You replace the SSL certificate on Site Recovery Manager to keep the communication with this component trusted. You generate a custom certificate by using the CertGenVVS utility.

If you replace the certificates of all management components in each site, you must replace the certificates of all vCenter Server and NSX Manager instances before Site Recovery Manager to ensure a two way trust.


Verify that a signed certificate, generated by the CertGenVVS utility (see, is available for the Site Recovery Manager instance.


  1. Log in to the Site Recovery Manager management interface at https://<srm_fqdn>:5480 as admin.
  2. In the left navigation pane, click Certificates.
  3. On the Appliance certificate page, click Change.
  4. In the Change certificate dialog box, configure the settings and click Change.



    Select certificate type

    Use a PKCS #12 certificate file

    Certificate file

    Select the p12 file that you generated by using CertGenVVS.


    Enter the certificate passphrase.

  5. Log in to the management domain vCenter Server at https://<vcenter_server_fqdn>/ui with a user assigned the Administrator role.
  6. In the Site recovery inventory, verify that status for vSphere Replication and Site Recovery Manager is OK.