Site Recovery Manager uses TLS certificates and private keys to protect network communication and securely establish authentication with other servers.

CA certificate or private key or both

Location and Description

TLS certificate and key for Site Recovery Manager Server endpoint

Windows Certificate Store and in the installation_folder\VMware\VMware vCenter Site Recovery Manager\bin\SRM_Server_IP_addressca.p12 file.

Site Recovery Manager generates the certificate if you do not provide a custom certificate during the installation.

TLS certificate and key for solution user created during Site Recovery Manager installation

installation_folder\VMware\VMware vCenter Site Recovery Manager\bin\SRM_Server_IP_addresssu.p12 file.

TLS certificate and key for solution user on the remote site

installation_folder\VMware\VMware vCenter Site Recovery Manager\bin\extension-s.p12 file or \VMware\VMware vCenter Site Recovery Manager\bin\extension-p.p12 file.

Site Recovery Manager creates the files during the pairing process.

CA certificate for Site Recovery Manager Server and TLS certificate

installation_folder\VMware\VMware vCenter Site Recovery Manager\bin\SRM_Server_IP_addressca.p7b file.

Site Recovery Manager generates the certificate if you do not provide a custom certificate during the installation.

You can import the certificate into a client trust keystore to allow users to implicitly trust the Site Recovery Manager Server certificate.

Important

Configure access control lists to restrict the access to the .p12 files as appropriate for your environment.

Note

Do not modify, delete, or move the .p12 files.

Note

Do not extract or share private key information to protect your Site Recovery Manager instance.

For more information about the Site Recovery Manager authentication mechanisms, see the Site Recovery Manager Authentication topic in the Site Recovery Manager Installation and Configuration Guide.