To ensure secure communication with the connected management components, replace the certificates on the Site Recovery Manager appliance in the protected and the recovery VMware Cloud Foundation instances. You generate these SSL certificates using the PowerShell module for VMware Validated Solutions.

For the protected VMware Cloud Foundation instance procedure, use the VMware Cloud Foundation Planning and Preparation Workbook.

Procedure

  1. Generate an SSL certificate using the PowerShell module for VMware Validated Solutions.

    1. Start PowerShell.

    2. Replace the sample values in the variables below and run the commands in the PowerShell console.

      $commonName = "sfo-m01-srm01.sfo.rainpole.io"
      $encryptionKeySize = 2048
      $certificateExpiryDays = 730
      $certificatePassword = "VMw@re1!"
      $orgName = "rainpole"
      $orgUnitName = "Platform Engineering"
      $orgLocalityName = "San Francisco"
      $orgStateName = "California"
      $orgCountryCode = "US"
      
      $caType = "msca"
      $caFqdn = "rpl-ad01.rainpole.io"
      $caUsername = "Administrator"
      $caPassword = "VMw@re1!"
      $caTemplate = "VMware"
      
      $outputPath = ".\certificates\"
      $csrFilePath = Join-Path $outputPath "$commonName.csr"
      $keyFile = "$commonName.key"
      $crtFile = "$commonName.crt"
      $rootCaFile = "$caFqdn-rootCa.pem"
    3. Perform the configuration by running the command in the PowerShell console.

      Invoke-GeneratePrivateKeyAndCsr -outDirPath $outputPath -commonName $commonName -keySize $encryptionKeySize -expireDays $certificateExpiryDays -organization $orgName -organizationUnit $orgUnitName -locality $orgLocalityName -state $orgStateName -country $orgCountryCode
      
      Invoke-RequestSignedCertificate -caFqdn $caFqdn -csrFilePath $csrFilePath -outDirPath $outputPath -certificateAuthority $caType -username $caUsername -password $caPassword -certificateTemplate $caTemplate -getCArootCert
      
      Invoke-GeneratePKCS12 -certificatePath $outputPath -privateKeyFile $keyFile -certificateFile $crtFile -certificatePassword $certificatePassword -caChainFile $rootCaFile
  2. Replace the SSL certificate.

    1. Log in to the vSphere Replication appliance configuration interface at https://<vrms_fqdn>:5480 as admin.
    2. In the left pane, click Certificates.

    3. In the Appliance certificate section, click Change.

    4. In the Change certificate dialog box, configure the settings, configure the remaining settings according to VMware Cloud Foundation Planning and Preparation Workbook, and click Change.

  3. Repeat this procedure to replace the certificate on the Site Recovery Manager appliance in the recovery VMware Cloud Foundation instance by using the corresponding values in your VMware Cloud Foundation Planning and Preparation Workbook for the Recovery Instance.