Using a self signed certificate for replication Hyper-V

Look for the UTG here and on Appendix C you will find how to generate a self signed certificate. Although that is a lot of help, the real important part is the command you need to execute in order to have Hyper-V not check for the CRL of the certificate (revocation, etc that is provided when you use a CA).

Quick Summary:

  1. Create a Self Signed Certificate Authority (if that makes any sense):
    makecert -pe -n “CN=PrimarySampleRootCA” -ss root -sr LocalMachine -sky signature -r “PrimarySampleRootCA.cer”
  2. Create a Self Signed Certificate using the CA crated above:
    makecert -pe -n “CN=ServerName.domain.local” -ss my -sr LocalMachine -sky exchange -eku, -in “PrimarySampleRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 PrimarySampleCert.cer
  3. Do the same for the destination failover replica server (create a self signed CA and Certificate)
  4. Add the Self Signed CAs you created to the trusted roots of the servers that are going to connect to that host using this command:
    certutil -addstore -f  Root “PrimarySampleRootCA.cer”
  5. V. Disable the certificate revocation check in PowerShell:
    reg add "HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
  6. Enjoy!



  1. Validate using certutil
  2. After the certificate is installed, run the following command from the command prompt on both the primary and replica server:
    certutil –store my
  3. At least one of the certificates in your output should resemble the following sample output such that the Encryption test (not just Signature) has passed.

Была ли эта статья полезной?
Пользователи, считающие этот материал полезным: 0 из 0
Еще есть вопросы? Отправить запрос

0 Комментарии

Войдите в службу, чтобы оставить комментарий.
На базе технологии Zendesk