When installing an Zerto environment all components will be using by default self-signed certificates. For securing reasons they must be replaced by valid signed .CER (X509) SSL certificates. Zerto has an KB article KB1315 which described these steps, but at the moment the KB is not Zerto 7.5 compliant and results in an situation that the ZVM service won’t be able to start anymore.
In this article the correct procedure is explained and an workaround when following the wrong steps in KB1315.
Replacing self-signed certificate
Prerequisite is an valid CER (X509) SSL certificate which is converted to an .PFX (PKCS 12) SSL file.
For replacing the certificate files and forcing the Zerto services for using the certificate password you need the so called TweaksEditor tool. Currently the TweaksEditor tool isn’t public available within the Zerto download portal so you must open an case an request the tool.
With previous version editing the tweaks.txt file was enough to get the Zerto service working with the new certificate, but since 7.5 the outcome will be that the Zerto Virtual Manager service won’t start anymore.
Open the Zerto installation path and create copies of the current used .pfx files.
Start TweaksEditor.exe and create a new rule.
- Tweak name t_httpsZvmCertificateFilePassword
- Tweak value SSL pfx password
Workaround if ZVM service won’t start
If you followed the steps as described in KB1315 the Zerto Virtual Manager service won’t be able to start anymore.
The standard procedure by Zerto support is creating an new self-signed certificate with the steps as described in KB2464.
But with these steps you get your ZVM up and running much quicker.
Copy the following .pfx files from an working Zerto Virtual Manager.
And replace the local .pfx files in the Zerto installation folder. Default path;
- C:\Program Files\Zerto\Zerto Virtual Replication
Start the ZertoZvm and wait for several minutes. Open the ZVM webGUI https://[zvmhost]:9669/zvm#/login
If the ZVM is working fine again follow the above steps for replacing the self-signed SSL certificate.
718 total views, 9 views today