In a dual-region SDDC, you replace an expired certificate on Site Recovery Manager to keep this component trusted. You generate a custom certificate by using the CertGenVVD utility.

About this task

If you replace the certificates of all management components in Region B, you must replace the certificates of all Platform Services Controller, vCenter Server and NSX Manager instances before Site Recovery Manager.

Table 1. Certificate-Related Files for Site Recovery Manager in Region B

Hostname or Service

Certificate Files

lax01m01srm01.lax01.rainpole.local

lax01m01srm01.5.p12

chainRoot64.cer

Procedure

  1. Log in to the Site Recovery Manager virtual machine by using a Remote Desktop Protocol (RDP) client.
    1. Open an RDP connection to the following virtual machine.

      Region

      Site Recovery Manager

      Region B

      lax01m01srm01.lax01.rainpole.local

    2. Log in using the following credentials.

      Setting

      Value

      User name

      rainpole\svc-srm

      Password

      svc-srm_password

  2. Install the CA certificates in the Windows trusted root certificate store of the Site Recovery Manager virtual machine.
    1. Copy the CA certificate and PKCS#12 file from the Windows hosts where you run the CertGenVVD utility to the C:\certs folder.
    2. Locate the chainRoot64.cer file in C:\certs folder.
    3. Double-click the chainRoot64.cer file to open Certificate import dialog box.
    4. In the Certificate dialog box, select the Install Certificate option.

      The Certificate Import Wizard appears.

    5. Select the Local Machine option for the Store Location and click Next.
    6. Select Place all certificates in the following store option, browse to select the Trusted Root Certificate Authorities store and click OK.
    7. On the Completing the Certificate Import Wizard page, click Finish.
  3. Replace the certificate on Site Recovery Manager with the one that you generated.
    1. Open Programs and Features from the Windows Control Panel.
    2. From the list of programs, select VMware vCenter Site Recovery Manager and click Change.
    3. Select the Modify option on the Maintenance Options screen and follow the wizard until you reach the Certificate Type screen.
    4. Select the Use a PKCS#12 certificate file option and click Next.
    5. Browse to the C:\certs folder, select the lax01m01srm01.lax01.5.p12 file, and enter the certificate password that you specified when generating the PKCS#12 file.
    6. Click Yes in the certificate warning dialog box and complete the modify installation wizard.
  4. Reconnect the two Site Recovery Manager sites.
    1. Open a Web browser and go to https://lax01m01vc01.lax01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

    3. In the vSphere Web Client, click Site Recovery > Sites.
    4. Right-click the site lax01m01vc01.lax01.rainpole.local and select Reconfigure Pairing.
    5. Enter the address of the Platform Services Controller sfo01psc01.sfo01.rainpole.local on the remote site and click Next.
    6. Select the vCenter Server instance sfo01m01vc01.sfo01.rainpole.local with which Site Recovery Manager is registered on the remote site, enter the user name svc-srm@vsphere.local and svc-srm_password password, and click Finish.