TLS Certificates

In this article

    When you configure the Veeam Backup & Replication infrastructure, you can specify what TLS certificate must be used to establish a secure connection from backup infrastructure components to the backup server. Veeam Backup & Replication offers the following options for TLS certificates:

    If you plan to use a certificate issued by your own Certificate Authority (CA), make sure that the certificate meets the requirements. For more information, see Using Certificate Signed by Internal CA.

    Important

    If you update the TLS certificate used on the backup server, you must also update info about the certificate on the following backup infrastructure components:

    • For AHV Backup proxies, pass through the Edit Nutanix Proxy wizard. To do this, in the Backup Infrastructure view, right-click a proxy and select Properties. In the wizard, click Finish. Also, restart the Veeam AHV Service.
    • For RHV Backup proxies, pass through the Edit Red Hat Virtualization Proxy wizard. To do this, in the Backup Infrastructure view, right-click a proxy and select Properties. In the wizard, click Finish.
    • For VMware clusters, pass through the I/O filter Management wizard as described in Installing I/O Filter.
    • For VMware CDP proxies, pass through the Edit VMware CDP Proxy wizard. To do this, in the Backup Infrastructure view, right-click a proxy and select Properties. In the wizard, click Finish.

    If you remove the old certificate from the Microsoft Windows certificate store, you must also reconfigure Veeam Agents added to the Computers with pre-installed agents protection group. To do this, repeat the configuration step of the Veeam Agent deployment scenario as described in the subsections of the  Deploying Veeam Agents Using Generated Setup Files section. Other protection groups will be automatically reconfigured during the next rescan operation.

    If you do not remove the old certificate from the Microsoft Windows certificate store, all protection groups will be automatically reconfigured the next time Veeam Agents connect to the backup server.