To ensure a secure data communication between its infrastructure components, Veeam Availability Console requires a TLS certificate. The certificate is initially installed on the Veeam Cloud Connect server, and in the course of deployment is exported and installed on the machine that hosts Veeam Availability Console (or the Veeam Availability Console Server component in the distributed deployment scenario).
When you install a Veeam Availability Console management agent manually or using GPO, you can provide the certificate thumbprint in the agent configuration settings. The thumbprint is aimed to validate the certificate that is installed on the Veeam Availability Console machine.
At some stage, you may need to change the certificate on the Veeam Cloud Connect server. After you install a new certificate in Veeam Cloud Connect, it will be automatically exported and installed on the Veeam Availability Console server, so you do not need to change it there manually. However, if you previously specified a certificate thumbprint in the management agent configuration settings, you must update this thumbprint.
There are two ways to update the certificate thumbprint:
You can manually update the certificate thumbprint in the Veeam Availability Console management agent settings:
- Log on to a client computer that runs a Veeam Availability Console management agent.
This can be a computer where Veeam backup agent is deployed, a computer that hosts a master agent, or a Veeam Backup Enterprise Manager server.
- In the icon tray, right-click the Veeam Availability Console management agent icon and choose Agent Settings.
- Click the Validate Security Certificate link.
- In the Paste certificate thumbprint for verification field, paste the thumbprint of the new certificate.
- Click Verify to verify the certificate.
- Click Save.
- Click Close.
If you need to update the certificate thumbprint for a group of client computers, you can automate this procedure with GPO.
If you previously deployed Veeam Availability Console management agents using GPO, you can redeploy them with updated settings:
- Update the MST file with the management agent configuration settings. Make sure you specify a new certificate thumbprint in the configuration settings.
For details, see Step 1.2. Create MST Configuration File.
- Redeploy the management agents:
- Log on to a domain controller.
- Open the Group Policy Management Console.
- Find the Group Policy Object that you used to deploy the management agents, right-click it and choose Edit.
- In the left pane of the Group Policy Management Editor, expand Computer Configuration > Software Settings.
- Right-click Software Installation and select All Tasks > Redeploy application.
If you deployed Veeam Availability Console management agents manually, you can create a new Group Policy as described in Step 1. Deploy Management Agents Using Group Policy. When you apply this group policy to client computers, it will reinstall management agents with the updated certificate thumbprint.