vSphere Replication appliance uses certificate-based authentication for all connections that it establishes with vCenter Server and remote site vSphere Replication appliances.

About this task

vSphere Replication does not use username and password based authentication. vSphere Replication generates a standard SSL certificate when the appliance first boots and registers with vCenter Server. The default certificate policy uses trust by thumbprint.

You can change the SSL certificate, for example if your company's security policy requires that you use trust by validity and thumbprint or a certificate signed by a certification authority. You change the certificate by using the virtual appliance management interface (VAMI) of the vSphere Replication appliance. For information about the SSL certificates that vSphere Replication uses, see vSphere Replication Certificate Verification and Requirements When Using a Public Key Certificate with vSphere Replication.

Prerequisites

  • Verify that the vSphere Replication appliance is powered on.

  • You must have administrator privileges to configure the vSphere Replication appliance.

  • You updated vCenter Server, the vSphere Client, Site Recovery Manager, and the Site Recovery Manager client to the corresponding 5.5.x update release.

Procedure

  1. Connect to the VAMI of the vSphere Replication appliance in a Web browser.

    The URL for the VAMI is https://vr-appliance-address:5480.

    You can also access the VAMI by clicking Configure VR Appliance in the Summary tab in the vSphere Replication view of the Site Recovery Manager interface.

  2. Type the root user name and password for the appliance.

    You configured the root password during the OVF deployment of the vSphere Replication appliance.

  3. (Optional) Click the VR tab and click Security to review the current SSL certificate.
  4. Click Configuration.
  5. (Optional) To enforce verification of certificate validity, select the Accept only SSL certificates signed by a trusted Certificate Authority check box.

    See vSphere Replication Certificate Verification for details of how vSphere Replication handles certificates.

  6. Generate or install a new SSL certificate.

    Option

    Action

    Generate a self-signed certificate

    Click Generate and Install. Using a self-signed certificate provides trust by thumbprint only and might not be suitable for environments that require high levels of security. You cannot use a self-signed certificate if you selected Accept only SSL certificates signed by a trusted Certificate Authority.

    Upload a certificate

    Click Browse to select a PKCS#12 certificate and click Upload and Install. Public key certificates must meet certain requirements. See Requirements When Using a Public Key Certificate with vSphere Replication.
  7. Click Save and Restart Service to apply the changes.

Results

You changed the SSL certificate and optionally changed the security policy to use trust by validity and certificates signed by a certificate authority.

Note:

If you change the SSL certificate, the vSphere Replication status changes to disconnected. Validate the certificate to reconnect the source and target sites before replicating a virtual machine.