During installation SRM with custom certificate you can get an error:
SRM certificate must meet the following criteria (following VMware site):
The certificates used by the members of an SRM server pair (a protected site and a recovery site) must have a Subject Name value that is the same on both sites.
- A Common Name (CN) attribute, whose value must be the same for both members of the pair. I always use "SRM".
- An Organization (O) attribute, whose value must be the same as the value of this attribute in the supporting vCenter Server’s certificate.
- An Organizational Unit (OU) attribute, whose value must be the same as the value of this attribute in the supporting vCenter Server’s certificate.
- All OU values for vCenter and SRM certificates must match, this ensures it is compatible with the existing OUs in the environment.
It looks like SRM certificates for each site must be the same... NO! The only one difference is Subject Alternative Name which should be diffrent for each site and you have to add FQDN of SRM machine to the certificate.
How to add Subject Alternative Name to the Microsoft certificate, please follow the link: http://support.microsoft.com/kb/931351
Note: A good practice is to add a FQDN name during the SRM installation:
If you choose an IP address, you have add also IP address to the Subject Alternative Name of SRM Certificate.