6.5
Table Of Contents
- VMware vSphere Replication Installation and Configuration
- Contents
- vSphere Replication Installation and Configuration
- Updated Information
- Overview of VMware vSphere Replication
- vSphere Replication System Requirements
- Installing and Uninstalling vSphere Replication
- Install vSphere Replication
- Uninstall vSphere Replication
- Unregister vSphere Replication from vCenter Server if the Appliance Was Deleted
- Configuring the Customer Experience Improvement Program
- Isolating the Network Traffic of vSphere Replication
- Set Up a VMkernel Adapter for vSphere Replication Traffic on a Source Host
- Set Up a VMkernel Adapter for vSphere Replication Traffic on a Target Host
- Create a VM Network Adapter to Use for Incoming Replication Traffic on the Combined vSphere Replication Appliance
- Create VM Network Adapters to Isolate the Network Traffic of a vSphere Replication Server
- Deploying Additional vSphere Replication Servers
- Upgrading vSphere Replication
- Reconfigure the vSphere Replication Appliance
- Reconfigure General vSphere Replication Settings
- Change the SSL Certificate of the vSphere Replication Appliance
- Change the Password of the vSphere Replication Appliance
- Change Keystore and Truststore Passwords of the vSphere Replication Appliance
- Configure vSphere Replication Network Settings
- Configure vSphere Replication System Settings
- Update the NTP Server Configuration
- Reconfigure vSphere Replication to Use an External Database
- Use the Embedded vSphere Replication Database
- vSphere Replication Roles and Permissions
6 Generate or install a new SSL certificate.
Option Action
Generate a self-signed certificate Click Generate and Install. Using a self-signed certificate provides trust by
thumbprint only and might not be suitable for environments that require high
levels of security. You cannot use a self-signed certificate if you selected Accept
only SSL certificates signed by a trusted Certificate Authority.
Upload a certificate Click Browse to select a PKCS#12 certificate and click Upload and Install.
Public key certificates must meet certain requirements. See Requirements When
Using a Public Key Certificate with vSphere Replication.
7 Click Save and Restart Service to apply the changes.
You changed the SSL certificate and optionally changed the security policy to use trust by validity and
certificates signed by a certificate authority.
Note If you change a certificate on one of the source or target sites, the connection status to this site
changes to Connection issue. In the vSphere Web Client, you can check the list of target sites under
vSphere Replication on the Manage tab, and reconnect the sites.
vSphere Replication Certificate Verification
vSphere Replication verifies the certificates of vCenter Server and remote vSphere Replication servers.
All communication between vCenter Server, the local vSphere Replication appliance, and the remote
vSphere Replication appliance goes through a vCenter Server proxy at port 80. All SSL traffic is
tunnelled.
vSphere Replication can trust remote server certificates either by verifying the validity of the certificate
and its thumbprint or by verifying the thumbprint only. The default is to verify by thumbprint only. You can
activate the verification of the certificate validity in the virtual appliance management interface (VAMI) of
the vSphere Replication appliance by selecting the option Accept only SSL certificates signed by a
trusted Certificate Authority when you upload a certificate.
Thumbprint Verification vSphere Replication checks for a thumbprint match. vSphere Replication
trusts remote server certificates if it can verify the the thumbprints through
secure vSphere platform channels or, in some rare cases, after the user
confirms them. vSphere Replication only takes certificate thumbprints into
account when verifying the certificates and does not check certificate
validity.
Verification of
Thumbprint and
Certificate Validity
vSphere Replication checks the thumbprint and checks that all server
certificates are valid. If you select the Accept only SSL certificates
signed by a trusted Certificate Authority option, vSphere Replication
refuses to communicate with a server with an invalid certificate. When
verifying certificate validity, vSphere Replication checks expiration dates,
subject names and the certificate issuing authorities.
VMware vSphere Replication Installation and Configuration
VMware, Inc. 52