You replace the SSL certificate on Site Recovery Manager to keep the communication with this component trusted. You generate a custom certificate by using the CertGenVVS utility.

If you replace the certificates of all management components in each site, you must replace the certificates of all vCenter Server and NSX Manager instances before Site Recovery Manager to ensure a two way trust.

Prerequisites

Verify that a signed certificate, generated by the CertGenVVS utility (see https://kb.vmware.com/s/article/85527), is available for the Site Recovery Manager instance.

Procedure

  1. Log in to the Site Recovery Manager management interface at https://<srm_fqdn>:5480 as admin.
  2. In the left navigation pane, click Certificates.
  3. On the Appliance certificate page, click Change.
  4. In the Change certificate dialog box, configure the settings and click Change.

    Setting

    Value

    Select certificate type

    Use a PKCS #12 certificate file

    Certificate file

    Select the p12 file that you generated by using CertGenVVS.

    Password

    Enter the certificate passphrase.
  5. Log in to the management domain vCenter Server at https://<vcenter_server_fqdn>/ui with a user assigned the Administrator role.
  6. In the Site recovery inventory, verify that status for vSphere Replication and Site Recovery Manager is OK.