Veeam ONE 12
Deployment Guide
Related documents
Search

Appendix C. Veeam ONE Certificates

If you want to use a certificate signed by your own Certification Authority (CA), consider the following:

  • Make sure that Veeam ONE server trusts the CA. That means that the Certification Authority certificate must be added to the Trusted Root Certification Authority store on the Veeam ONE server. Also, Certificate Revocation List (CRL) must be accessible from the Veeam ONE server.
  • If you use Windows Server Certification Authority, issue a Veeam ONE certificate based on the built-in Subordinate Certification Authority template or templates similar to it. You can manage templates with the Certificate Templates MMC snap-in.

Veeam ONE Website Certificate Requirements

  • The certificate subject is equal to the fully qualified domain name of the Veeam ONE server. For example: oneserver.domain.local.
  • The Subject Alternative Name field contains both the FQDN and the NetBIOS name. You can add multiple DNS entries in the following format: DNS:oneserver.domain.local,DNS:oneserver.
  • The minimum key size is 2048 bits.
  • The key usage is Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment.
  • The enhanced key usage is Server Authentication (1.3.6.1.5.5.7.3.1).

Veeam ONE Web API Certificate Requirements

  • The certificate subject is equal to the fully qualified domain name of the Veeam ONE server. For example: oneserver.domain.local.
  • The Subject Alternative Name field contains the FQDN, NetBIOS and localhost name. You can add multiple DNS entries in the following format: DNS:oneserver.domain.local,DNS:oneserver,DNS:localhost.
  • The minimum key size is 2048 bits.
  • The key usage is Digital Signature, Non-Repudiation.
  • The enhanced key usage is Server Authentication (1.3.6.1.5.5.7.3.1).
View all results across Veeam
Back to document search