NSX-T Install load balancing certificate


How to install a certificate on NSX-T to be used for Load balancing.

If your given a PKCS12 certificate which contains both the certificate and private key. First you will need to export the certificate without private key and then separately export the private key. To achieve this, i’d used OpenSSL:


Step 1: Export the Certificate using OpenSSL

Open CMD and navigate to the directory with OpenSSL exe file e.g. “C:\Program Files\OpenSSL-Win64\bin\openssl.exe”

Run the following command:

openssl pkcs12 -in file.pfx -out file.pem -nodes

This will give you a single file that contains everything you need. Private key, and the certificate. Open that file in notepad.

Open your NSX manager and Jump to System >Certificates>Certificates> IMPORT> Import Certificate to import your certificate.

In the new window set a name for the certificate and paste the content from your single PEM file in the fields.

Make sure to copy the complete information including

For Certificate Contents: —–BEGIN CERTIFICATE—– / —–END CERTIFICATE—–



****Service Certificate must be enabled and Passphrase must be empty****


If your certificate is imported, you should see a new certificate in NSX with Type Certificate

Now go back to the Load balancer Section and create the VIP

Jump to Networking>Load Balancing>VIRTUAL SERVERS>ADD VIRTUAL SERVER>L7 HTTP to create the new Virtual Server.

I’d named the server https-server in this example and use the same virtual IP used also for http server. Port will be 443 for HTTPS. Choose the previous configured Load Balancer and Server Pool.

We will enable SSL only between Client and the Virtual Server. From the Virtual Server to the Web Server farm we will still using HTTP (Port 80) because we didn’t configure SSL on our Web Servers.

That’s everything, next test access to the site using HTTPs.

Leave a Reply

Your email address will not be published. Required fields are marked *