This procedure is required in the following scenarios:
- If the vCenter server or RecoverPoint certificate has been changed to a self or CA signed, rather than a default one.
- If the plug-in server was unable to retrieve the default certificates automatically.
- When plug-in server deployment is failing with certificate errors
How to add RecoverPoint and vCenter certificates to a plug-in server:
- Add a self, or CA signed RecoverPoint certificate to the Plugin server:
- Ensure that the root user is enabled on-site control RPA.
- Log in to the Plugin Server from the vSphere Web Console.
- Download the RP Certificate to the Plugin Server.
scp root@{CLUSTER_IP}:/etc/kbox/ssl/rpa_web_server.crt /etc/pki/trust/anchors/
- Update the certificate management service on the Plugin Server by running the following command from within the vSphere Console:
update-ca-certificates
- Restart the Plugin Server, power it back on giving it roughly 2 minutes to orient itself. If done too early, internal errors and other communication issues appear in the HTML5 plug-in.
reboot
- After two minutes have passed with the Plugin Server being online, log back in to the RecoverPoint for Virtual Machine HTML5 Plugin to see if the Dashboard has been populated with cluster information.
- Add a self, or CA signed VC certificate to the plug-in:
- Log in to vRPA Plugin Server from the vSphere Web Console.
- Download the vCenter certificate .zip file using the command below.
curl -ko download.zip https://{VCENTER_IP}/certs/download.zip
- Extract the certificate files to the /etc/pki/trust/anchors directory. This also ignores the CRL files with the r* extension.
unzip -j download.zip "certs/lin/*" -x "*.r*" -d "/etc/pki/trust/anchors"
- Update the certificate management service on the Plugin Server by running the following command from within the vSphere Console:
update-ca-certificates
- Restart the Plugin Server, power it back on giving it roughly 2 minutes to orient itself. If done too early, internal errors and other communication issues appear in the HTML5 plug-in.
reboot
- After the 2 minutes have passed with the Plugin Server being online, log back in to the RecoverPoint for Virtual Machine HTML5 Plugin to see if the Dashboard has been populated with cluster information.
- Add vCenter certificate to RecoverPoint side:
- Manually add the new VC cert in base64 format (CA cert only) under Trusted Store of RPA.
- Log in into the admin menu.
- Go to Options.
[2] Setup > [8] Advanced options > [2] Security options > [2] Certificates management > [2] Truststore management > [2] Add trusted certificate
- Add the CA certificate to the trusted store of RPA.
You must open the certificate in a readable view and copy the whole certificate including:
-----BEGIN CERTIFICATE REQUEST-----
To
-----END CERTIFICATE REQUEST-----
Paste it in PuTTY then add a # in a new line and press Enter.
- Run the command from the RPA system CLI.
update_vcenter_server_registration -f