Help Center
Choose product document...
Veeam Backup & Replication 9.5
RESTful API Reference

SSL Encryption

Veeam Backup Enterprise Manager RESTful API is a self-hosted WCF service that can be run over the HTTP and HTTPS protocols:

  • For HTTP protocol, port 9399 is used
  • For HTTPS protocol, port 9398 is used

When Veeam Backup Enterprise Manager RESTful API is running over HTTPS, the communication between the client and the server is secured with the SSL protocol. For SSL connections, Veeam Backup Enterprise Manager RESTful API uses the same self-signed SSL certificate that is created for Veeam Backup Enterprise Manager during its installation.

By default, when Veeam Backup Enterprise Manager is installed, the SSL certificate is bind to the HTTPS port 9398.

Click the image to zoom out

To view the SSL certificate used for Veeam Backup Enterprise Manager RESTful API, enter the following command in the command line:

netsh http show sslcert ipport=0.0.0.0:9398

SSL Encryption 

If the existing SSL certificate expires, you need to update the SSL certificate with the netsh command. To learn more, see Updating SSL Certificate.

Updating SSL Certificate

If the existing SSL certificate expires, you need to bind the new certificate to the HTTPS port 9398.

To update the SSL certificate:

  1. On the server where Veeam Backup Enterprise Manager is installed, import the SSL certificate obtained from a Certification Authority (CA) with the Certificates snap-in for the computer account. To learn more, see the following links:

If you want to use a self-signed SSL certificate for Veeam Backup Enterprise Manager RESTful API, on the server where Veeam Backup Enterprise Manager is installed, create the new self-signed certificate with IIS Manager. To learn more, see https://technet.microsoft.com/en-us/library/cc753127.aspx.

  1. Remove the expired SSL certificate with the following command:

netsh http delete sslcert ipport=0.0.0.0:9398

  1. Bind the SSL certificate that you have imported or created at the step 1 to the HTTPS port 9398. Use the following command:

netsh http add sslcert ipport=0.0.0.0:9398 certhash=string appid=GUID

where:

  • string — SHA hash of the new SSL certificate. You can view the certificate hash in the list of certificates in IIS Manager. To learn more, see https://technet.microsoft.com/en-us/library/cc731676.aspx.
  • GUID — ID of the application that uses the SSL certificate. It is recommended that you specify for the new certificate the same Application ID as in the expired certificate. This may be helpful to identify the certificate binding later.

For example:

netsh http add sslcert ipport=0.0.0.0:9398 certhash=df43bb1342654f1010b2ab31d682366df2e5697f appid={73ec9393-95b6-4498-a845-9a0cb95306be}

 

Veeam Large Logo

User Guide for VMware vSphere

User Guide for Microsoft Hyper-V

Enterprise Manager User Guide

Veeam Cloud Connect Guide

Veeam Backup Explorers User Guide

PowerShell Reference

RESTful API Reference

Veeam Backup FREE Edition User Guide

Veeam Backup for Microsoft Office 365

Veeam ONE Documentation

Veeam Endpoint Backup Documentation

Veeam Management Pack Documentation