Replacing Security Certificates

In this article

    To establish secure data communications between the backup appliance and web browsers running on user workstations, Veeam Backup for AWS uses Transport Layer Security (TLS) certificates.

    When you install Veeam Backup for AWS, it automatically generates a default self-signed certificate. You can replace this default certificate with your own self-signed certificate or with a certificate obtained from a Certificate Authority (CA). To replace the currently used TLS certificate, do the following:

    1. Switch to the Configuration page.
    1. Navigate to Settings > Certificates.
    1. Click Replace Web Certificate.

    Complete the New Certificate Wizard.

    1. At the Certificate Source step of the wizard, do the following:
    • Select the Recreate a self-sign certificate option if you want to replace the existing certificate with a new self-signed certificate automatically generated by Veeam Backup for AWS.
    • Select the Upload certificate option if you want to upload a certificate that you obtained from a CA or generated using a 3rd party tool.
    1. [This step applies only if you have selected the Upload certificate(s) option] At the Upload certificate(s) step of the wizard, browse to the certificate that you want to install, and provide a password for the certificate file if required.
    2. At the Summary step of the wizard, review summary information and click Finish. To allow Veeam Backup for AWS to discover the newly installed certificate, restart the backup appliance.


    If you have recreated the self-signed certificate, when you try to access Veeam Backup for AWS in a web browser, the browser will display a warning notifying that the connection is untrusted (although it is secured with SSL). To eliminate the warning, import the self-signed certificate to user workstations.

    Replacing Security Certificates