You can use Veeam Backup & Replication to generate a self-signed certificate for authenticating parties in the Veeam Cloud Connect infrastructure.
To generate TLS certificates, Veeam Backup & Replication employs the RSA Full cryptographic service provider by Microsoft Windows installed on the Veeam backup server. The created TLS certificate is saved to the Shared certificate store. The following types of users can access the generated TLS certificate:
- User who created the TLS certificate
- LocalSystem user account
- Local Administrators group
If you use a self-signed TLS certificate generated by Veeam Backup & Replication, you do not need to take any additional actions to deploy the TLS certificate on tenants' side. When the tenant adds the SP to Veeam Backup & Replication, a matching TLS certificate with a public key is installed on tenant's Veeam backup server automatically. During the procedure of SP adding, Veeam Backup & Replication retrieves the TLS certificate with a public key from the SP Veeam backup server and saves this TLS certificate to the Veeam Backup & Replication database used by tenant's Veeam backup server. Veeam Backup & Replication gets the saved TLS certificate from the database when needed.
When you generate a self-signed TLS certificate with Veeam Backup & Replication, you cannot include several aliases to the certificate and specify a custom value in the Subject field. The Subject field value is taken from the Veeam Backup & Replication license installed on the Veeam backup server.
To generate a self-signed TLS certificate:
- Open the Cloud Connect view.
- Click the Cloud Connect node in the inventory pane and click Manage Certificates in the working area. You can also right-click the Cloud Connect node in the inventory pane and select Manage certificates.
- At the Certificate Type step of the wizard, select Generate new certificate.
- At the Generate Certificate step of the wizard, specify a friendly name for the created self-signed TLS certificate.
- At the Summary step of the wizard, review the certificate properties. Use the Copy to clipboard link to copy and save information about the generated TLS certificate. You can send the copied information to your tenants so that they can verify the TLS certificate with the certificate thumbprint.
- Click Finish. Veeam Backup & Replication will save the generated certificate in the Shared certificate store on the Veeam backup server.