Types of TLS Certificates

Veeam Backup & Replication can work with the following types of TLS certificates:

  • TLS certificate verified by a Certificate Authority (CA). If the SP already has a TLS certificate verified by a CA, the SP can import this TLS certificate and use it to establish a secure connection between Veeam Cloud Connect infrastructure components.
  • Self-signed certificates. If the SP does not have a TLS certificate verified by a CA, the SP can generate a self-signed TLS certificate with Veeam Backup & Replication. For TLS certificate generation, Veeam Backup & Replication employs the RSA Full cryptographic service provider by Microsoft Windows installed on the Veeam backup server.

The SP can also generate a self-signed certificate with any third-party solution and import it to Veeam Backup & Replication.


Consider the following:

  • For communication between the SP and tenants, Veeam Backup & Replication uses a separate TLS certificate from a certificate used for connection between the Veeam backup server and backup infrastructure components. Requirements for the Veeam backup server certificate do not apply to certificates in the Veeam Cloud Connect infrastructure. The SP can use a certificate issued by a third-party CA and intended for usage on a web server.
  • For more information on how to sign a certificate that the SP plans to use in the Veeam Cloud Connect infrastructure, see this web page.

Page updated 1/26/2024

Page content applies to build