PowerBiz Solutions

Resources for Small Business

How to create Self-Signed Certificates for Hyper-V Replication

Here is the quick and simple lowdown on how to create Self-Signed SSL Certificates for use in Hyper-V Replication. There is a great article on Technet which gives more background into this process – http://blogs.technet.com/b/virtualization/archive/2013/04/13/hyper-v-replica-certificate-based-authentication-makecert.aspx

You will need Makecert.EXE which can be found from http://msdn.microsoft.com/en-us/library/bfsktky3.aspx or here – http://msdn.microsoft.com/en-us/library/windows/desktop/aa386968(v=vs.85).aspx

On the First Server, in an elevated command prompt.

  1. Run makecert -pe -n “CN=FirstRootCA” -ss root -sr LocalMachine -sky signature -r “FirstRootCA.cer”
  2. Run makecert -pe -n “CN=[FQDN1]” -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in “FirstRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 FirstServer.cer
  3. Copy SecondRootCA.cer from Second Hyper-V
  4. Run certutil -addstore -f Root “SecondRootCA.cer”
  5. Run reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication” /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

On the Second Server, in an elevated command prompt.

  1. Run makecert -pe -n “CN=SecondRootCA” -ss root -sr LocalMachine -sky signature -r “SecondRootCA.cer”
  2. Run makecert -pe -n “CN=[FQDN2]” -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in “SecondRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 SecondServer.cer
  3. Copy FirstRootCA.cer from First Hyper-V
  4. Run certutil -addstore -f Root “FirstRootCA.cer”
  5. Run reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication” /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

Then you can use these certificates in Hyper-V replication. The steps to setting this up can be found here – http://blog.powerbiz.net.au/hyperv/hyper-v-replica-for-small-business/

This entry was posted in HyperV. Bookmark the permalink.

2 Responses to How to create Self-Signed Certificates for Hyper-V Replication

  1. Pingback: Set up two standalone Hyper-V 2012R2 servers as replication partners » andreasmaki.net

  2. Aca Vrh

    Did anyone had problems with self signed cert’s in configuration where replication originate from server 2012 with Exchange 2013 on it to Hyper-V server free 2012. Using CredSS.

Leave a Comment

Your email address will not be published. Required fields are marked *


one × = 7

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>