Veeam Backup & Replication 10 [Archived]
Veeam RESTful API Reference
Related documents
Search
This is an archive version of the document. To get the most up-to-date information, see the current version.

SSL Encryption

Veeam Backup Enterprise Manager RESTful API is a self-hosted WCF service that can be run over the HTTP and HTTPS protocols:

  • For HTTPS protocol, port 9398 is used
  • For HTTP protocol, port 9399 is used (Starting from Veeam Backup Enterprise Manager 10, the HTTP protocol is deprecated as insecure.)

When Veeam Backup Enterprise Manager RESTful API is running over HTTPS, the communication between the client and the server is secured with the SSL protocol. For SSL connections, Veeam Backup Enterprise Manager RESTful API uses the same self-signed SSL certificate that is created for Veeam Backup Enterprise Manager during its installation.

By default, when Veeam Backup Enterprise Manager is installed, the SSL certificate is bound to the HTTPS port 9398.

Click the image to zoom out

To view the SSL certificate used for Veeam Backup Enterprise Manager RESTful API, enter the following command in the command line:

netsh http show sslcert ipport=0.0.0.0:9398

SSL Encryption 

If the existing SSL certificate expires, you need to update the SSL certificate with the netsh command. To learn more, see Updating SSL Certificate.

Updating SSL Certificate

If the existing SSL certificate expires, you need to bind a new certificate to the HTTPS port 9398.

To update the SSL certificate:

  1. On the server where Veeam Backup Enterprise Manager is installed, import the SSL certificate obtained from a Certification Authority (CA) with the Certificates snap-in for the computer account. For more information, see this and this articles of Microsoft Docs.

If you want to use a self-signed SSL certificate for Veeam Backup Enterprise Manager RESTful API, on the server where Veeam Backup Enterprise Manager is installed, create a new self-signed certificate with IIS Manager. For more information, see Microsoft Docs.

  1. Remove the expired SSL certificate with the following command:

netsh http delete sslcert ipport=0.0.0.0:9398

  1. Bind the new SSL certificate to the 9398 port and the RESTful API application ID. Use the following command:

netsh http add sslcert ipport=0.0.0.0:9398 certhash=string appid={73ec9393-95b6-4498-a845-9a0cb95306be}

where:

  • string — SHA hash of the new SSL certificate. You can view the certificate hash in the list of certificates in IIS Manager. To learn more, see Microsoft Docs.

For example:

netsh http add sslcert ipport=0.0.0.0:9398 certhash=df43bb1342654f1010b2ab31d682366df2e5697f appid={73ec9393-95b6-4498-a845-9a0cb95306be}

 

View all results across Veeam
Back to document search