Generating Self-Signed Certificates
You can use Veeam Backup & Replication to generate a self-signed certificate for authenticating parties in the Veeam Backup for Nutanix AHV infrastructure.
To generate TLS certificates, Veeam Backup & Replication employs the RSA Full cryptographic service provider by Microsoft Windows installed on the Veeam Backup & Replication server. The created TLS certificate is saved to the Shared certificate store. The following types of users can access the generated TLS certificate:
- User who created the TLS certificate
- LocalSystem user account
- Local Administrators group
If you use a self-signed TLS certificate generated by Veeam Backup & Replication in case of initial AHV Backup Proxy deployment, you do not need to take any additional actions to deploy the TLS certificate on an AHV Backup Proxy VM. When you add an AHV Backup Proxy to the Veeam Backup & Replication infrastructure, a matching TLS certificate with a public key is installed on the AHV Backup Proxy VM. During discovery, Veeam Installer Service deployed on the AHV Backup Proxy VM retrieves the TLS certificate with a public key from the Veeam Backup & Replication server and installs a TLS certificate with a public key on the AHV Backup Proxy VM.
If you currently work with deployed AHV Backup Proxy and you try to re-generate self-signed TLS certificate, the connection with Veeam Backup & Replication server will be lost and all subsequent backup jobs fail accordingly. In this case, you can manually re-apply settings for AHV Backup Proxy in the Veeam Backup & Replication console.
When you generate a self-signed TLS certificate with Veeam Backup & Replication, you cannot include several aliases to the certificate and specify a custom value in the Subject field. The Subject field value is taken from the Veeam Backup & Replication license installed on the Veeam Backup & Replication server.
To generate a self-signed TLS certificate:
- From the main menu of the Veeam Backup & Replication console, select General Options.
- Click the Security tab.
- In the Security tab, click Install.
- At the Certificate Type step of the wizard, select Generate new certificate.
- At the Generate Certificate step of the wizard, specify a friendly name for the created self-signed TLS certificate.
- At the Summary step of the wizard, review the certificate properties. Use the Copy to clipboard link to copy and save information about the generated TLS certificate. You will be able to use the copied information to verify the TLS certificate with the certificate thumbprint.
- Click Finish. Veeam Backup & Replication will save the generated certificate in the Shared certificate store on the Veeam Backup & Replication server.