VMware Cloud Community
kurimargo
Contributor
Contributor
‎07-21-2014 09:17 AM

SRM and custom certificates

Hi

I have 2 vCenter 5.5 servers and both of them have custom CA based certificates (witch I deployed with SSL Certificate Automation Tool).

Also I did certificate requests with same tool and now my one vCenter certificate has OU value "vCenterServer-hostname1" and other vCenter Certicate OU has value "vCenterServer-hostname2"

Now I'm trying to setup SRM and I'm reading a document: VMware KB:     Requirements when using trusted certificates with VMware Site Recovery Manager 1.0.x/...

In this document are described requirements for SRM certificates and two of them are:

  • An Organizational Unit (OU) attribute, whose value must be the same as the value of this attribute in the supporting vCenter Server’s certificate.


Am I correct that I must create a certificate for first SRM instance with "OU = vCenterServer-hostname1" parameter and for second instance with "OU = vCenterServer-hostname1" parameter?


  • All OU values for vCenter and SRM certificates must match, to be copacetic with the OUs in the environment.


Now I dont't understand. If my vCenter servers certificates have different OU values is it possible to set SRM certificates at all?

Or must I create a new vCenter servers certificates with same OU values?



Best Regards,


Margo Engel


0 Kudos
1 Reply
jordanovi
VMware Employee
VMware Employee
‎07-22-2014 02:26 AM

Hi Margo

There was a bug in the SRM 5.5 documentation that is fixed now. Please, check Site Recovery Manager 5.5 Documentation Center - chapter Requirements When Using Public Key Certific...

The SRM certificates must have a Subject Name value constructed from the following components:

  • A Common Name (CN) attribute. A string such as "SRM" is appropriate here.
  • An Organization (O) attribute and an Organizational Unit (OU) attribute. These values must be the same for both members of the SRM pair.
  • The L (locality), S (state), and C (country) attributes are not required. If you specify these attributes, the values must be the same for both members of the SRM pair.

Ignore the next 2 statements:

  • An Organizational Unit (OU) attribute, whose value must be the same as the value of this attribute in the supporting vCenter Server’s certificate.
  • All OU values for vCenter and SRM certificates must match, to be copacetic with the OUs in the environment.

Hope this helps. Would be glad to help if you have any more issues.

Best Regards

Ivan

0 Kudos