Backup Server Certificate

When you configure the Veeam Backup & Replication infrastructure, you can specify what TLS certificate must be used to establish a secure connection from backup infrastructure components to the backup server. Veeam Backup & Replication offers the following options for TLS certificates:

If you plan to use a certificate issued by your own Certificate Authority (CA), make sure that the certificate meets the requirements. For more information, see Using Certificate Signed by Internal CA.

 

Important

If you update the TLS certificate used on the backup server, you must also do the following:

  • If multi-factor authentication is enabled, any Veeam Backup & Replication consoles connected to the backup server must be restarted to avoid connection issues.
  • If you use Veeam Plug-In for Nutanix AHV, restart the Veeam AHV Service. For more information on restarting services, see Performing Maintenance Tasks.
  • For VMware clusters, pass through the I/O filter Management wizard as described in section Installing I/O Filter.
  • For VMware CDP proxies, pass through the Edit VMware CDP Proxy wizard. To do this, in the Backup Infrastructure view, right-click a proxy and select Properties. In the wizard, click Finish.
  • To avoid potential synchronization issues, make sure that Veeam Agents are synchronized with Veeam Backup & Replication before you change the existing certificate. To learn more, see Rescan Job.
  • [For protection groups for pre-installed Veeam Agents] If you change the existing certificate, you must export a new package with setup files to deploy Veeam Agents on new computers that you want to add to the protection group.To learn more, see Specifying Packages.

 

Page updated 9/16/2025

Page content applies to build 13.0.0.4967