To update the vSphere Replication Server certificate, you must replace the old certificate with a newly generated one, and reconfigure the vSphere Replication Server.

Procedure

  1. Run the following command on the vCloud Availability Installer Appliance to verify that you are replacing the correct vSphere Replication Server certificate.
    # vcav hbr print-certificate --hbr-address=hbr-IP-address

    The following information is displayed.

    Issued By: 10.192.43.10
    Common Name: 10.192.43.10
    Fingerprint: 2A:65:4A:EC:63:BA:2F:36:EA:DF:CA:5E:A3:6F:46:98:D8:73:F4:C2
    Start Date: 2016-12-15 01:07:16
    End Date: 2021-12-14 01:07:16

    Write down the Fingerprint of the certificate. You need it to replace the certificate in the next step.

  2. Replace the vSphere Replication Server certificate by running the following command.
    # vcav hbr replace-certificate --hbr-address=10.192.43.10 \
    --thumbprint=2A:65:4A:EC:63:BA:2F:36:EA:DF:CA:5E:A3:6F:46:98:D8:73:F4:C2

    The system displays an OK message.

  3. Verify that the replacement operation completed successfully by running the following command.
    # vcav hbr print-certificate --hbr-address=hbr-IP-address

    The system displays the following information.

    Issued By: 10.192.43.10
    Common Name: 10.192.43.10
    Fingerprint: E6:A8:5C:4E:B3:94:9E:D5:E8:30:25:A2:49:E6:21:8D:E7:22:6F:BA
    Start Date: 2016-12-15 12:55:12
    End Date: 2021-12-14 12:55:12

    The new Fingerprint value indicates that the certificate is successfully replaced. You can note down the new Fingerprint for future operations.

  4. Reconfigure the vSphere Replication Server.

    Standard Command

    Command Using Registry

    # vcav hbr configure \
    --reconfigure
    --hbr-address=$HBR_ADDRESS \
    --vsphere-address=$VSPHERE_ADDRESS \
    --vsphere-user=$SSO_USER \
    --vsphere-password-file=~/.ssh/.sso \
    --vcd-address=$VCD_ADDRESS \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd
    # vcav hbr configure \
    --reconfigure
    --hbr-address=hbr-IP-address \
    --vsphere=vsphere-name \
    --vcd=vcd-name

    The system returns an OK message, after the process finishes.

  5. Verify that the hbr service starts successfully.

    Standard Command

    Command Using Registry

    # vcav hbr wait-for-extension \
    --hbr-address=$HBR_ADDRESS \
    --vsphere-address=$VSPHERE01_ADDRESS \
    --vsphere-user=$SSO_USER \
    --vsphere-password-file=~/.ssh/.sso \
    --vcd-address=$VCD_ADDRESS \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd
    # vcav hbr wait-for-extension \
    --hbr-address=$HBR_ADDRESS \
    --vsphere=vsphere-01-name \
    --vcd=vcd-01-name

    If the hbr service starts successfully, the system displays an ОК message.

    If the system returns an error, or there is no output in 5 minutes, check the /var/log/vmware/hbrsrv.log file for errors.