Regenerate the Manager Service self-signed SSL certificate or import a CA-signed certificate. With the new certificate, reestablish the trust with the Replicator Service instances and re-pair all cloud sites.

Replacing the certificate of the Manager Service invalidates the trust between all Replicator Service instances in the local site, remote cloud sites, and remote on-premises sites. To reestablish the trust, re-pair the registration of Replicator Service instances in the remote site and re-pair the cloud sites.
Important: After re-pairing all the cloud sites, you must also manually re-pair all on-premises sites.

Procedure

  1. Log in to the Manager Service service management interface.
    1. In a Web browser, go to https://Appliance-IP-Address:8441/ui/admin.
    2. Select Appliance login or SSO login and enter the root or the single sign-on user credentials.
    3. Click Login.
  2. Replace the Manager Service certificate.
    1. In the left pane under Configuration, click Settings.
    2. Under Appliance settings next to Certificate, select the certificate replacement method.
      Option Description
      Import Upload a CA-signed certificate.
      Regenerate Generate a new self-signed certificate.
    3. Click Apply.
      Manager Service creates a copy of the old certificate at /opt/vmware/h4/manager/config/keystore.p12.bak. You are logged out and the services automatically restart in a few minutes.
  3. Log in to the Manager Service service management interface.
    1. In a Web browser, go to https://Appliance-IP-Address:8441/ui/admin.
    2. Select Appliance login or SSO login and enter the root or the single sign-on user credentials.
    3. Click Login.
  4. Trust the new Manager Service certificate in the local Replicator Service.
    1. In the left pane, click Replicator Services.
    2. In the Replicator Services administration page, select the local Replicator Service and click Repair.
    3. In the Details for replicator window, enter the Cloud Replication Management appliance root user password, the single sign-on credentials and click Apply.
    4. To complete the trust reestablishment, accept the local Replicator Service SSL certificate.
    Note: Repeat this step and to trust the new certificate select the remaining Replicator Service instances.
  5. Log in to the management interface of the Cloud Replication Management Appliance.
    1. In a Web browser, go to https://Appliance-IP-Address/ui/admin.
    2. Select Appliance login or SSO login and enter the root or the single sign-on user credentials.
    3. Click Login.
  6. Trust the new Manager Service certificate in the paired cloud sites.
    1. In the left pane, click Peer Sites.
    2. Select a cloud site and click Repair.
    3. In the Update Pairing window, click Update.
    4. To complete the trust reestablishment, accept the remote Cloud Service SSL certificate.
    Note: Repeat this step and to re-pair select the remaining cloud sites.

What to do next

Re-pair all on-premises sites with the local site. For more information, see Re-Pair On-Premises with Cloud Site.