Fwa
Enthusiast
Enthusiast

invisible HTTPs page through load balancer

Help me. I'm really struggling with issue related to cert.

  • massage in vRA management console

Accoding to the http://pubs.vmware.com/vra-70/topic/com.vmware.ICbase/PDF/vrealize-automation-70-load-balancing.pdf, I set the load balancer of NSX as SSL path-through. However, after installing successfully all vRA components, the following message was appeared:

pastedImage_0.png

Despite setting SSL path-through, it's strange that the certificate for load balancer (web.ra.loral) is required, I think.

  • invisible HTTPs page through load balancer

And also, I wasn't able to see the following HTTPs page of vRA through load balancer.

pastedImage_0.png

  • no response for SSL client hello

With packet capture, I could see SSL Client Hello but there is not Server response from load balancer strangely.

Therefore I applied the same cert with Web certificate to the application profile of NSX edge (web.ra.local). The above message was removed but still now I can't see the HTTPs page through load balancer

What can be solution for this?

Any comments are appreciated for me.

Tags (1)
2 Replies
GrantOrchardVMw
Commander
Commander

Well, if you're in pass through mode (rather than termination) then you need to make sure that any/all hostnames that use the cert are a part of the certificate.

It would appear that you have the web/manager roles on the same server and then created unique VIPs for the web and manager services (correct thing to do), and then created LB pools for them both, with the same servers (also the right thing to do).

You have manager.ra.local resolving one VIP, and web.ra.local resolving the other.

Where you appear to have gone wrong is making use of a single certificate, manager.ra.local, with no subject alternate name of web.ra.local (or vice versa, hard to tell).

Grant

Grant http://grantorchard.com
Fwa
Enthusiast
Enthusiast

Thank you for your kind reply.

I couldn't find the root cause. However this problem was probably coming from cert. Now I can see https page through load balancer. Really thank you.

PS

> you have the web/manager roles on the same server and then created unique VIPs for the web and manager services

Yes, web/manager roles on same server.

> You have manager.ra.local resolving one VIP, and web.ra.local resolving the other.

I had each two VIP for manager.ra.local and web.ra.local.

0 Kudos