vSphere Replication & Self Signed Certificates

This week I noticed that vSphere Replication had stopped working on both primary and secondary sites. I logged into the VAMI for both vSphere Replication appliances and noticed that the self signed certificates for had both expired. Closer inspection showed that on a default installation, the self signed certificates are only valid for 1 year.

To determine when the certificate expires, navigate to VR > security on the VAMI:





The resolution in the official VMware documentation explains that you just need to regenerate the certificate and restart the services:

  • VR > Configuration
  • Input the password for the SSO administrator account
  • Scroll to SSL Certificate Policy
  • “Generate and Install” This will generate a new self-signed certificate.
  • “Save and restart Service”

However I found that although the certificate has been replaces, the vSphere Replication services would keep going offline and in the vSphere client it would not show vSphere Replication as enabled.  A reboot did not fix the problem.

I finally found that powering off and then powering back on the appliances would fix the problem.

An SR with VMware explained that usually a simple restart of the services via the VAMI would resolve the problem but in some cases a full power off and power on is required. I suspect that this is due to the appliance being deployed from an OVF and certain key configuration only being updated and read on cold boot.


Leave a Response

This site uses Akismet to reduce spam. Learn how your comment data is processed.