You generate a new vSphere Replication Manager certificate and update all vSphere Replication Server instances to use the new certificate.

About this task

Note:

You cannot perform any replication management operations while you are performing the steps in the current procedure.

Procedure

  1. To verify that you are replacing the correct vSphere Replication Manager certificate, run the following command on the vCloud Availability Installer Appliance.
    # vcav hms print-certificate --hms-address=hms-IP-address

    The following information is displayed.

    Issued By: 10.192.43.10
    Common Name: 10.192.43.10
    Fingerprint: 2A:65:4A:EC:63:BA:2F:36:EA:DF:CA:5E:A3:6F:46:98:D8:73:F4:C2
    Start Date: 2016-12-15 01:07:16
    End Date: 2021-12-14 01:07:16

    Write down the Fingerprint of the certificate. You need it to replace the certificate in the next step.

  2. Replace the vSphere Replication Manager certificate by running the following command.
    # vcav hms replace-certificate --hms-address=hms-IP-address \
    --thumbprint=2A:65:4A:EC:63:BA:2F:36:EA:DF:CA:5E:A3:6F:46:98:D8:73:F4:C2

    The system displays an OK message.

  3. Verify that the replacement operation completed successfully by running the following command.
    # vcav hms print-certificate --hms-address=hms-IP-address

    The system displays the following information.

    Issued By: 10.192.43.10
    Common Name: 10.192.43.10
    Fingerprint: E6:A8:5C:4E:B3:94:9E:D5:E8:30:25:A2:49:E6:21:8D:E7:22:6F:BA
    Start Date: 2016-12-15 12:55:12
    End Date: 2021-12-14 12:55:12

    The new Fingerprint value indicates that the certificate is successfully replaced. You can note down the new Fingerprint for future operations.

  4. Reconfigure the vSphere Replication Manager by running the following command.

    Standard Command

    Command Using Registry

    # vcav hms configure \
    --reconfigure \
    --hms-address=$HMS_ADDRESS \
    --vsphere-address=$VSPHERE_ADDRESS \
    --vsphere-user=$SSO_USER \
    --vsphere-password-file=~/.ssh/.sso \
    --vcd-address=$VCD_ADDRESS \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd \
    --sso-user=$SSO_USER \
    --sso-password-file=~/.ssh/.sso
    # vcav hms configure \
    --reconfigure \
    --hms-address=hms-IP-address \
    --vsphere=vsphere-name \
    --vcd=vcd-name \

    The system returns an OK message, after the process finishes.

  5. Verify that the hms service starts successfully.

    Standard Command

    Command Using Registry

    # vcav hms wait-for-extension \
    --hms-address=$HMS_ADDRESS \
    --vsphere-address=$VSPHERE_ADDRESS \
    --vsphere-user=$SSO_USER \
    --vsphere-password-file=~/.ssh/.sso \
    --vcd-address=$VCD_ADDRESS \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd \
    --sso-user=$SSO_USER \
    --sso-password-file=~/.ssh/.sso
    # vcav hms wait-for-extension \
    --hms-address=hms-IP-address \
    --vsphere=vsphere-name \
    --vcd=vcd-name

    If the hms service starts successfully, the system displays an ОК message.

    If the system returns an error, or there is no output in 5 minutes, check the /opt/vmware/logs/hms/hms.log file for errors.

  6. Load the new vSphere Replication Manager certificate to all connected vSphere Replication Server instances.

    Standard Command

    Command Using Registry

    # vcav hbr configure \
    --reconfigure
    --hbr-address=$HBR_ADDRESS \
    --vsphere-address=$VSPHERE_ADDRESS \
    --vsphere-user=$SSO_USER \
    --vsphere-password-file=~/.ssh/.sso \
    --vcd-address=$VCD_ADDRESS \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd
    # vcav hbr configure \
    --reconfigure
    --hbr-address=$HBR_ADDRESS \
    --vsphere=vsphere-name \
    --vcd=vcd-name

    The system returns an OK message, after the process finishes.

  7. Verify that the hbr service starts successfully.

    Standard Command

    Command Using Registry

    # vcav hbr wait-for-extension \
    --hbr-address=$HBR_ADDRESS \
    --vsphere-address=$VSPHERE01_ADDRESS \
    --vsphere-user=$SSO_USER \
    --vsphere-password-file=~/.ssh/.sso \
    --vcd-address=$VCD_ADDRESS \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd
    # vcav hbr wait-for-extension \
    --hbr-address=$HBR_ADDRESS \
    --vsphere=vsphere-01-name \
    --vcd=vcd-01-name

    If the hbr service starts successfully, the system displays an ОК message.

    If the system returns an error, or there is no output in 5 minutes, check the /var/log/vmware/hbrsrv.log file for errors.