This scenario uses an HTTPS end-to-end (SSL end-to-end) application profile type. The NSX Edge closes client HTTPS (SSL sessions). Edge load balances the client on a new HTTPS connection to the servers. L7 application rules can be applied.

Procedure

  1. Add a Web server certificate.
    1. Log in to the vSphere Web Client.
    2. Click Networking & Security > NSX Edges.
    3. Double-click an NSX Edge.
    4. Navigate to Manage > Settings > Certificates.
    5. Click Add, and then click Certificate.
    6. Copy and paste the certificate contents in the Certificate Contents text box. Text must include "-----BEGIN xxx-----" and "-----END xxx-----".

      For chained certificates (server certificate and an intermediate CA certificate), select the Certificate option. Following is an example of a chained certificate content: 

      -----BEGIN CERTIFICATE-----
    Server cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
    Intermediate cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
    Root cert
-----END CERTIFICATE-----
    7. In the Private Key text box, copy and paste the private key contents.

      Following is an example of private key content: 

      -----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
      Prefix the certificate content (PEM for certificate or private key) with one of the following strings: 
      -----BEGIN PUBLIC KEY-----
-----BEGIN RSA PUBLIC KEY-----
-----BEGIN CERTIFICATE REQUEST-----
-----BEGIN NEW CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
-----BEGIN PKCS7-----
-----BEGIN X509 CERTIFICATE-----
-----BEGIN X509 CRL-----
-----BEGIN ATTRIBUTE CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-----BEGIN DSA PRIVATE KEY-----
-----BEGIN EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----

      For complete examples of certificates and private keys, see the Example: Certificate and Private Key.

      Note:

      The following prefix is not supported on the NSX Manager: 

      -----BEGIN ENCRYPTED PRIVATE KEY-----
  2. Create an HTTPS application profile.
    1. Log in to the vSphere Web Client.
    2. Click Networking & Security > NSX Edges.
    3. Double-click an NSX Edge.
    4. Click Manage > Load Balancer > Application Profiles.
    5. Click Add and specify the application profile parameters.
      Version Procedure
      NSX 6.4.5 and later
      1. In the Application Profile Type drop-down menu, select HTTPS End-to-End.
      2. Click Server SSL > Service Certificates.
      3. Select the web server certificate that you added in step 1.
      NSX 6.4.4 and earlier
      1. In the Type drop-down menu, select HTTPS.
      2. Select the Enable Pool Side SSL check box.
      3. Select the Configure Service Certificates check box.
      4. Select the web server certificate that you added in step 1.
  3. Create a virtual server.
    1. Log in to the vSphere Web Client.
    2. Click Networking & Security > NSX Edges.
    3. Double-click an NSX Edge.
    4. Click Manage > Load Balancer > Virtual Servers.
    5. Click Add and specify the virtual server parameters.
      1. Enable the virtual server to make this virtual server available for use.
      2. Select the protocol as HTTPS.
      3. Select the default pool that is composed of HTTPS servers.
      4. Select the application profile that you created in step 2.

      For information about specifying the other parameters in the New Virtual Server window, see Add Virtual Servers.