KMS Certificates
The KMS server certificate must meet the following requirements:
- The Subject extension must be equal to the fully qualified domain name (FQDN) of the KMS server. For example: kms.domain.local.
- The server certificate must have valid CRL distribution points specified in the CRL Distribution Points extension.
- If the Veeam Backup & Replication server does not trust the Certificate Authority (CA) of the server certificate, it should be added to the Trusted Root Certification Authority store.
The client certificate issued by the KMS administrator for Veeam Backup & Replication must be exportable.