I recently got the privilege to work with Luke Huckaba @thephuck (the first H is silent, btw) building out his company’s SRM 5 deployment.
Their primary vCenter had a certificate that was an actual certificate generated by their security team and installed on the vCenter server. They were doing it the right way instead of the easy (and lazy) way most of us do it by using the server-signed certificate and clicking ignore every time we log in to vCenter until we click the install and ignore checkbox.
What Luke and I learned was there wasn’t a readily-available centralized step-by-step process to install the certificates that would make vCenter and SRM work properly. So we documented the steps and Luke recorded the installation and posted on his blog site here.
I’m going on a tangent here but – VMware please provide an earlier warning during the installation process that if the certificates don’t match on both vCenters and both SRM servers, you cannot pair the sites.
Right now, the only way to learn that you have certificates that won’t play together is to complete the installation on both the primary and recovery site and then try to pair the sites and get an error message that the sites cannot be paired.
Further, if you are installing vSphere Replication and the CA used to sign the .p12 certificate uses MD5, SRM server is ok with it, but the VRMS is not. The VRMS needs SHA1 to work.