1 Connect to the vault and backup systems. For easiest configuration, connect to each from one browser using two tabs. The configuration procedure requires you to switch between the two systems.
2 On the vault, select Replication > Secure Tunnel Settings. Check the Show Steps for the Target System (the Server) box.
3 In the Create a Secure Tunnel Target section of the screen, review the default IP, subnet, and port 1194 settings. The IP and subnet are used to create the virtual VPN interface. Please ensure that there is no conflict in your environment with the default subnet selected by OpenVPN. If there is a conflict, enter your own values.
4 Click Create a Secure Tunnel Target to begin configuring the secure tunnel between the source and vault systems. A message displays stating that a secure tunnel target can only be established once. If you are ready to create the target, click Yes to continue.
5 Switch to the backup system and select Replication > Secure Tunnel Settings. In the Generate a Secure Tunnel Certificate Request section of the screen, check the Show Steps for the Source System (the Client) box.
6 Click Generate Request to generate a certificate request file. You are prompted to download and save the certificate request file. It has a .csr extension.
7 Switch to the vault system. In the Sign the Secure Tunnel Certificate Request section of the screen, provide the hostname of the backup system and click Sign Request. You are prompted for the certificate request (.csr) file saved in Step 6. When you sign the certificate, the vault system prompts you to save two files:
• A certificate file with a .crt extension. The file is named: <backup system hostname>.<vault hostname>.crt.
• A certificate authority file with a -ca.crt extension. The file is named: <vault hostname>-ca.crt.
Information about the vault hostname and configured OpenVPN port are provided after you save both files. Note this information, as it is required to complete the final step from the backup system.
8 Switch to the backup system, and perform the following:
• In the Configure the Secure Tunnel on the Source System section of the screen, enter the vault system’s hostname and the OpenVPN port you received in Step 7 above and click Complete Configuration.
• When prompted for a file, select the certificate authority file (<vault hostname>-ca.crt) and click Open.
• When prompted for the certificate file (<backup system hostname>.<vault hostname>.crt), select it and click Open.
• A message displays confirming successful secure tunnel configuration. Click Okay to exit. If configuration was not successful, click Complete Configuration and try again being sure you select the certificate authority file first.
9 Proceed to Granting privilege for legacy vault remote management to continue vaulting setup.