SRM appliance VAMI uses the main appliance certificate. You may need to reload your browser after changing the certificate.
Hope this helps,
Thank you Daniel,
I am not sure what happened initially, as I did refresh my browser(s). It seems to be working now that I have restarted both the SRM & vSphere Replication appliances.
Follow up question... How do I import my Microsoft Windows Server Enterprise root & intermediate CA certificates into the SRM/vSphere Replication appliances Trusted Root Certificate Authority stores?
Thank you again Daniel,
I am still have a niggly issue with SRM when pairing sites, where the one site cannot validate the vCenter server certificate on the other site.
Steps I have taken:
1) I have reconfigured both of my vCenter server's VMCA's to be subordinate to my Enterprise CA, Both completed successfully and I can browse to either vCenter server without getting browser security errors.
2) I have added my Root CA and both vCenter VMCA CA certificates to the both SRM appliances & re-run c_rehash (without error). They now have trusted connection thumbprints - the same thumbprints as the SRM site pairing does NOT trust!
3) I have created CSR's, signed them (with my root CA) and installed PKCS #12 certificates for both SRM appliances. I restarted both appliances and I can browse to them without getting a browser security error.
Do my vCenter Servers need each others VMCA CA certificate importing? Just tried this and it still errors.
I do not have any SSO/ELM between vCenter servers?
I need a sanity check, can you see/think what have I missed?
vCenter Server Appliance Version - 6.7.0 Build 13007421
VMware SRM Appliance Version - 8.2.0 Build 14383138
vSphere Replication Appliance Version - 22.214.171.12489 Build 14338525
Thank you again Daniel,
That has worked. I can now deploy both SRM and vSphere Replication appliances with certificates that are signed by my Enterprise CA.
I can also import the Root CA and both VMCA subordinate CA certificates into each appliance, so there are no more trust warning messages when pairing sites/etc.
I really appreciate your help.
Where did you generate the CSR request for the replication appliance?
I have followed the procedure from Daniel and have successfully created and installed the certs on both SRM appliances, however I don't see any option to generate a CSR on the replication appliance.
The VMdoc "Change the SSL Certificate of the vSphere Replication Appliance" at https://docs.vmware.com/en/vSphere-Replication/8.2/com.vmware.vsphere.replication-admin.doc/GUID-C960E9B0-BFF5-4A56-9CBD-7142DA6FB5C6.html
just says to upload the certificate. Wher do I get the certificate from, I assume I have to generate it somewhere?
Thanks in advance
I created it manually with OpenSSL... I am working onsite today, but I will dig out the instructions later tonight and post here... M
1 person found this helpful
Sorry for delay, I was unexpectedly asked to leave my hotel last night as they closed due to the UK Covid19 response and had a 5 hour drive home. :-(
I have uploaded a short document to https://communities.vmware.com/docs/DOC-41405 with the steps I use in OpenSSL to create the CSR, sign the CSR and then to create a pkcs12 (.p12) file for import into either a SRM or VRM appliance.
Let me know if you have any questions. I hope it helps.
Hope all is going Ok for there.
Thanks for getting back to me, I appreciate you taking the time however I'm unable to view your doc, it tell's me the content is restricted.