Error downloading plug-in. Make sure that the URL is reachable and the registered thumbprint is correct. Certificate doesn't support 'digitalSignature' KeyUsage

KB ID:	4564
Product:	Veeam Backup & Replication \| 12 \| 12.1
Published:	2024-04-02
Last Modified:	2024-04-02

Challenge

Attempting to deploy the Veeam Plug-in for VMware vSphere Client through Veeam Backup Enterprise Manager fails with the error:

Error downloading plug-in. Make sure that the URL is reachable and the registered thumbprint is correct. Certificate doesn't support 'digitalSignature' KeyUsage

Cause

The certificate in use by Veeam Backup Enterprise Manager has a KeyUsage parameter defined, but the parameter Digital Signature is not specified.

Default Veeam Backup Enterprise Manager "Veeam Self-Signed Certificate" History

In Veeam Backup Enterprise Manager 10a and older, the self-signed certificate generated by the installer was created with the following:
KeyUsage: Key Encipherment, Data Encipherment
Starting in Veeam Backup Enterprise Manager 11, the self-signed certificate generated by the installer has no KeyUsage specified, meaning all uses are accepted.

This means that if a Veeam Backup Enterprise Manager deployment was initially installed with version 10a or earlier and then upgraded to newer versions using the same self-signed certificate, the issue will occur.

Solution

To resolve this issue, either generate a new Veeam self-signed certificate or import a new certificate you've generated, and then assign the new certificate to the site within IIS Manager.

Generate New Enterprise Manager Self-Signed Certificate

Script Minimum OS Requirement

The scripts below require at least Microsoft Windows Server 2016 or Windows 10.

In Older OS versions, the cmdlet New-SelfSignedCertificate does not accept the parameters these scripts use.

This script will create a new self-signed certificate with all the same parameters as one created by the Veeam Backup Enterprise Manager (v12.1) installer.

On the machine where Veeam Backup Enterprise Manager is installed, open an Administrative PowerShell Console and run the following PowerShell script:

#Generate Self-Signed Certificate
$params = @{
    DnsName = [System.Net.Dns]::GetHostByName("").HostName
    CertStoreLocation = "Cert:\LocalMachine\My" 
    FriendlyName = "$(Get-Date -Format 'yyMMdd') Veeam Self-Signed Certificate"
    Subject = 'CN=' + [System.Net.Dns]::GetHostByName("").HostName
    KeyUsage = @("None")
    NotAfter = (Get-Date).AddYears(10)
}
$cert = New-SelfSignedCertificate @params

#Add the certificate to the Trusted Root Certification Authorities
$rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store('Root', 'LocalMachine')
$rootStore.Open('ReadWrite')
$rootStore.Add($cert)
$rootStore.Close()
                    

Assigning the New Certificate to the Site

With a new certificate imported or generated using the steps above, perform the following steps to assign that certificate to the site within IIS Manager.

Open Internet Information Service (IIS) Manager (InetMgr.exe).
Expand the node for the server's name.
Expand the Sites node.
Right-click on the site named VeeamBackup.
From the context menu, select Edit Bindings...

In the Site Bindings window, double-click the https entry.

Using the SSL certificate drop-down box, select the new certificate.

^{Note: The self-signed certificate generation scripts on this KB add a datestamp prefix to the new certificate's name for easy identification.}

After selecting the new SSL certificate, click OK to close the https site binding settings, then close the Site Bindings window with the close button.
Right-click the site, and from the Manage Website sub-menu, select Restart.

More Information

If the Veeam Plug-in for VMware vSphere Client continues to have issues deploying, please create a Veeam Support case for assistance.

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Error downloading plug-in. Make sure that the URL is reachable and the registered thumbprint is correct. Certificate doesn't support 'digitalSignature' KeyUsage

Error downloading plug-in. Make sure that the URL is reachable and the registered thumbprint is correct. Certificate doesn't support 'digitalSignature' KeyUsage

Challenge

Cause

Default Veeam Backup Enterprise Manager "Veeam Self-Signed Certificate" History

Solution

Generate New Enterprise Manager Self-Signed Certificate

Assigning the New Certificate to the Site

More Information

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112