RecoverPoint for VMs: How to update Certificates in RecoverPoint for VMs environments

This procedure is required in the following scenarios:

• If the vCenter server or RecoverPoint certificate has been changed to a self or CA signed, rather than a default one.
• If the plug-in server was unable to retrieve the default certificates automatically.
• When plug-in server deployment is failing with certificate errors

How to add RecoverPoint and vCenter certificates to a plug-in server:

1. Add a self, or CA signed RecoverPoint certificate to the Plug-in server:
   1. Ensure that the root user is enabled on-site control RecoverPoint Appliance (RPA).
   2. Log in to the Plug-in Server from the vSphere Web Console.
   3. Download the RecoverPoint Certificate to the Plug-in Server.
      scp root@{CLUSTER_IP}:/etc/kbox/ssl/rpa_web_server.crt /etc/pki/trust/anchors/
   4. Update the certificate management service on the Plug-in Server by running the following command from within the vSphere Console:
      update-ca-certificates
   5. Restart the Plug-in Server, power it back on giving it roughly 2 minutes to orient itself. If done too early, internal errors and other communication issues appear in the HTML5 plug-in.
      reboot
   6. After two minutes have passed with the Plug-in Server being online, log back in to the RecoverPoint for Virtual Machine HTML5 Plug-in to see if the Dashboard has been populated with cluster information.

• Add a self, or CA signed vCenter certificate to the plug-in:
  1. Log in to the RecoverPoint Plug-in Server from the vSphere Web Console.
  2. Download the vCenter certificate .zip file using the command below.
     curl -ko download.zip https://{VCENTER_IP}/certs/download.zip
  3. Extract the certificate files to the /etc/pki/trust/anchors directory. This also ignores the CRL files with the r* extension.
     unzip -j download.zip "certs/lin/*" -x "*.r*" -d "/etc/pki/trust/anchors"
  4. Update the certificate management service on the Plug-in Server by running the following command from within the vSphere Console:
     update-ca-certificates
  5. Restart the Plug-in Server, power it back on giving it roughly 2 minutes to orient itself. If done too early, internal errors and other communication issues appear in the HTML5 plug-in.
     reboot
  6. After the 2 minutes, log back in to the RecoverPoint for Virtual Machine HTML5 Plug-in to see if the Dashboard has been populated with cluster information.
• Add vCenter certificate to RecoverPoint side:
  1. Manually add the new vCenter cert in base64 format (CA cert only) under Trusted Store of RecoverPoint Appliance(RPA).
  2. Log in into the admin menu.
  3. Go to Options.
     [2] Setup > [8] Advanced options > [2] Security options > [2] Certificates management > [2] Truststore management > [2] Add trusted certificate
  4. Add the CA certificate to the trusted store of RecoverPoint Appliance(RPA).
     You must open the certificate in a readable view and copy the whole certificate including:
     -----BEGIN CERTIFICATE REQUEST-----
To
-----END CERTIFICATE REQUEST-----
     Paste it in PuTTY then add a # in a new line and press Enter.
  5. Run the command from the RecoverPoint system CLI.
     update_vcenter_server_registration -f