When you configure the Veeam Agent management infrastructure in Veeam Backup & Replication, you can specify what TLS certificate Veeam Backup & Replication will use to establish a secure connection between the backup server and protected computers. By default, Veeam Backup & Replication offers the following security settings for testing and evaluation purposes:
- To establish a secure connection between parties, Veeam Backup & Replication uses the default self-signed certificate.
- Veeam Backup & Replication allows all computers that run a Linux OS to establish a connection to the backup server.
You can change security settings if needed, for example, in case security regulations of your organization require usage of a custom certificate and/or verification of Linux host fingerprints.
To specify the security settings, do the following:
- From the main menu, select General Options.
- Click the Security tab.
- In the Certificate section, check information about the currently used certificate. By default, Veeam Backup & Replication uses a self-signed TLS certificate generated during the Veeam Backup & Replication installation process. If you want to use a custom certificate, click Install and specify a new certificate. To learn more, see Managing TLS Certificates.
- In the Linux hosts authentication section, specify how Veeam Backup & Replication will add Linux-based protected computers to the list of trusted hosts. You can select one of the following options:
- Add all discovered hosts to the list automatically — with this option enabled, Veeam Backup & Replication allows all discovered computers that run a Linux OS to connect to the backup server. This scenario is recommended for demo environments only.
- Add unknown hosts to the list manually — with this option enabled, only the following Linux-based computers can connect to the backup server:
- Protected computers that have already established a connection to the backup server and have their fingerprints stored in the Veeam Backup & Replication database. Veeam Backup & Replication displays the number of such computers in the Trusted hosts field. You can export the list of trusted Linux computers to a known_hosts file. To do this, click Export and specify a path to the folder to save the file.
- Protected computers specified in the known_hosts file imported to Veeam Backup & Replication. To import a known_hosts file, click Import and specify a path to the folder where the file resides.
- Protected computers added to the list of trusted hosts in the Veeam Backup & Replication console. To learn more, see Adding Computers to Trusted Hosts List.
- Click OK.