Help me. I'm really struggling with issue related to cert.
Accoding to the http://pubs.vmware.com/vra-70/topic/com.vmware.ICbase/PDF/vrealize-automation-70-load-balancing.pdf, I set the load balancer of NSX as SSL path-through. However, after installing successfully all vRA components, the following message was appeared:
Despite setting SSL path-through, it's strange that the certificate for load balancer (web.ra.loral) is required, I think.
And also, I wasn't able to see the following HTTPs page of vRA through load balancer.
With packet capture, I could see SSL Client Hello but there is not Server response from load balancer strangely.
Therefore I applied the same cert with Web certificate to the application profile of NSX edge (web.ra.local). The above message was removed but still now I can't see the HTTPs page through load balancer
What can be solution for this?
Any comments are appreciated for me.
Well, if you're in pass through mode (rather than termination) then you need to make sure that any/all hostnames that use the cert are a part of the certificate.
It would appear that you have the web/manager roles on the same server and then created unique VIPs for the web and manager services (correct thing to do), and then created LB pools for them both, with the same servers (also the right thing to do).
You have manager.ra.local resolving one VIP, and web.ra.local resolving the other.
Where you appear to have gone wrong is making use of a single certificate, manager.ra.local, with no subject alternate name of web.ra.local (or vice versa, hard to tell).
Thank you for your kind reply.
I couldn't find the root cause. However this problem was probably coming from cert. Now I can see https page through load balancer. Really thank you.
> you have the web/manager roles on the same server and then created unique VIPs for the web and manager services
Yes, web/manager roles on same server.
> You have manager.ra.local resolving one VIP, and web.ra.local resolving the other.
I had each two VIP for manager.ra.local and web.ra.local.