Without SSL termination configured, HTTP requests are not inspected. The load balancer sees the source and destination IP addresses and encrypted data. If you want to inspect the HTTP requests, you can terminate the SSL session on the load balancer and then create a new SSL session towards the cell pool.

Prerequisites

Go to Manage > Settings > Certificates and ensure that a valid certificate is present. You can add a certificate for the load balancer in any one of the following ways:
  • Import a PEM encoded file.
  • Generate a CSR.
  • Create a self-signed certificate.

Procedure

  1. Log in to the vSphere Web Client.
  2. Click Networking & Security > NSX Edges.
  3. Double-click an NSX Edge.
  4. Click Manage > Load Balancer > Application Profiles.
  5. Click Add, and specify the application profile parameters.
    NSX Version Procedure
    6.4.5 and later
    1. In the Application Profile Type drop-down menu, select HTTPS Offloading.
    2. In the Persistence drop-down menu, select None.
    3. Click Client SSL > Service Certificates.
    4. Select the service certificate that you added for the NSX Edge load balancer.
    6.4.4 and earlier
    1. In the Type drop-down menu, select HTTPS.
    2. Ensure that the Enable SSL Passthrough check box is not selected.
    3. Go to Virtual Server Certificates > Service Certificates, and click the Configure Service Certificate check box.
    4. Select the service certificate that you added for the NSX Edge load balancer.
  6. Click Add or OK.