After you replace the certificates of all Platform Services Controllers, vCenter Server instances and NSX Managers, and of the Site Recovery Manager instances, replace the certificates on vSphere Replication in Region A and Region B

About this task

A vSphere Replication appliance uses certificate-based authentication for all connections that it establishes with vCenter Server instances and remote site vSphere Replication instances.vSphere Replication does not use user name and password based authentication. vSphere Replication generates a standard SSL certificate when the appliance first boots and registers with vCenter Server. The default certificate policy uses trust by thumbprint. You change the certificate by using the virtual appliance management interface (VAMI) of the vSphere Replication appliance.

If you use the CertGenVVD tool, you skip creating a CSR file and a certificate signed by the Microsoft CA on the child AD server in Region A.