After you replace the certificates of all Platform Services Controller, vCenter Server and NSX Manager instances, replace the certificates on the Site Recovery Manager instances.

You replace certificates twice, once for each Site Recovery Manager. You start by replacing certificates on sfo01m01srm01.sfo01.rainpole.local, the Site Recovery Manager in Region A.

Table 1. Certificate-Related Files for Site Recovery Manager in Region A and Region B

File Name

Site Recovery Manager in Region A

Site Recovery Manager in Region B

CA Certificate Name

Root64.cer

Root64.cer

PKCS#12 File Name

sfo01m01srm01.5.p12

lax01m01srm01.5.p12

Procedure

  1. Log in to the Site Recovery Manager virtual machine by using a Remote Desktop Protocol (RDP) client.
    1. Open an RDP connection to the following virtual machine.

      Region

      Site Recovery Manager

      Region A

      sfo01m01srm01.sfo01.rainpole.local

      Region B

      lax01m01srm01.lax01.rainpole.local

    2. Log in using the following credentials.

      Setting

      Value

      User name

      rainpole\svc-srm

      Password

      svc-srm_user_password

  2. Install the CA certificates in the Windows trusted root certificate store of the Site Recovery Manager virtual machine.
    1. Copy the CA Certificate and PKSCS#12 File to the C:\certs folder
    2. Double-click the CA Certificate file in the C:\certs folder to open Certificate import dialog box.
    3. In the Certificate dialog box, select the Install Certificate option.

      The Certificate Import Wizard appears.

    4. Select the Local Machine option for Store Location and click Next.
    5. Select Place all certificates in the following store option, browse to select Trusted Root Certificate Authorities store, and click OK.
    6. On the Completing the Certificate Import Wizard page, click Finish.
  3. Replace the certificate on Site Recovery Manager with CA-signed Certificates.
    1. Open Programs and Features from the Windows Control Panel.
    2. From the list of programs, select VMware vCenter Site Recovery Manager and click Change.
    3. Select the Modify option on the Maintenance Options screen and follow the wizard until you reach the Certificate Type screen.
    4. Select the Use a PKCS#12 certificate file option and click Next.
    5. Browse to the C:\certs folder, select the sfo01m01srm01.5.p12 or lax01m01srm01.5.p12 file, and enter the certificate password VMware1! that you specified when generating the PKCS#12 file.
    6. Click Yes in the certificate warning dialog box and complete the modify installation wizard.
  4. If you were previously using credential-based authentication, you might need to restore the connection between the two Site Recovery Manager sites after replacing the default certificates with CA-signed certificates.
    1. Open a Web Browser and go to the following URL.

      Region

      URL

      Region A

      https://sfo01m01vc01.sfo01.rainpole.local

    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

    3. In the vSphere Web Client, click Site Recovery > Sites.
    4. Right-click the site sfo01m01vc01.sfo01.rainpole.local and select Reconfigure Pairing.
    5. Enter the address of the Platform Services Controller lax01psc01.lax01.rainpole.local on the remote site and click Next.
    6. Select the vCenter Server instance lax01m01vc01.lax01.rainpole.local with which Site Recovery Manager is registered on the remote site, enter the vCenter Single Sign-On administrator user name svc-srm@rainpole.local and svc-srm_password password, and click Finish.
  5. Repeat the steps to replace the default VMware-signed certificate on lax01m01srm01.lax01.rainpole.local.