How to use Veeam Backup for Nutanix AHV/Veeam Backup for Red Hat Virtualization Proxy with Internal CA Certificates
Purpose
This article documents how to configure the following components to handle certificates signed by an Internal CA properly:
Cause
By default, these components are only aware of publicly available Certification Authorities.
If an Internal CA is used to sign the Cluster or Veeam Backup & Replication certificate, these components cannot verify the certificate, and communication will fail.
Solution
- Export all certificates in the chain as Base64-encoded ASCII.
Make sure that exported certificates have .crt extension. If they were exported as .cer - rename them to .crt - Enable SSH on the Appliance/Proxy:
- Enabling SSH on Nutanix AHV Backup Appliance (Veeam Backup for Nutanix AHV 4.x+)
- Enabling SSH on Nutanix AHV Backup Appliance (Veeam Backup for Nutanix AHV 3.x)
- Enabling SSH on RHV Backup Proxy (Veeam Backup for Red Hat Virtualization 3.x+)
- Enabling SSH on RHV Backup Proxy (Veeam Backup for Red Hat Virtualization 2.x)
- Upload all exported certificates in the following folder on the Proxy/Appliance using WinSCP or another SCP/SFTP client.
- Connect to the Appliance/Proxy via SSH, and execute the following command:
Example Output:
admin@proxy:/usr/local/share/ca-certificates$ sudo update-ca-certificates [sudo] password for admin: Updating certificates in /etc/ssl/certs... 2 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.
- Reboot the component (Appliance or Proxy).
- If the component has been added to Veeam Backup & Replication, rescan it: If it has not been added to Veeam Backup & Replication, add it:
- Disable SSH on the Proxy/Appliance, which was enabled in Step 2.
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.