NSX-ALB AVI Load Balancer Application Certificates

NSX-ALB / AVI Load Balancer Application Certificate SSL/TLS CSR Horizon

1. Open a web browser and navigate to avi management web interface avi.example.com
2. Navigate to Templates -> Security -> SSL/TLS Certificates
3. Here is where you can manage Root / Intermediate CA Certificates as well as Application Certificates.
4. Click Create and select Application Certificate
   1. Under General
      1. Add a Name view-cert
      2. Change Type to CSR
   2. Under Certificate
      1. Enter a common name. view.example.com
      2. Enter Email, Org, Locality, State, Country (These will appear on the certificate information)
   3. Add a Subject Alternate Name
      1. Enter all of the FQDNs of EACH connection server. Hzncon-01.example.com
   4. Click SAVE
5. On the new certificate we created it should say Awaiting Certificate.
6. Click Edit on our Certificate
7. Copy the CSR
8. Depending on how you acquire certificates, you will need to have your certificate signed.
9. Assuming you have access to the CA Web Interface ca.example.com/certsrv
   1. Click request a certificate
   2. Click Advanced Certificate Request
   3. Paste your CSR info into the Saved Requests box
   4. Change Certificate template to the Horizon certificate template
   5. Click Submit
   6. Click Base 64 encoded
   7. Click download certificate
10. Open another tab to the ca.example.com/certsrv
11. Click Download a CA certificate, certificate chain, or CRL
    1. Change to base 64 and select download CA certificate.
12. Open the CA certificate in notepad
13. Open the view certificate using notepad
14. Copy the contents of the CA certificate and paste them below the view certificate.

• This certificate needs to be crafted carefully. It should look something like this. Signed Certificate -> Any intermediate certs (If there are any) -> Root cert (CA cert)

15. Once the certificate has been made, copy ALL of the contents.
16. IMPORTANT! Make sure there are no extra spaces or indents!
17. Navigate back to the load balancer and paste the certificate information.
18. IMPORTANT! Make sure there are no extra spaces or indents!
    1. Click Save
19. Your certificate should now be green and happy.
20. Navigate to your virtual services and apply the new certificate. Don’t forget to apply the certificate to the Pools.