If you use custom certificates that a certificate authority (CA) signed to authenticate between vCenter Server and Site Recovery Manager, you must copy the certificates of the signing CA to the host machine on which the vSphere Web Client service is running.
About this task
The vSphere Web Client service for each site requires the certificate of the signing CA for vCenter Server on the remote site. If you use a different CA to sign the certificates for Site Recovery Manager, the vSphere Web Client service for each site requires the certificate of the signing CA for Site Recovery Manager on both sites so that it can authenticate the client connection to the remote site. If you do not provide the certificates of the signing CA to the vSphere Web Client service on each site, installation and upgrade of Site Recovery Manager succeeds, but site pairing fails.
Prerequisites
Verify that you have custom certificates that a CA signed to authenticate between vCenter Server and Site Recovery Manager. If you use auto-generated certificates, you do not need to copy a certificate to the host machine on which the vSphere Web Client service is running.
Procedure
- Log in to the host machine on which the vSphere Web Client service for a site is running.
- Copy the certificate of the signing CA for the remote vCenter Server to the SSL trust store on the vSphere Web Client host machine.
For example, if you are logged in to the vSphere Web Client host machine for site A, copy the certificate of the signing CA for the vCenter Server on site B to the SSL trust store on site A.
Type of Setup |
SSL Trust Store Location |
vCenter Server and vSphere Web Client running on Windows |
%ALLUSERSPROFILE%\VMware\SSL |
vCenter Server Virtual Appliance running on Linux |
/etc/ssl/certs |
- (Optional) If you use a different CA to sign the certificates for Site Recovery Manager, copy the certificates of the signing CA for the local and remote Site Recovery Manager instances to the SSL trust store on the vSphere Web Client host machine.
For example, if you are logged in to the vSphere Web Client host machine for site A, copy the certificates of the signing CA for the Site Recovery Manager instances on both sites A and B to the SSL trust store on site A.
Type of Setup |
SSL Trust Store Location |
vCenter Server and vSphere Web Client running on Windows |
%ALLUSERSPROFILE%\VMware\SSL |
vCenter Server Virtual Appliance running on Linux |
/etc/ssl/certs |
- Restart the vSphere Web Client service.
- Repeat Step 1 to Step 4 on the other site in the site pair.
For example, copy the certificates of the signing CA for the vCenter Server on site A and optionally copy the certificates of the signing CA for the Site Recovery Manager instances on both sites A and B to the SSL trust store on site B.
