Security Certificates

The /certificates collection allows you to view and replace TLS certificates used in Veeam Backup for AWS.

Get Current Security Certificate Data

The HTTP GET request to the /settings/certificates endpoint retrieves details of the TLS certificate used to establish secure client–server internet connection with the Veeam Backup for AWS appliance.

SecurityBearer

Request

header Parameters

x-api-version

required

string

Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Responses

200

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

get/api/v1/settings/certificate

Request samples

curl
Python
JavaScript
C#
Go

curl -i -X GET \
  https://helpcenter.veeam.com/api/v1/settings/certificate \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'x-api-version: 1.7-rev0'

Response samples

{"data": [{"thumbprint": "9279E11016CD96D82430E4DCAD984BDC739E0710",
"serialNumber": "0337217235",
"keyAlgorithm": "RSA",
"keySize": "2048",
"subject": "OU=AWS Backup, O=Veeam Software, E=support@veeam.com, C=CH, S=Zug, CN=Veeam AWS Backup Localhost",
"issuedTo": "Veeam AWS Backup Localhost",
"issuedBy": "Veeam AWS Backup Local CA 2e1aa4c4-bcb4-42e8-adeb-713aa75c546a",
"validFrom": "2020-11-10T13:16:56",
"validBy": "2021-11-10T13:16:56",
"automaticallyGenerated": true
}
]
}

Recreate Security Certificate

The HTTP POST request to the /settings/certificates/regenerate endpoint replaces the existing security certificate with a new self-signed certificate automatically generated by Veeam Backup for AWS.

NOTE
Consider the following:

After you replace the existing security certificate, the Veeam Backup for AWS REST API and Web UI services will be restarted automatically.
If the Veeam Backup for AWS appliance is connected to Veeam Backup & Replication, the connection between the appliance and Veeam Backup & Replication will be lost when using the endpoint. To work around the issue, accept the newly created self-signed certificate using the Veeam Backup & Replication console as described in the Veeam Backup for AWS User Guide.

SecurityBearer

Request

header Parameters

x-api-version

required

string

Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema: application/json
required

validBy

string <date-time>

Specifies the date and time when the certificate will expire.

Responses

202

Accepted

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/settings/certificates/regenerate

Request samples

application/json

{"validBy": "2021-12-10T12:00:00"
}

Response samples

{"type": "http://example.com",
"title": "string",
"status": 400,
"errorCode": "AccessDenied",
"details": "string",
"instance": "http://example.com",
"data": {"property1": { },
"property2": { }
}
}

Upload Own Security Certificate

The HTTP POST request to the /settings/certificates/upload endpoint uploads a security certificate that you obtained from a CA or generated using a 3rd party tool.

NOTE
After you replace the existing security certificate, the Veeam Backup for AWS REST API and Web UI services will be restarted automatically.

SecurityBearer

Request

header Parameters

x-api-version

required

string

Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema: multipart/form-data
required

certificateFile required	string <binary> Security certificate file in the `.pfx` format.
certificatePassword required	string Password used to protect the security certificate file.

Responses

202

Accepted

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The authorization header has been expected but not found (or found but is expired).

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/settings/certificates/upload

Request samples

curl
Python
JavaScript
C#
Go

curl -i -X POST \
  https://helpcenter.veeam.com/api/v1/settings/certificates/upload \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'Content-Type: multipart/form-data' \
  -H 'x-api-version: 1.7-rev0' \
  -F certificateFile=string \
  -F certificatePassword=string

Response samples

{"type": "http://example.com",
"title": "string",
"status": 400,
"errorCode": "AccessDenied",
"details": "string",
"instance": "http://example.com",
"data": {"property1": { },
"property2": { }
}
}

Security Certificates

Get Current Security Certificate Data

header Parameters

Recreate Security Certificate

header Parameters

Request Body schema: application/jsonrequired

Upload Own Security Certificate

header Parameters

Request Body schema: multipart/form-datarequired

Request Body schema: application/json
required

Request Body schema: multipart/form-data
required