When installing an Zerto environment all components will be using by default self-signed certificates. For securing reasons they must be replaced by valid signed .CER (X509) SSL certificates. Zerto has an KB article KB1315 which described these steps, but at the moment the KB is not Zerto 7.5 compliant and results in an situation that the ZVM service won’t be able to start anymore.
In this article the correct procedure is explained and an workaround when following the wrong steps in KB1315.
[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.2.2″][et_pb_row _builder_version=”4.2.2″][et_pb_column _builder_version=”4.2.2″ type=”4_4″][et_pb_text _builder_version=”4.2.2″ hover_enabled=”0″]Replacing self-signed certificate
[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.2.2″ column_structure=”1_2,1_2″][et_pb_column _builder_version=”4.2.2″ type=”1_2″][et_pb_text _builder_version=”4.2.2″ hover_enabled=”0″]0.
Prerequisite is an valid CER (X509) SSL certificate which is converted to an .PFX (PKCS 12) SSL file.
For replacing the certificate files and forcing the Zerto services for using the certificate password you need the so called TweaksEditor tool. Currently the TweaksEditor tool isn’t public available within the Zerto download portal so you must open an case an request the tool.
With previous version editing the tweaks.txt file was enough to get the Zerto service working with the new certificate, but since 7.5 the outcome will be that the Zerto Virtual Manager service won’t start anymore.
[/et_pb_text][et_pb_text _builder_version=”4.2.2″ hover_enabled=”0″]1.
Open the Zerto installation path and create copies of the current used .pfx files.
- zvm.pfx
- zvmHttpsCert.pfx
- zvmPortalHttpsCert.pfx
2.
Start TweaksEditor.exe and create a new rule.
[/et_pb_text][/et_pb_column][et_pb_column _builder_version=”4.2.2″ type=”1_2″][et_pb_image src=”https://www.vblog.nl/wp-content/uploads/2020/02/01.jpg” _builder_version=”4.2.2″ hover_enabled=”0″ show_in_lightbox=”on” align=”right” box_shadow_style=”preset1″][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.2.2″ column_structure=”1_2,1_2″][et_pb_column _builder_version=”4.2.2″ type=”1_2″][et_pb_text _builder_version=”4.2.2″ hover_enabled=”0″]3.
Start TweaksEditor.exe and create a new rule.
- Tweak name t_httpsZvmCertificateFilePassword
- Tweak value SSL pfx password
4.
Follow the steps as described in KB1315 .
Only skip the manual editting in tweaks.txt or else the ZVM service won’t start anymore!
Workaround if ZVM service won’t start
[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.2.2″ column_structure=”1_2,1_2″][et_pb_column _builder_version=”4.2.2″ type=”1_2″][et_pb_text _builder_version=”4.2.2″ hover_enabled=”0″]0.
If you followed the steps as described in KB1315 the Zerto Virtual Manager service won’t be able to start anymore.
The standard procedure by Zerto support is creating an new self-signed certificate with the steps as described in KB2464.
But with these steps you get your ZVM up and running much quicker.
[/et_pb_text][/et_pb_column][et_pb_column _builder_version=”4.2.2″ type=”1_2″][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.2.2″ column_structure=”1_2,1_2″ hover_enabled=”0″][et_pb_column _builder_version=”4.2.2″ type=”1_2″][et_pb_text _builder_version=”4.2.2″ hover_enabled=”0″]1.
Copy the following .pfx files from an working Zerto Virtual Manager.
- zvm.pfx
- zvmHttpsCert.pfx
- zvmPortalHttpsCert.pfx
And replace the local .pfx files in the Zerto installation folder. Default path;
- C:\Program Files\Zerto\Zerto Virtual Replication
[/et_pb_text][/et_pb_column][et_pb_column _builder_version=”4.2.2″ type=”1_2″][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.2.2″ column_structure=”1_2,1_2″][et_pb_column _builder_version=”4.2.2″ type=”1_2″][et_pb_text _builder_version=”4.2.2″ hover_enabled=”0″]
2.
Start the Zerto Diagnostic Tool and reconfigure the Zerto Virtual Manager.
[/et_pb_text][/et_pb_column][et_pb_column _builder_version=”4.2.2″ type=”1_2″][et_pb_image src=”https://www.vblog.nl/wp-content/uploads/2020/02/03.jpg” _builder_version=”4.2.2″ hover_enabled=”0″ show_in_lightbox=”on” align=”right” box_shadow_style=”preset1″][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.2.2″ column_structure=”1_2,1_2″][et_pb_column _builder_version=”4.2.2″ type=”1_2″][et_pb_text _builder_version=”4.2.2″ hover_enabled=”0″]
3.
Select replace SSL and select the copied .pfx file and add the correct password.
[/et_pb_text][/et_pb_column][et_pb_column _builder_version=”4.2.2″ type=”1_2″][et_pb_image src=”https://www.vblog.nl/wp-content/uploads/2020/02/04.jpg” _builder_version=”4.2.2″ hover_enabled=”0″ show_in_lightbox=”on” align=”right” box_shadow_style=”preset1″][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.2.2″ column_structure=”1_2,1_2″ hover_enabled=”0″][et_pb_column _builder_version=”4.2.2″ type=”1_2″][et_pb_text _builder_version=”4.2.2″ hover_enabled=”0″]
4.
Start the ZertoZvm and wait for several minutes. Open the ZVM webGUI https://[zvmhost]:9669/zvm#/login
If the ZVM is working fine again follow the above steps for replacing the self-signed SSL certificate.
[/et_pb_text][/et_pb_column][et_pb_column _builder_version=”4.2.2″ type=”1_2″][/et_pb_column][/et_pb_row][/et_pb_section]