Generating Self-Signed Certificates
You can use Veeam Backup & Replication to generate a self-signed certificate for authenticating parties in the Veeam Backup & Replication infrastructure.
To generate TLS certificates, Veeam Backup & Replication employs the RSA Full cryptographic service provider by Microsoft Windows installed on the backup server. The created TLS certificate is saved to the Shared certificate store. The following types of users can access the generated TLS certificate:
- User who created the TLS certificate
- LocalSystem user account
- Local Administrators group
If you use a self-signed TLS certificate generated by Veeam Backup & Replication, you do not need to take additional actions to deploy the TLS certificate on a protected computer. When Veeam Backup & Replication discovers a protected computer, a matching TLS certificate with a public key is installed on the protected computer automatically. During discovery, Veeam Installer Service deployed on the protected computer retrieves the TLS certificate with a public key from the backup server and installs a TLS certificate with a public key on the protected computer.
If you update the TLS certificate and use Continuous Data Protection (CDP), you must also update info about the used certificate on the backup infrastructure components used for CDP as described in TLS Certificates.
When you generate a self-signed TLS certificate with Veeam Backup & Replication, you cannot include several aliases to the certificate and specify a custom value in the Subject field. The Subject field value is taken from the Veeam Backup & Replication license installed on the Veeam backup server.
To generate a self-signed TLS certificate:
- From the main menu, select General Options.
- Click the Security tab.
- In the Security tab, click Install.
- At the Certificate Type step of the wizard, select Generate new certificate.
- At the Generate Certificate step of the wizard, specify a friendly name for the created self-signed TLS certificate.
- At the Summary step of the wizard, review the certificate properties. Use the Copy to clipboard link to copy and save information about the generated TLS certificate. You will be able to use the copied information to verify the TLS certificate with the certificate thumbprint.
- Click Finish. Veeam Backup & Replication will save the generated certificate in the Shared certificate store on the Veeam backup server.