Veeam Backup & Replication 13
Veeam Backup Enterprise Manager Guide
ASK LLM
Ask ChatGPT
Ask Claude
Ask Gemini
Ask Grok
Ask Perplexity
Related documents
Search

Installing Certificates

If an existing TLS certificate expires, or if you want to replace it (for example, with a certificate obtained from a Certificate Authority) you can install a new certificate. When using a certificate obtained from a CA, ensure that the Enterprise Manager IP address or fully qualified domain name is included in the certificate subject or subject alternative name.

If you plan to use a certificate signed by an internal Certificate Authority (CA), add the certificate to the certificate store before starting the installation. For details, see Using Certificate Signed by Internal CA.

Note

For Microsoft Windows-based Enterprise Manager, to update the certificate used by the Enterprise Manager web application and Veeam vSphere Client plug-in, you can also use Internet Information Services (IIS) Manager as an alternative method. For more information, see this Microsoft Docs article.

To install a new certificate, follow these steps:

  1. Log in to Enterprise Manager using an administrative account.
  2. To open the Configuration view, click Configuration in the upper-right corner.
  3. Open the Settings section.
  4. On the Certificates tab, click Install and then choose the type of certificate to install:
  • Select Server to install the certificate that the Veeam Backup Enterprise Manager Service and Veeam Guest Catalog Service use to connect to backup servers. This certificate is also used by the Veeam Backup Enterprise Manager REST API.
  • Select Web UI to install the certificate that the Veeam Backup Enterprise Manager web app, Veeam Plug-in for VMware vSphere Client, and Veeam Plug-in for VMware Cloud Director use to connect to the web browser.

Installing Certificate

  1. At the Certificate Type step of the Manage Certificate wizard, select one of the following options:
  • Select Select a certificate from the certificate store if you want to specify a certificate that is already uploaded to the local Certificate Store.
  • Select Generate new certificate if you want Enterprise Manager to generate a self-signed certificate.
  • Select Upload a custom certificate if you want to upload a certificate signed by your trusted Certificate Authority (CA). For more information on internal CA certificates, see Using Certificate Signed by Internal CA.

Enterprise Manager accepts only PEM files that contain exactly two keys: the private key and the server certificate. If the file contains several certificates, the upload will fail. Intermediate certificates must be added separately to the certificate store on the connected backup servers.

Installing Certificates

  1. At the next step of the wizard, either provide a certificate friendly name for a self-signed certificate or choose an existing certificate that you want to install.

Installing Certificates

  1. To install the certificate, click Finish.

Page updated 4/22/2026

Page content applies to build 13.0.1.2067

View all results across Veeam Help Center
Back to document search