SSL Certificate Error Handling in vCenter Site Recovery Manager
search cancel

SSL Certificate Error Handling in vCenter Site Recovery Manager

book

Article ID: 333543

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

VMware vCenter Site Recovery Manager (SRM) can exhibit a variety of errors related to the SSL certificates in use by SRM and vCenter servers. This article summarizes those errors and suggests ways to recover from them.

Environment

VMware vCenter Site Recovery Manager 5.0.x
VMware vCenter Site Recovery Manager 5.1.x
VMware vCenter Site Recovery Manager 4.1.x
VMware vCenter Site Recovery Manager 5.5.x
VMware vCenter Site Recovery Manager 4.0.x
VMware vCenter Site Recovery Manager 5.8.x

Resolution

While using vCenter Site Recovery Manager (SRM), you might encounter any of these errors:

  • Unable to establish reciprocity, when configuring a connection to the remote site:

    This condition is often triggered when one site completes an installation in repair mode but the other site does not. To recover, re-start SRM at both sites and re-run the installer in repair mode at both sites, as described in the VMware vCenter Site Recovery Manager Administration Guide. Ensure that the DNS name resolution is working correctly on both sites.

  • Certificate subject names do not match for remote SRM extension and local SRM certificate:

    This error often indicates that the Subject Alternative Name on one of the certificates is incorrect. For more information about how to specify the Subject Alternative Name, see Requirements when using trusted certificates with VMware Site Recovery Manager (1008390).

  • A certificate in the host’s chain is not time valid:

    This error generally indicates that a certificate has expired. To recover, run the SRM installer in repair mode, as described in the VMware vCenter Site Recovery Manager Administration Guide, and supply the pathname to a new, valid certificate.

  • Local and Remote servers are using different trust methods:

    This error usually indicates that SRM is using a certificate that is trusted by the vCenter server but not by SRM. To recover, use Microsoft Management Console to accept the certificate used by the vCenter server on the SRM server host.