• Trying to access the application via browser, it returns the following error: <html><p>No server is available to handle this request.</p></html>
• Checking the LB with a Curl command we see the LB still using the default certicicates

* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=nsx-lb
*  start date: May 31 07:34:40 2024 GMT
*  expire date: May 30 07:34:40 2029 GMT
*  issuer: CN=nsx-lb
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.

• Edge logging in /var/log/syslog may have an error like this example:
  2024-07-19T11:24:17.851Z NSX 6828 LOAD-BALANCER [nsx@6876 comp="nsx-edge" subcomp="lb" s2comp="lb" level="FATAL"] [<UUID>] cannot load certificate "/config/vmware/edge/lb/etc/<UUID>/certs/client_ssl_<UUID>.crt": PEM_read_bio_X509() failed

NSX-T 3.0 - 3.X

NSX    4.0 - 4.1

Configure an NSX-T LB with Custom Certificates

LB Certificate File on a Single Line:

NSX-T since version 3.x until 4.1.x use OpenSSL library version 1.0.2.

Openssl 1.0.2 doesn't support certificate one single line format. Software will fail to parse it.

Resolved in NSX 4.2.0

Workaround:

For NSX-T 3.2.X and NSX 4.1 it is necessary to use certificate with line breaks and not in just one single line.

On NSX-T 4.2 the OpenSSL Lib was upgraded to version 1.1.1