Replacing the custom certificate on add-on VR server fails
search cancel

Replacing the custom certificate on add-on VR server fails

book

Article ID: 392575

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

  • Replacing the custom certificates on add-on VR servers fail with following error:

The certificate's Subject Alternative Name does not contain one of the following:

- an IP address that matches the SRM host IP
- a DNS name that matches the SRM host name
- a common Name field that matches the SRM host name.   

  • Hostname of the add-on VR is set as short name instead of FQDN.

Environment

  • vSphere Replication 8.x
  • vSphere Replication 9.x

Cause

  • The issue is seen when Subject Alternative Name of the generated custom certificate does not match the hostname of the add-on VR.

  • Add-on VR server has the hostname as short-name or alias name instead of Fully Qualified Domain Name (FQDN).

Resolution

  1. Change the hostname of the add-on VR from short-name to Fully Qualified Domain Name (FQDN).
    Login to Appliance Management (https://VR-FQDN:5480) > Networking > Edit > Expand 'Hostname and DNS' > Change Hostname to FQDN

  2. Generate the custom certificate such that the Subject Alternative Name has following entries:
    subjectAltName = DNS: vr.fqdn.com, DNS:vr, IP:IP Address 

    For more details on generating custom certificate on VR servers, refer:
    Configuring CA signed certificates for vSphere Replication or SRM based on Photon OS through Command line.

  3. Change the certificate in VR Appliance Management:
    Click on 'Certificates' > Change > Select 'Use a PKCS #12  certificate file. > Under 'Certificate file' > Click on 'Browse' > import the generated certificate.
Powered by Wolken Software