Site Recovery Manager uses TLS certificates and private keys to protect network communication and securely establish authentication with other servers.

CA certificate or private key or both

Location and Description

TLS certificate and key for Site Recovery Manager Server endpoint

In the Certificates\vmware-dr\Personal\Certificates folder in Windows Certificate Store.

Site Recovery Manager generates the certificate if you do not provide a custom certificate during the installation.

TLS certificate and key for solution user created during Site Recovery Manager installation

In the Certificates\vmware-dr\su-Site Recovery Manager UUID\Certificates folder in Windows Certificate Store.

TLS certificate and key for solution user on the remote site

In the Certificates\vmware-dr\remote-su-Site Recovery Manager UUID\Certificates folder in Windows Certificate Store.

Site Recovery Manager creates the files during the pairing process.

CA certificate for Site Recovery Manager Server and TLS certificate

installation_folder\VMware\VMware vCenter Site Recovery Manager\bin\SRM_Server_IP_addressca.p7b file.

Site Recovery Manager generates the certificate if you do not provide a custom certificate during the installation.

You can import the certificate into a client trust keystore to allow users to implicitly trust the Site Recovery Manager Server certificate.

Note:

Do not extract or share private key information to protect your Site Recovery Manager instance.

For more information about the Site Recovery Manager authentication mechanisms, see the Site Recovery Manager Authentication topic in the Site Recovery Manager Installation and Configuration Guide.