There are several root certificates necessary for the Veeam Backup & Replication to operate correctly.
In most cases, these certificates are already installed on Microsoft Windows machines. Some Microsoft Windows installations do not contain needed root certificates authority as trusted root certificates, or have non-current certificates. This may happen on servers with locked down security settings, or servers with no internet access or if the latest updates are not installed.
Removal of these certificates from the backup server may limit the functionality of Veeam Backup & Replication or may cause it to fail.
Make sure the following root certificates are installed on the backup server:
- https://www.digicert.com/CACerts/DigiCertAssuredIDRootCA.crt (DigiCert Assured ID Root CA)
- http://secure.globalsign.com/cacert/gscodesigng3ocsp.crt (GlobalSign CodeSigning CA - G3)
- https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt (DigiCert High Assurance EV Root CA)
- https://www.digicert.com/CACerts/DigiCertEVCodeSigningCA-SHA2.crt (DigiCert EV Code Signing CA - SHA2)
- https://support.globalsign.com/customer/portal/articles/1426602-globalsign-root-certificates (install R1, R2, and R3 certificates)
If your backup server does not have internet access, download certificate files from another computer.