• While deploying using an OVF Template for VMware Site Recovery Manager, VMware Live Site Recovery, vSphere Replication and vSphere Replication-Addon appliances display warning related to expired certificate
• Deploy OVF Template wizard displays error as :  "The Certificate is Expired"

• VMware Live Site Recovery 9.0.2.x
• vSphere Replication 9.0.2.x
• vSphere Replication-Addon 9.0.2.x

• The Signing Certificate used for signing the VMware Site Recovery Manager, VMware Live Site Recovery, vSphere Replication and vSphere Replication-Addon appliances OVFs during the build process expired on January 3, 2026.
• As a result the new appliances installation using VC Deployment/OVF Tool will fail

• This is a known issue impacting VMware Live Site Recovery and VMware vSphere Replication versions 9.0.2.x

Workaround:

OVF deployments from vSphere Client

• To workaround this issue on the vSphere Client, click "Ignore" to acknowledge the warning.
• Deploy OVF wizard will continue and the SRM, VR and VR-Addon appliances deployment using vCenter UI will complete successfully.

OVF deployments using OVF Tool

• If ovftool is used for deployment, an additional flag can be passed to bypass the certificate validation. 
• ovftool option "--disableVerification" needs to be used while deploying the appliance to skip certificate validation.

Sample command:

ovftool 
  --acceptAllEulas
  --disableVerification
  --ipAllocationPolicy=dhcpPolicy
  --ipProtocol=IPv4
  --deploymentOption=light | standard
  --name=SRM-VA-NAME
  --datastore=DATASTORE-NAME
  --network=NETWORK-NAME
  --net:"Network 1"=NETWORK-NAME
  --prop:varoot-password=ROOT-PASSWORD
  --prop:vaadmin-password=ADMIN-PASSWORD
  --prop:dbpassword=DB-PASSWORD
  --prop:ntpserver=NTP-SERVER
  --prop:network.netmode.VMware_Site_Recovery_Manager_Appliance='dhcp'
  --prop:network.addrfamily.VMware_Site_Recovery_Manager_Appliance='ipv4'
  http://HOST/PATH/srm-va_OVF10.ovf 
  vi://VC_USERNAME:VC_PASSWORD@VC_ADDRESS/DATACENTER-NAME/host/CLUSTER-NAME/Resources/RESOURCE-POOL-NAME

• If you want to obtain network settings through a static IP address:

ovftool 
  --acceptAllEulas
  --disableVerification
  --ipAllocationPolicy=dhcpPolicy
  --ipProtocol=IPv4
  --deploymentOption=light | standard
  --name=SRM-VA-NAME
  --datastore=DATASTORE-NAME
  --network=NETWORK-NAME
  --net:"Network 1"=NETWORK-NAME
  --prop:varoot-password=ROOT-PASSWORD
  --prop:vaadmin-password=ADMIN-PASSWORD
  --prop:dbpassword=DB-PASSWORD
  --prop:ntpserver=NTP-SERVER
  --prop:"network.ip0.VMware_Site_Recovery_Manager_Appliance"="VA IP" 
  --prop:"network.netprefix0.VMware_Site_Recovery_Manager_Appliance"="NETWORK PREFIX"
  --prop:"network.gateway.VMware_Site_Recovery_Manager_Appliance"="GATEWAY IP"
  --prop:"network.DNS.VMware_Site_Recovery_Manager_Appliance"="DNS SERVER 1, DNS SERVER 2"
  --prop:"network.searchpath.VMware_Site_Recovery_Manager_Appliance"="DNS SEARCH PATH - DOMAIN"
  --prop:"network.netmode.VMware_Site_Recovery_Manager_Appliance"='static'
  --ipAllocationPolicy="fixedPolicy"
  --prop:network.addrfamily.VMware_Site_Recovery_Manager_Appliance='ipv4'
  http://HOST/PATH/srm-va_OVF10.ovf 
  vi://VC_USERNAME:VC_PASSWORD@VC_ADDRESS/DATACENTER-NAME/host/CLUSTER-NAME/Resources/RESOURCE-POOL-NAME