Veeam Backup & Replication 9.0 [Archived]
RESTful API Reference
Related documents
Search
This is an archive version of the document. To get the most up-to-date information, see the current version.

SSL Encryption

In this article

    Veeam Backup Enterprise Manager RESTful API is a self-hosted WCF service that can be run over the HTTP and HTTPS protocols:

    • For HTTP protocol, port 9399 is used
    • For HTTPS protocol, port 9398 is used

    When Veeam Backup Enterprise Manager RESTful API is running over HTTPS, the communication between the client and the server is secured with the SSL protocol. For SSL connections, Veeam Backup Enterprise Manager RESTful API uses the same self-signed SSL certificate that is created for Veeam Backup Enterprise Manager during its installation.

    By default, when Veeam Backup Enterprise Manager is installed, the SSL certificate is bind to the HTTPS port 9398.

    Click the image to zoom out

    To view the SSL certificate used for Veeam Backup Enterprise Manager RESTful API, enter the following command in the command line:

    netsh http show sslcert ipport=0.0.0.0:9398

    SSL Encryption 

    If the existing SSL certificate expires, you need to update the SSL certificate with the netsh command. To learn more, see Updating SSL Certificate.

    Updating SSL Certificate

    If the existing SSL certificate expires, you need to bind the new certificate to the HTTPS port 9398.

    To update the SSL certificate:

    1. On the server where Veeam Backup Enterprise Manager is installed, import the SSL certificate obtained from a Certification Authority (CA) with the Certificates snap-in for the computer account. To learn more, see the following links:

    If you want to use a self-signed SSL certificate for Veeam Backup Enterprise Manager RESTful API, on the server where Veeam Backup Enterprise Manager is installed, create the new self-signed certificate with IIS Manager. To learn more, see https://technet.microsoft.com/en-us/library/cc753127.aspx.

    1. Remove the expired SSL certificate with the following command:

    netsh http delete sslcert ipport=0.0.0.0:9398

    1. Bind the SSL certificate that you have imported or created at the step 1 to the HTTPS port 9398. Use the following command:

    netsh http add sslcert ipport=0.0.0.0:9398 certhash=string appid=GUID

    where:

    • string — SHA hash of the new SSL certificate. You can view the certificate hash in the list of certificates in IIS Manager. To learn more, see https://technet.microsoft.com/en-us/library/cc731676.aspx.
    • GUID — ID of the application that uses the SSL certificate. It is recommended that you specify for the new certificate the same Application ID as in the expired certificate. This may be helpful to identify the certificate binding later.

    For example:

    netsh http add sslcert ipport=0.0.0.0:9398 certhash=df43bb1342654f1010b2ab31d682366df2e5697f appid={73ec9393-95b6-4498-a845-9a0cb95306be}

    View all results across Veeam
    Back to document search