Generating Self-Signed Certificates

In this article

    You can use Veeam Backup & Replication to generate a self-signed certificate for authenticating parties in the backup infrastructure.

    To generate TLS certificates, Veeam Backup & Replication employs the RSA Full cryptographic service provider by Microsoft Windows installed on the backup server. The created TLS certificate is saved to the Shared certificate store. The following types of users can access the generated TLS certificate:

    • User who created the TLS certificate
    • LocalSystem user account
    • Local Administrators group

    If you use a self-signed TLS certificate generated by Veeam Backup & Replication in case of initial RHV backup proxy deployment, you do not need to take any additional actions to deploy the TLS certificate on an RHV backup proxy VM. When you add an RHV backup proxy to the Veeam Backup & Replication infrastructure, a matching TLS certificate with a public key is installed on the RHV backup proxy VM. During discovery, Veeam Installer Service deployed on the RHV backup proxy VM retrieves the TLS certificate with a public key from the backup server and installs a TLS certificate with a public key on the RHV backup proxy VM.

    If you currently work with the deployed RHV backup proxy and you try to re-generate self-signed TLS certificate, the connection with backup server will be lost and all subsequent backup jobs fail. In this case, you can manually re-apply settings for RHV backup proxy in the Veeam Backup & Replication console.


    When you generate a self-signed TLS certificate with Veeam Backup & Replication, you cannot include several aliases to the certificate and specify a custom value in the Subject field. The Subject field value is taken from the Veeam Backup & Replication license installed on the backup server.

    To generate a self-signed TLS certificate:

    1. From the main menu of the Veeam Backup & Replication console, select General Options.
    2. Click the Security tab.
    3. In the Security tab, click Install.
    4. At the Certificate Type step of the wizard, select Generate new certificate.

    Generating Self-Signed Certificates 

    1. At the Generate Certificate step of the wizard, specify a friendly name for the created self-signed TLS certificate.

    Generating Self-Signed Certificates 

    1. At the Summary step of the wizard, review the certificate properties. Use the Copy to clipboard link to copy and save information about the generated TLS certificate. You will be able to use the copied information to verify the TLS certificate with the certificate thumbprint.
    2. Click Finish. Veeam Backup & Replication will save the generated certificate in the Shared certificate store on the backup server.

    Generating Self-Signed Certificates