Replace the VMware Site Recovery Manager Certificates
After you replace the certificates of all Platform Services Controllers, vCenter Server instances and NSX Managers, replace the certificates on the Site Recovery Manager server instances.
About this task
You replace certificates twice, once for each Site Recovery Manager. You start by replacing certificates on mgmt01srm01.sfo01.rainpole.local, the Site Recovery Manager in Region A.
| File Name | Site Recovery Manager in Region A | Site Recovery Manager in Region B |
|---|---|---|
| CA Certificate Chain | chainRoot64.cer | chainRoot64.cer |
| PKCS#12 File Name from Manual Generation | mgmt01srm01.sfo01.p12 | mgmt01srm51.lax01.p12 |
| PKCS#12 File Name from the CertGenVVD tool | mgmt01srm01.sfo01.5.p12 | mgmt01srm51.lax01.5.p12 |
Procedure
Log in to the Site Recovery Manager virtual machine by using a Remote Desktop Protocol (RDP) client.
Open an RDP connection to the following virtual machine.
Region
Site Recovery Manager
Region A
mgmt01srm01.sfo01.rainpole.local
Region B
mgmt01srm51.lax01.rainpole.local
Log in using the following credentials.
Setting
Value
User name
Windows administrator user
Password
windows_administrator_password
Install the CA certificates in the Windows trusted root certificate store of the Site Recovery Manager virtual machine.
- Locate the chainRoot64.cer file in C:\manual-certs folder.
- Double-click the chainRoot64.cer file to open Certificate import dialog box.
In the Certificate dialog box, select the Install Certificate option.
The Certificate Import Wizard appears.
Select the Local Machine option for the Store Location and click Next.
- Select Place all certificates in the following store option, browse to select the Trusted Root Certificate Authorities store and click OK.
- On the Completing the Certificate Import Wizard page, click Finish.
Replace the certificate on Site Recovery Manager with the one that you generated manually or by using the CertGenVVD tool.
- Open Programs and Features from the Windows Control Panel.
- From the list of programs, select VMware vCenter Site Recovery Manager and click Change.
- Select the Modify option on the Maintenance Options screen and follow the wizard until you reach the Certificate Type screen.
- Select the Use a PKCS#12 certificate file option and click Next.
- Browse to C:\manual-certs, select the mgmt01srm01.sfo01.p12 or mgmt01srm51.lax01.p12 file, and enter the certificate password
VMware1!that you specified when generating the PKCS#12 file. - Click Yes in the certificate warning dialog box and complete the modify installation wizard.
To restore the connection between the two Site Recovery Manager sites after replacing the certificates with CA-signed certificates.
- Open a Web Browser and go to https://mgmt01vc01.sfo01.rainpole.local.
Log in using the following credentials.
Setting
Value
User name
Password
vsphere_admin_password
In the vSphere Web Client, click Site Recovery > Sites.
- Right-click the site mgmt01vc01.sfo01.rainpole.local and select Reconfigure Pairing.
- Enter the address of the Platform Services Controller lax01psc51.lax01.rainpole.local on the remote site and click Next.
- Select the vCenter Server instance mgmt01vc51.lax01.rainpole.local with which Site Recovery Manager is registered on the remote site, enter the vCenter Single Sign-On administrator user name [email protected] and vsphere_admin_password password, and click Finish.
Repeat the procedure to replace the default VMware-signed certificate with this one on mgmt01srm51.lax01.rainpole.local.
Parent topic: Replace Certificates of the Virtual Infrastructure Components in Region B
Previous topic: Replace the Certificate of vSphere Data Protection in Region B
Next topic: Install the CA-Signed Certificate on vSphere Replication