Backup Server Certificate

When you configure the Veeam Backup & Replication infrastructure, you can specify what TLS certificate must be used to establish a secure connection from backup infrastructure components to the backup server. Veeam Backup & Replication offers the following options for TLS certificates:

Keep the default self-signed TLS certificate generated by Veeam Backup & Replication at the process of upgrading to a new version of Veeam Backup & Replication.
Use Veeam Backup & Replication to generate a new self-signed TLS certificate. To learn more, see Generating Self-Signed Certificate.
Import a TLS certificate from a file in the PFX format. To learn more, see Importing Certificate from PFX Files.

Important

If you update the TLS certificate used on the backup server, you must also do the following:

If multi-factor authentication is enabled, any Veeam Backup & Replication consoles connected to the backup server must be restarted to avoid connection issues.
For AHV Backup proxies, pass through the Edit Nutanix Proxy wizard. To do this, in the Backup Infrastructure view, right-click a proxy and select Properties. In the wizard, click Finish. Also, restart the Veeam AHV Service.
For VMware clusters, pass through the I/O filter Management wizard as described in section Installing I/O Filter.
For VMware CDP proxies, pass through the Edit VMware CDP Proxy wizard. To do this, in the Backup Infrastructure view, right-click a proxy and select Properties. In the wizard, click Finish.

To avoid potential synchronization issues, make sure that Veeam Agents are synchronized with Veeam Backup & Replication before you change the existing certificate. To learn more, see Rescan Job.
[For protection groups for pre-installed Veeam Agents] If you change the existing certificate, you must export a new package with setup files to deploy Veeam Agents on new computers that you want to add to the protection group.To learn more, see Specifying Packages.