Configuring Web UI Certificate

When you configure Veeam Service Provider Console Web UI certificate, you can specify what TLS certificate must be used. Veeam Service Provider Console offers the following options:

Import an existing TLS certificate from the certificate store. This is the recommended option.
Keep the default self-signed TLS certificate generated by Veeam Service Provider Console during installation or upgrade.

Importing Certificate from Certificate Store

To establish a secure connection with client applications, a Veeam Service Provider Console Web UI certificate must be a multi-domain TLS certificate signed by a CA and located in the Microsoft Windows certificate store. The certificate must meet the following requirements:

The certificate subject is equal to the fully qualified domain name (FQDN) of the Veeam Service Provider Console server. For example: CN = vac.domain.local.
The Subject Alternative Name field must contain the FQDN of the Veeam Service Provider Console server (for example: DNS:vac.domain.local) and all FQDNs used to access Veeam Service Provider Console web portal, Reseller Portal and Client Portal. For details on Client Portal, see Guide for End Users. For details on Reseller Portal, see Guide for Resellers.

The minimum key size is 2048 bits. 4096 bits is recommended.

The following key usage extensions are enabled in the certificate: Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment.
The enhanced key usage must be Server Authentication (1.3.6.1.5.5.7.3.1).

Alternatively, you can configure multiple port bindings with multiple certificates in your IIS Manager. For details, see Microsoft Docs.

To import a certificate from the Microsoft Windows certificate store, do the following on the machine where Veeam Service Provider Console Web UI component is installed:

For details, see Accessing Veeam Service Provider Console.

At the top right corner of the Veeam Service Provider Console window, click Configuration.
In the configuration menu on the left, click Security.
Navigate to the Security Certificates tab.
At the top of the list, click Install > Web UI.
At the Pick Certificate step of the Manage Certificate window, select a certificate that you want to install and click Next.

Note:

Consider the following:

You can select only certificates that contain both a public key and a private key. Certificates without private keys are not displayed in the list.
The certificate must be installed in the Local Computer or Personal certificate store.
Make sure that an account used to install security certificates has access to private keys of the certificates.

At the Credentials step, specify credentials of a local administrator of a machine on which Veeam Service Provider Console Web UI runs.
At the Summary step, review the certificate settings and click Finish.
Log on as Administrator to the machine where Veeam Service Provider Console Web UI component is installed.
Open the Internet Information Services Manager.
Expand the Sites list and select Veeam Service Provider Console.
In the menu on the right, click Restart.
Refresh the Veeam Service Provider Console portal page.