Recently I installed site recovery manager SRM version 8.2 for one of our customers where there is a requirement for all solutions to use a custom certificate signed by their internal CA authority.
While installing SRM, I came into one issue where SRM didn’t seem to accept the PFX certificate signed for the SRM server. Below was the error that appeared when I tried to upload the certificate:
Failed to validate certificate.
Details:
Certificate host name mismatch. Please verify that:
The certificate’s Subject Alternative Name contains a DNS name that matches the provided Site Recovery Manager host name.
If there are no DNS entries, the certificate’s Subject Alternative Name contains the IP address that matches the provided Site Recovery Manager host IP.
If there is no Subject Alternative Name in the certificate, the certificate’s Subject Common Name field must match the provided Site Recovery Manager host name or IP.
Although the certificate is right and it contains the short and FQDN names of the SRM server, I still have the same issue. Below you can find the CFG file that I used to prepare the CSR file sent to the security team to use when signing the certificate.
After a lot of troubleshooting and checking, it seems that the trick to resolve this issue is during the SRM installation phase.
To solve the issue, just uninstall SRM leaving the database. By default, SRM uses the IP address of the SRM server as an entry for the local host field. When you go through the SRM installation, ensure that you enter the FQDN for SRM rather than the IP for the local host entry.
You can now proceed with the installation and choose to use your custom PKCS#12 certificate and it will work as expected.
Hope that this post can save time for others experiencing the same issue.
Thanks for reading,
Mohamad Alhussein