Hi Bayu Wibowo,

I already see this documentation but i can't do this. My certificates are create with two differents privates keys and it's two differents domains.

I see, I haven't done any cert chain with different private keys.

Is this a new setup or migration from other LB e.g. F5, Citrix, etc ?

What do I ask that because if you can do it in other LB for example in F5, I guess the process would be similar in NSX LB and you can mimic that same process from F5 to NSX

Sorry, but I usually use haproxy on Debian for this. It's simple. It's first time I use NSX Edge for front HTTP/HTTPS load balancing and SSL certificate. I don't know F5, so I can't compare.

Do you have the guide on haproxy or know how to configure and use multiple certs with multiple/different private keys?

NSX LB use haproxy for Layer7 engine too (NSX Load Balancer: Under the Hood) so if you can do it on haproxy, most likely you would be able to do it on NSX LB too

Yes, I have :

frontend localhost
  bind *:80
  bind *:443 ssl crt /etc/ssl/www.ilovepony.com.pem ssl crt /etc/ssl/*.iloveunicorn.com.pem


But it's don't help me : I don't know where is certificates path. I try with no path, just certificate name and it's don't working. In any case, I do not think that is the answer.

will concatenating/combining both certs into one work?

so in your case would be something like cat www.ilovepony.com.pem iloveunicorn.com.pem > iloveponyandunicorn.com.pem

then use the concatenated cert for NSX iloveponyandunicorn.com.pem

I don't know if this would work but worth a try I guess.

Else, you would need to open a case with GSS and ask them how to configure/bind multiple certs to NSX LB similar to HAProxy command syntax below

bind *:443 ssl crt /etc/ssl/www.ilovepony.com.pem ssl crt /etc/ssl/*.iloveunicorn.com.pem

Or this link: How to configure HAProxy for multiple SSL-Certificates - Server Fault

ddesmidt might have some idea about this

Concatenate my two certificates can't working, they have two differents privates keys.

I read NSX-6.3 - Load Balancing configuration examples by ddesmidt but it's don't help me : it's for one certificate or two certificates with the same private key...

What is GSS ?

GSS is Global Support Service, or some vendors also referred as TAC (Technical Assistance Centre)

Do you have support? You can try to ask support if the configuration that you are trying to achieve is supported in NSX LB

Thanks. It's VMWare private cloud by OVH so I have support but they have not answered yet. 😞

Hi,

I'm in this case too, I have to load 2 differents wildcard certificats on the same IP.

I do this with no problem with in haProxy but with NSX Edge I can't load more than 1 certs on the same IP.

Do you have found a solution?

I've got a VMWare private cloud by OVH too.

Thanks.

DR