Comprehensive data protection for all workloads
Post Reply
inkostin
Influencer
Posts: 18
Liked: never
Joined: Dec 14, 2018 11:34 am
Full Name: Ilya Kostin
Contact:

Import Certificate

Post by inkostin »

Hi.
Problem import certificate

"Backup Server certificate is not exportable and cannot be included in configuration backup"(с)
wishr
Veteran
Posts: 3077
Liked: 453 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Import Certificate

Post by wishr »

Hi Ilya,

Please reach out to our support team directly and post your support case ID, as requested when you click the "New topic" button. This is the best way to get a solution for any technical issue since debug logs analysis is required when dealing with any errors.

Thanks in advance
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Import Certificate

Post by PTide »

Hi,

I guess that is the problem with the certificate itself. Did you use the default certificate, or imported your own? If the latter, then please check whether it's exportable. You can do that by running the following command on VBR server command line:

Code: Select all

certutil -store my
For example, one of mine certificates is not exportable, so you can see it in the output:
C:\Users\Administrator>certutil -store my
my "Personal"
================ Certificate 0 ================
Serial Number: fb8933591f1b4f1f
Issuer: CN=PTWin2106
NotBefore: 1/22/2019 8:33 PM
NotAfter: 1/19/2029 8:33 PM
Subject: CN=PTWin2106
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): efcf8bae92e2e150f87254be77c9418b7675e48c
Key Container = Veeam Backup Server Certificate
Unique container name: 111a80f1500fa308274fa7d48e3d63b8_e41c16ec-28b3-4e56-b6ec-4137c0488cdb
Provider = Microsoft Enhanced Cryptographic Provider v1.0
Private key is NOT exportable
Encryption test passed

================ Certificate 1 ================
Serial Number: 2f38e24b21e249a74c10b56151e30d77
Issuer: CN=Veeam Backup Server Certificate
NotBefore: 1/21/2019 8:37 PM
NotAfter: 1/21/2029 8:37 PM
Subject: CN=Veeam Backup Server Certificate
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash(sha1): 58bbfd69e0d3fd83988d30df6f864d4f041b56f8
Key Container = 77458e0f-c331-4b33-8818-cbab5600b4dc
Unique container name: b33a93d32cbaab07cfe247de6e5a237b_e41c16ec-28b3-4e56-b6ec-4137c0488cdb
Provider = (null)
Encryption test passed
CertUtil: -store command completed successfully.
Thanks!
inkostin
Influencer
Posts: 18
Liked: never
Joined: Dec 14, 2018 11:34 am
Full Name: Ilya Kostin
Contact:

Re: Import Certificate

Post by inkostin »

================ Сертификат 2 ================
Поставщик: CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
NotBefore: 10.12.2018 4:00
NotAfter: 09.12.2020 16:00
Поставщик = Microsoft Enhanced Cryptographic Provider v1.0


Тест шифрования пройден - translate: Encryption test passed
inkostin
Influencer
Posts: 18
Liked: never
Joined: Dec 14, 2018 11:34 am
Full Name: Ilya Kostin
Contact:

Re: Import Certificate

Post by inkostin »

wishr wrote: Apr 24, 2019 11:15 am Hi Ilya,

Please reach out to our support team directly and post your support case ID, as requested when you click the "New topic" button. This is the best way to get a solution for any technical issue since debug logs analysis is required when dealing with any errors.

Thanks in advance
Ок
wishr
Veteran
Posts: 3077
Liked: 453 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Import Certificate

Post by wishr »

inkostin wrote: Apr 24, 2019 11:51 am Encryption test passed
Unfortunately, that does not indicate whether the certificate is exportable or not. Is there anything similar to "Private key is NOT exportable", as P.Tide mentioned above? (Note the bold line)

Also, could please share the data about cert #0 and #1? :)

BR,
Fedor
inkostin
Influencer
Posts: 18
Liked: never
Joined: Dec 14, 2018 11:34 am
Full Name: Ilya Kostin
Contact:

Re: Import Certificate

Post by inkostin »

Code: Select all

my "Личное"
================ Сертификат 0 ================
Серийный номер: 85578426afa1e4e0
Поставщик: CN=VMBackup
 NotBefore: 26.01.2019 12:39
 NotAfter: 23.01.2029 12:39
Субъект: CN=VMBackup
Подпись соответствует открытому ключу
Корневой сертификат: субъект совпадает с поставщиком
Хеш сертификата(sha1): c5263ad28ef83aca62b9e718c753494aac4e062d
  Контейнер ключа = Veeam Self-Signed Certificate
  Уникальное имя контейнера: e1c7ad2366fccae7930f59b326a230f7_1bbf10ce-c1df-4e79-9181-4908c83782e9
  Поставщик = Microsoft Enhanced Cryptographic Provider v1.0
Закрытый ключ НЕ экспортируем
Тест шифрования пройден

================ Сертификат 1 ================
Серийный номер: a4d4ff18d8ac7b69
Поставщик: CN=VMBackup
 NotBefore: 26.01.2019 6:04
 NotAfter: 23.01.2029 6:04
Субъект: CN=VMBackup
Подпись соответствует открытому ключу
Корневой сертификат: субъект совпадает с поставщиком
Хеш сертификата(sha1): baf1dc86189a7a986f7c9d7346b652c7a8be6faa
  Контейнер ключа = Veeam Backup Server Certificate
  Уникальное имя контейнера: 111a80f1500fa308274fa7d48e3d63b8_1bbf10ce-c1df-4e79-9181-4908c83782e9
  Поставщик = Microsoft Enhanced Cryptographic Provider v1.0
Закрытый ключ НЕ экспортируем
Тест шифрования пройден

================ Сертификат 2 ================
Серийный номер:
Поставщик: CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
 NotBefore: 10.12.2018 4:00
 NotAfter: 09.12.2020 16:00
Субъект: CN=*.domain.com, OU=job, O=Company, L=Moscow, C=RU
Не корневой сертификат
Хеш сертификата(sha1): 
  Контейнер ключа = 
  Уникальное имя контейнера: ba35fd55fd6ae00c2c8ae9c75eb63403_1bbf10ce-c1df-4e79-9181-4908c83782e9
  Поставщик = Microsoft Enhanced Cryptographic Provider v1.0
Тест шифрования пройден

================ Сертификат 3 ================
Серийный номер: 66436b50ec9f3ebc48882c190df79e7f
Поставщик: CN=Veeam Backup Server Certificate
 NotBefore: 25.01.2019 6:08
 NotAfter: 25.01.2029 6:08
Субъект: CN=Veeam Backup Server Certificate
Подпись соответствует открытому ключу
Корневой сертификат: субъект совпадает с поставщиком
Хеш сертификата(sha1): 53c565d8eea207c6a129c56d9b5ca0e261d46765
  Контейнер ключа = 6c50f42b-d20a-486d-8fb3-fd41624b5922
  Уникальное имя контейнера: d4f5f68f78191ec7e78909ad747ddca5_1bbf10ce-c1df-4e79-9181-4908c83782e9
  Поставщик = (null)
Тест шифрования пройден
CertUtil: -store — команда успешно выполнена.
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Import Certificate

Post by PTide »

Well, as I expected there are imported Veeam keys (#0 and #1) that are non-exportable. At this point there are two possible ways to resolve that:

1. Open a support case and post your case ID here so the support team can file an improvement request for future versions.
2. Try to fix it on your own.

Thanks!
inkostin
Influencer
Posts: 18
Liked: never
Joined: Dec 14, 2018 11:34 am
Full Name: Ilya Kostin
Contact:

Re: Import Certificate

Post by inkostin »

Thanks!

Closed.
Post Reply

Who is online

Users browsing this forum: Bing [Bot], ybarrap2003 and 208 guests