Site Recovery Manager uses TLS certificates and private keys to protect network communication and securely establish authentication with other servers.

Site Recovery Manager for Windows Certificates and Keys

CA certificate or private key or both Location and Description
TLS certificate and key for Site Recovery Manager Server endpoint In the Certificates\vmware-dr\Personal\Certificates folder in Windows Certificate Store.

Site Recovery Manager generates the certificate if you do not provide a custom certificate during the installation.

TLS certificate and key for solution user created during Site Recovery Manager installation In the Certificates\vmware-dr\su-Site Recovery Manager UUID\Certificates folder in Windows Certificate Store.
TLS certificate and key for solution user on the remote site In the Certificates\vmware-dr\remote-su-Site Recovery Manager UUID\Certificates folder in Windows Certificate Store.

Site Recovery Manager creates the files during the pairing process.

TLS certificate and key for the HTML5 UI solution user created during Site Recovery Manager installation In the C:\ProgramData\VMware\VMware vCenter Site Recovery Manager\runtime\srm-client\lib\h5dr.keystore file.
TLS certificate and key for Tomcat Server endpoint In the C:\ProgramData\VMware\VMware vCenter Site Recovery Manager\runtime\srm-client\conf\h5dr-server.keystore file.

It is the same as the TLS certificate and key for Site Recovery Manager Server endpoint.

CA certificate for Site Recovery Manager Server and TLS certificate installation_folder\VMware\VMware vCenter Site Recovery Manager\bin\SRM_Server_IP_addressca.p7b file.

Site Recovery Manager generates the certificate if you do not provide a custom certificate during the installation.

You can import the certificate into a client trust keystore to allow the users to implicitly trust the Site Recovery Manager Server certificate.

Note: Do not extract or share the private key information to protect your Site Recovery Manager instance.

For more information about the Site Recovery Manager authentication mechanisms, see the Site Recovery Manager Authentication topic in the Site Recovery Manager Installation and Configuration Guide.

Site Recovery Manager Virtual Appliance Certificates and Keys

All Site Recovery Manager Virtual Appliance services run behind a reverse HTTP proxy and do not use SSL for the communication path to the proxy. There is only one certificate for the proxy service. The certificate files are stored in /opt/vmware/srm/conf/keys/vmware-dr/My/.

CA certificate or private key or both Location
TLS certificate and key for solution user created during the Site Recovery Manager Appliance deployment In the /opt/vmware/srm/conf/keys/vmware-dr/su-Site Recovery Manager UUID folder.
TLS certificate and key for solution user on the remote site In the /opt/vmware/srm/conf/keys/vmware-dr/remote-su-Site Recovery Manager UUID folder.
TLS certificate and key for the HTML5 user interface solution user created during the Site Recovery Manager Appliance deployment In the /opt/vmware/dr-client/lib/h5dr.keystore file.