Installing a Chained SSL Certificate to an NSX Load Balancer Edge

As you probably know, an NSX Edge Services Gateway can be configured to provide Load Balancing services.
The most common would be to load balance between a pool of web servers and accessed by a unique IP or DNS name, nothing real new here.
The Load Balancer Edge supports several SSL Certificate options, from creating a self-signed one, adding one from an internal CA server, and installing one purchased from a public Certificate Authority.
But, a somewhat overlooked option is the ability to add an SSL Certificate onto your ESG Load Balancer.  The Edge terminates the client HTTPS (SSL) sessions, Offloading the SSL sessions to the Edge!
The Edge then load balances the clients on new HTTPS connection to the servers, saving you time to install the same exact Certificate onto each of your web servers, or whatever servers are in your pools.

Chained SSL Certificates- A chained certificate will have 3 sections, the first one is the Server Certificate, the name to be used for the virtual server, it may also contain multiple or wildcard names, to cover sub domains.  The second is the Intermediate Certificate, the third is the Root Certificate.
When you download the .pem file and open it in notepad, the certificates will be listed in the order as shown here-
​
-----BEGIN CERTIFICATE-----
    Server cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
    Intermediate cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
    Root cert
-----END CERTIFICATE-----
 
Disclaimer- I am not a Certificate Expert, but I have installed quite a few, for Microsoft Exchange Servers and on several physical and virtual load balancers.
 
Getting a Certificate for your Load Balancer Edge-
​
First you will need to generate a CSR (Certificate Signing Request) Make sure you have the exact name that will be needed and select the Edge that is configured as your Load Balancer.
Select Settings, Certificates then Actions and Generate CSR-

​Fill in all the details for the CSR then click OK

​Now select the CSR, copy the contents in the PEM Encoding box and save it to a text file.
This file is then emailed or uploaded to you Certificate Authority.

​Depending on the Certificate Authority you use, they will generate the Chained Certificate and provide you the file or files to download. 
For my latest Certificate, we used DigiCert and they email you a download link as shown here-

​As you see, the 3 individual certificates can be downloaded separately.
You can also download all 3 in one file, just select the down arrow next to File Type
Then select A single .pem file containing all the certs-

​You can open the .pem file in any editor of your choice, (I prefer Notepad ++) and review the 3 certificates-

​Install the Chained Certificate on the Load Balancer Edge
Select the CSR once again and then select Actions, then Import Certificate-

​Next, copy the contents of the .pem file you downloaded and paste it into the
Signed Certificate Content box and click OK-

​Now under Certificates, you will have the 3 Certificates listed
Selecting the certificate with the server name will show the details and the
Chain of Certificates-

​The final step is to apply the certificate to your Load Balancer edge.
From the Load Balancer tab, click on the green plus to create a new Application Profile,
or you can edit an existing one.
Name the Application Profile, select HTTPS in the Type drop down,
Check the box next to Server Certificates and then click the radio button next to your
Certificate you added above-

I hope these steps will be helpful in installing Certificates onto your Load Balancers,
And shows more of the features that can be used in NSX!