Here is the quick and simple lowdown on how to create Self-Signed SSL Certificates for use in Hyper-V Replication. There is a great article on Technet which gives more background into this process – http://blogs.technet.com/b/virtualization/archive/2013/04/13/hyper-v-replica-certificate-based-authentication-makecert.aspx
You will need Makecert.EXE which can be found from http://msdn.microsoft.com/en-us/library/bfsktky3.aspx or here – http://msdn.microsoft.com/en-us/library/windows/desktop/aa386968(v=vs.85).aspx
On the First Server, in an elevated command prompt.
- Run makecert -pe -n “CN=FirstRootCA” -ss root -sr LocalMachine -sky signature -r “FirstRootCA.cer”
- Run makecert -pe -n “CN=[FQDN1]” -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in “FirstRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 FirstServer.cer
- Copy SecondRootCA.cer from Second Hyper-V
- Run certutil -addstore -f Root “SecondRootCA.cer”
- Run reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication” /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
On the Second Server, in an elevated command prompt.
- Run makecert -pe -n “CN=SecondRootCA” -ss root -sr LocalMachine -sky signature -r “SecondRootCA.cer”
- Run makecert -pe -n “CN=[FQDN2]” -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in “SecondRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 SecondServer.cer
- Copy FirstRootCA.cer from First Hyper-V
- Run certutil -addstore -f Root “FirstRootCA.cer”
- Run reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication” /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
Then you can use these certificates in Hyper-V replication. The steps to setting this up can be found here – http://blog.powerbiz.net.au/hyperv/hyper-v-replica-for-small-business/
Did anyone had problems with self signed cert’s in configuration where replication originate from server 2012 with Exchange 2013 on it to Hyper-V server free 2012. Using CredSS.
The command below fails with “Error: Too many parameters”
I have manually entered the command, not copy and paste
any ideas?
makecert -pe -n “CN=itm02.local” -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in “SecondRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 SecondServer.cer
replace the “ ” in the above text with proper “
Hi Rob Salmon,
I can see two LocalMachine can you remove one and check
use the below and this work for me
makecert -pe -n “CN=” -ss my -sky exchange -in “FirstRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 .cer