SSL end-to-end: The NSX Edge terminates client HTTPS (SSL sessions). Edge load balances the client on new HTTPS connection to the servers. L7 application rules can be applied.

Procedure

  1. Import the Web server certificate.
    1. Log in to the vSphere Web Client.
    2. Click Networking & Security and then click NSX Edges.
    3. Double-click an NSX Edge.
    4. Click Manage, and then click the Settings tab.
    5. In the left navigation panel, click Certificates.
    6. Click the Add (add icon) icon, and select Certificate. For more details, refer to Working with Certificates.
    7. Copy and paste the certificate contents in the Certificate Contents text box. Text should include "-----BEGIN xxx-----" and "-----END xxx-----".

      For chain certificate (certificate with the intermediate or root CA), select the CA Certificate option. Following is example of the chain certificate content:

      -----BEGIN CERTIFICATE-----
          Server cert
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
          Intermediate cert
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
          Root cert
      -----END CERTIFICATE-----
      

    8. Copy and paste the private key contents in the Private Key text box.

      Following is example of the private key content:

      -----BEGIN RSA PRIVATE KEY-----
      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
      -----END RSA PRIVATE KEY-----

      The certificate content (PEM for certificate or private key) should be prefixed with one of the following strings:

      -----BEGIN PUBLIC KEY-----
      -----BEGIN RSA PUBLIC KEY-----
      -----BEGIN CERTIFICATE REQUEST-----
      -----BEGIN NEW CERTIFICATE REQUEST-----
      -----BEGIN CERTIFICATE-----
      -----BEGIN PKCS7-----
      -----BEGIN X509 CERTIFICATE-----
      -----BEGIN X509 CRL-----
      -----BEGIN ATTRIBUTE CERTIFICATE-----
      -----BEGIN RSA PRIVATE KEY-----
      -----BEGIN DSA PRIVATE KEY-----
      -----BEGIN EC PARAMETERS-----
      -----BEGIN EC PRIVATE KEY-----

      For complete examples of certificate and private key, refer to the Example: Certificate and Private Key topic.

      Note:

      The following prefix is not supported in NSX Manager:

      -----BEGIN ENCRYPTED PRIVATE KEY-----

  2. Create the HTTPS application profile.
    1. Log in to the vSphere Web Client.
    2. Click Networking & Security and then click NSX Edges.
    3. Double-click an NSX Edge.
    4. Click Manage, and then click the Load Balancer tab.
    5. In the left navigation panel, click Application Profile. For more details, refer to Managing Application Profiles.
    6. Create a new application profile with the following parameters:
    • Select Type as HTTPS from the list.

    • Select the Enable Pool Side SSL check box.

    • Select the Configure Service Certificates check box.

    • Select the service certificate configured in step 1.

  3. Create a virtual server.
    1. Log in to the vSphere Web Client.
    2. Click Networking & Security and then click NSX Edges.
    3. Double-click an NSX Edge.
    4. Click Manage, and then click the Load Balancer tab.
    5. In the left navigation panel, click Virtual Servers. For more details, refer to Managing Virtual Servers.
    6. Create a new virtual server with the following parameters:
    • Select the Enable Virtual Server check box to make the virtual server available for use.

    • Select Protocol as HTTPS.

    • Select the default pool that is composed of HTTPS servers.

    • Select the application profile configured in step 2.