Installing Security Certificates

Veeam Service Provider Console requires security certificates installed on the following components:

• Veeam Service Provider Console server. This certificate is used to establish secure connection with Veeam Service Provider Console management agents installed on managed Veeam Backup & Replication servers and computers running Veeam backup agents.

By default, this certificate is installed in the Veeam Service Provider Console Setup wizard. You can change Veeam Service Provider Console server certificate in Veeam Service Provider Console. For details, see Changing Veeam Service Provider Console Server Certificate.

• Veeam Service Provider Console Web UI. This certificate is used to establish secure connection with client applications, such as web browsers or RESTful API clients.

By default, this certificate is installed in the Veeam Service Provider Console Setup wizard. You can change Veeam Service Provider Console Web UI certificate in Veeam Service Provider Console. For details, see Changing Veeam Service Provider Console Web UI Certificate.

• Veeam Cloud Connect server. This certificate is used to to establish secure connection with managed Veeam Backup & Replication servers and Veeam Backup Agents.

This certificate is installed in the Veeam Cloud Connect Manage Certificate wizard. For details on installing and managing Veeam Cloud Connect certificate, see section Managing TLS Certificates of the Veeam Cloud Connect Guide.

Required Privileges

To perform this task, a user must have the following role assigned: Portal Administrator.

Before You Begin

Consider the following security recommendations:

• Make sure that an account used to install security certificates has access to private keys of the certificates in the Local Computer\Personal certificate store.
• Use third-party validated certificates

If you generate or choose a self-signed certificate, you will need to manually configure a trusted connection between Veeam Service Provider Console and management agents. For details, see Configuring Management Agents.

• Update certificates regularly

For details on certificates update, connect your Certificate Authority.

• Use different certificates for Veeam Cloud Connect and Veeam Service Provider Console server in distributed deployments

Using the same certificate on multiple machines may compromise the private key of the certificate.

• For Veeam Service Provider Console server, use a certificate that covers Veeam Service Provider Console server and all cloud gateways

You can use a certificate with multiple FQDNs listed in the Subject or Subject Alternative Name field (SAN) or a wildcard certificate. If you use a wildcard certificate (like *.domain.com), cloud gateways having DNS names that do not include .domain.com will not be trusted, and management agents will not use these cloud gateways for communication with Veeam Service Provider Console server.

Changing Veeam Service Provider Console Server Certificate

To install a new certificate for the Veeam Service Provider Console Server component:

1. Log in to Veeam Service Provider Console.

For details, see Accessing Veeam Service Provider Console.

2. At the top right corner of the Veeam Service Provider Console window, click Configuration.
3. In the configuration menu on the left, click Security.
4. Navigate to the Security Certificate tab.
5. At the top of the list, click Install > Server.
6. In the Manage Certificate window, select one of the following options:

• Select certificate from the Certificate Store

With this option selected, you can choose a certificate from the Certificate Store of Veeam Service Provider Console server. The certificate must be installed in the Local Computer\Personal certificate store.

At the Pick Certificate step, select a certificate that you want to install and click Next.

• Generate new certificate (not recommended)

With this option selected, you can generate a new self-signed certificate. At the Generate Certificate step, select a certificate that you want to install and click Next.

7. Review the certificate settings and click Finish.
8. Refresh the Veeam Service Provider Console portal page.

Changing Veeam Service Provider Console Web UI Certificate

To install a new certificate for the Veeam Service Provider Console Server component:

1. Log in to Veeam Service Provider Console.

For details, see Accessing Veeam Service Provider Console.

2. At the top right corner of the Veeam Service Provider Console window, click Configuration.
3. In the configuration menu on the left, click Security.
4. Navigate to the Security Certificate tab.
5. At the top of the list, click Install > Web UI.

The Manage Certificate window will open.

6. At the Pick Certificate step, select a certificate that you want to install and click Next.

7. At the Credentials step, specify credentials of a local administrator of a machine on which Veeam Service Provider Console Web UI runs.
8. At the Summary step, review the certificate settings and click Finish.
9. Refresh the Veeam Service Provider Console portal page.