During the installation, Veeam PN generates a self-signed certificate. To mitigate the risk of MITM attacks, you can obtain and install a free SSL certificate from Let's Encrypt.
To install the certificate, do the following:
- Open the console of Veeam PN appliance machine.
- [VMware vSphere] Open the TTY console of the VM where Veeam PN appliance is deployed.
- [Microsoft Azure] In PuTTY, use the Veeam PN appliance hostname to connect to the console.
- Add a PPA (Personal Package Archive) to the list of repositories and install Certbot:
sudo apt-get update
- Certbot has an Apache plugin that automates certificate installation. The plugin will install an SSL certificate and automatically edit the machine configuration to server the installed certificate.
To install an SSL certificate, run the following command:
sudo certbot --apache
Automated Renewal of SSL Certificate
Let's Encrypt certificates last for 90 days. You can enable the cron job of Certbot that will renew your SSL certificate automatically before it expires.
sudo certbot renew --dry-run
For detailed instructions, see: https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache.