To set up a trusted environment with your custom root CA certificates, you must manually import the certificates into the Site Recovery Manager Virtual Appliance .
The certificates must be in a .pem format.
- Log in to the Site Recovery Manager Virtual Appliance host machine as admin.
- Run the following command.
- Enter the root password.
- Copy the certificates to /etc/ssl/certs.
- To modify the certificates' permissions, run the following command.
chmod a+r <new-root-ca>.pem
- To import the Site Recovery Manager Server certificates, use the Site Recovery Manager Appliance Management Interface.
- Log in to the Site Recovery Manager Appliance Management Interface as admin.
- Click the Access tab, and then, in the Certificate pane, click Change.
- Select a certificate type.
Menu item Description Generate a self-signed certificate. Use an automatically generated certificate.
Note: Using a self-signed certificate is not recommended for production environments.
- Enter text values for your organization and organization unit, typically your company name, and the name of your group in the company.
- Accept the default FQDN and IP values.
Use a PKCS #12 certificate file. Use a custom certificate.
- Click Browse, navigate to the certificate file, and click Open. The certificate file must contain exactly one certificate with exactly one private key matching the certificate.
- (Optional) Enter the optional private key encryption password.
Use a CA-signed certificate generated from CSR. Use a CA-signed certificate generated from a CSR.
- In the Certificate file row, click Browse, navigate to the certificate file, and click Open.
- (Optional) In the CA chain row, click Browse, navigate to the CA chain, and click Open.
- Click Change.
- To import the Site Recovery HTML 5 client trust certificate in the JRE keystore, run the following command.
keytool -importcert -v -noprompt -file root.pem -alias root-ca -keystore /usr/java/jre-vmware/lib/security/cacerts -storepass changeit