | | organization | Avi | | state | CA | | country | US | | distinguished_name | C=US, ST=CA, O=Avi, CN=Same-Name-Intermediate | | signature_algorithm | sha256WithRSAEncryption | | not_before | 2017-12-20 23:34:35 | | not_after | 2037-12-15 23:34:35 | | fingerprint | SHA1 Fingerprint=CD:96:22:87:B2:58:39:7C:7A:26:4B:3A:18:B2:99:CD:DB:73:B5:79 | | | | | expiry_status | SSL_CERTIFICATE_GOOD | | days_until_expire | 365 | | key_params | | | algorithm | SSL_KEY_ALGORITHM_RSA | | rsa_params | | | key_size | SSL_KEY_4096_BITS | | exponent | 65537 | | status | SSL_CERTIFICATE_FINISHED | | ca_certs[1] | | | name | Intermediate | | format | SSL_PEM | | certificate_base64 | False | | key_base64 | False | | tenant_ref | admin | +------------------------+------------------------------------------------------------------------------+ [admin:10-10-28-16]: > switchto tenant t1 Switching to tenant t1 [t1:10-10-28-16]: > show sslkeyandcertificate +------------------------------------+------------------------+------------------------+------+-----------+ | Name | Issuer | Subject | Self | Algorithm | +------------------------------------+------------------------+------------------------+------+-----------+ | System-Default-Cert | System Default Cert | System Default Cert | True | - | | System-Default-Cert-EC | System Default EC Cert | System Default EC Cert | True | - | | System-Default-Portal-Cert | Default Portal Cert | Default Portal Cert | True | - | | System-Default-Portal-Cert-EC256 | Default Portal EC Cert | Default Portal EC Cert | True | - | | System-Default-Root-CA | ca.local | ca.local | True | - | | System-Default-Secure-Channel-Cert | ca.local | node.controller.local | - | - | | admin-intermediate | Intermediate | Same-Name-Intermediate | - | - | +------------------------------------+------------------------+------------------------+------+-----------+ [t1:10-10-28-16]: > configure sslkeyandcertificate t1-app [t1:10-10-28-16]: sslkeyandcertificate> key -- -----BEGIN PRIVATE KEY----- MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC+CGpOcfqxuUvl sCa1+iYUu7EyrvJObDSdorIbjbu5qXpqL7lScGQq6uhbKKMAGM/JIiI75hOAeHN9 hYa/0v8BndV/AJ1zGpK3K5ahuVfrtsNIHk6q0SSw3YtB63/8nhwUiz/ZBgthfCJ/ eroG7RBEh8uOpPhXLJf88o1UOF5FcbrFsW5qvXQHMRSKK2I9wFkSSgNMCoOGOB7W X+6aDG0ZAZt9eoQkPQNOxw9dEavqOZFqkHTSkyfWyHuw605dmRs2Cz8IZMhhEZvq LUpe6HMFopxwTzt/5NyW0FJJW1K81WS46ab/tOIOLbkgNV9wLWMNeKvAEWzYPONS QDzBOhrlAgMBAAECggEAEwNKh5C10WRFqLRoGxrtBnQE9Zo1Wg1Pclod0c3rc1b2 jXs64nmmO/kGyGAXduIEoA4POMj7OIZUn8FlSvn0U5gUDUHlfuewuCzfRE0D8+x0 O1n06vhD4II59Z13T7IOAywvdio5p0ZBOVnxFNJRJ1oizqHIywgGKOOnqj59iBr9 pw/LTthM1mozfUxVYxftSwDr91C7PTaYDE9prmw8wH1TL6I4skxKRVmagFwY0rtr ViNhNigPjUB3xlEtv6RuwFeEmfcZMzkLCAoXbg1yv6Av5tGJwdCVwDwrpP6I/FHz PwQdFmZRGZJI8QqdEcWYI/ewXYevCfDrQIWH+gFVIQKBgQDrcCmclzSqQt4xczJ2 ajXAaxnxLSJC/WYOIsIp3L5b/gqs+SUAIJXoVZMinOcygtJs3J4f0Zuy9NkddNn9 JVeMXs7rr7quXKSzX0100acB1NR4Sfq1RWboOxoiSgrUSx8D/ooaJE0JSlj0DtHl +FVlSECAK2wpM8dFEMf9cAEIeQKBgQDOoRlQzkdnoDVL+gyIXnsA3ArnXDcig1x1 tSj0VqCEaGHhjngYHsmissaIw9ABlwZkt9maylX9PrLaAceGXPzeBvlK0PcgImZ+ 2hYVp00znj4//JOsFe9joruKfaXrTLPvY8N0jYAmip6FJJ1eq4x8rL8gU/NdlMQf 5diVimhizQKBgCGs82bAgfnwgpOUJJ2nZ3TUXOuQRxxJ3nUbJ6aROnEyDxjash4o iwimZNtIkhE5gRutGrj2ZEzelMeP1TZORw1+6h3wDsWt3qkBcrTI4Bh09scV3dRb zvJcscpByPbAn/kUSXCfzJ0Nk1elXwSD1sMb6I3sqBXkoBYS5mgrwxoRAoGAXJmB uN7YzS3U9LmYiDyfLyFtmYWQB92KwA1xzx5LTUtiIi0w0M5rWoh3xK7MNwoxiU2D LYVjx9wjVuPZQPPHNtE1Qzwmo7YG7O5bW1TgmjNeflp463PhFmvFVCk/BBYZxTyW SVNojN0ucUiZZeXHTdA0zw4QUG3s/saIq2udoDkCgYBS9FJxYZV/3eWZTV7E8RHO 4ABpujonzZcrxB/pIlQJhehVABopbMAGE0aGc7gGacu0DKsLNYL8Wkdqgs6WN9Yo erlGXlJelgs4CSlZulInntFgdqC9Rj0sHjx6gCVEgg1lGkB++YrCLj2YuYN7L9JW wk/YYUmjGLjqcHvBNDl0Gw== -----END PRIVATE KEY----- END [t1:10-10-28-16]: sslkeyandcertificate> certificate [t1:10-10-28-16]: sslkeyandcertificate:certificate> certificate -- -----BEGIN CERTIFICATE----- MIIFAzCCAuugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMx CzAJBgNVBAgMAkNBMQwwCgYDVQQKDANBdmkxHzAdBgNVBAMMFlNhbWUtTmFtZS1J bnRlcm1lZGlhdGUwHhcNMTcxMjIwMjMzNDU2WhcNMzcxMjE1MjMzNDU2WjA3MQsw CQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDDAKBgNVBAoMA0F2aTENMAsGA1UEAwwE QXBwMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4Iak5x+rG5S+Ww JrX6JhS7sTKu8k5sNJ2ishuNu7mpemovuVJwZCrq6FsoowAYz8kiIjvmE4B4c32F hr/S/wGd1X8AnXMakrcrlqG5V+u2w0geTqrRJLDdi0Hrf/yeHBSLP9kGC2F8In96 ugbtEESHy46k+Fcsl/zyjVQ4XkVxusWxbmq9dAcxFIorYj3AWRJKA0wKg4Y4HtZf 7poMbRkBm316hCQ9A07HD10Rq+o5kWqQdNKTJ9bIe7DrTl2ZGzYLPwhkyGERm+ot Sl7ocwWinHBPO3/k3JbQUklbUrzVZLjppv+04g4tuSA1X3AtYw14q8ARbNg841JA PME6GuUCAwEAAaOCAQUwggEBMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZA MDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlm aWNhdGUwHQYDVR0OBBYEFBFU4BzZ35LC8gZlhXQG6pB9sDxNMGgGA1UdIwRhMF+A FEamhG8kGg3PCElsgH8XYIWO04BXoUOkQTA/MQswCQYDVQQGEwJVUzELMAkGA1UE CAwCQ0ExDDAKBgNVBAoMA0F2aTEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlggIQAjAO BgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEL BQADggIBAAfp7d3STNGOQvPxMb+w9b4MjxXAdcFLCLiowcnh6wRS5/ALIjr+7oAt 5T+SzFx1jiZltRf7wk5Ot48+lKwSJ93oaqow82QAZZFeNvkYecL/HHqW7squC7Su lmdxQ0DT/fkpedKu3koWjUvf90zb/LotdKN9GN4R2KwKY+p/73w1cDMxyqyPiSOH dCX1fkG1du4HEujG+zVTlEO5Wc94zer4+C9g/QwTVkBH11MOLd9RSlStadYzy8Qs wu1pPEXZbePA7urZGqgiYUTYKbW+Ck/EKqt8NxvyqvmYBqmfuEnOW1W7XH7Zlzli dAFEfZ5U9we1YlduDT7KUHizBn8Uex1O1TCjn2XMt+5KhJ8yfNjqbwTyg7G1pHcG ifl+u/PYTyrLwnf0s09/iw27oacSczDxB/yRe5W6wmhsgL0Rry1tZvAcIHPR2c5t xstiAJVZVp+WSqJRbCR+KZYZS7IX3J09gtZy8ZDaEhCGtiE/liin4yxLEP4cgbCd ctIdYP+3pYFC7Ij4BvT+cHtKFAIQ8gD3pSx+NHjX/cWnhjQIo4ljt+ash9YQz+70 hbsp3zDB+Qbnc6j1MuITHQneKKxVPBkvYK7bcqKmKRfjOIpFgtClWd9+YRBriBKo CayuZ7LuJYYgVqnU6waCJaA9eZC/BSNUqqHzBYV49oBUpyDIWOTW -----END CERTIFICATE----- END [t1:10-10-28-16]: sslkeyandcertificate:certificate> save [t1:10-10-28-16]: sslkeyandcertificate> save +------------------------+------------------------------------------------------------------------------+ | Field | Value | +------------------------+------------------------------------------------------------------------------+ | uuid | sslkeyandcertificate-9ec6948b-f57c-49ac-b9da-28092a3fd72a | | name | t1-app | | type | SSL_CERTIFICATE_TYPE_VIRTUALSERVICE | | certificate | | | version | 2 | | serial_number | 4097 | | self_signed | False | | issuer | | | common_name | Same-Name-Intermediate | | organization | Avi | | state | CA | | country | US | | distinguished_name | C=US, ST=CA, O=Avi, CN=Same-Name-Intermediate | | subject | | | common_name | App1 | | organization | Avi | | state | CA | | country | US | | distinguished_name | C=US, ST=CA, O=Avi, CN=App1 | | signature_algorithm | sha256WithRSAEncryption | | not_before | 2017-12-20 23:34:56 | | not_after | 2037-12-15 23:34:56 | | fingerprint | SHA1 Fingerprint=18:B1:FD:DC:AF:F0:62:0C:73:E1:56:FC:75:AE:86:93:2E:56:1E:75 | | | | | expiry_status | SSL_CERTIFICATE_GOOD | | days_until_expire | 365 | | key_params | | | algorithm | SSL_KEY_ALGORITHM_RSA | | rsa_params | | | key_size | SSL_KEY_2048_BITS | | exponent | 65537 | | status | SSL_CERTIFICATE_FINISHED | | ca_certs[1] | | | name | Same-Name-Intermediate | | ca_ref | admin-intermediate | | ca_certs[2] | | | name | Intermediate | | format | SSL_PEM | | certificate_base64 | False | | key_base64 | False | | tenant_ref | t1 | +------------------------+------------------------------------------------------------------------------+ [t1:10-10-28-16]: >
