Hyper-V cluster gets untrusted when "Cluster Group" changes owner

[cubicle9726]

When I move the "Cluster Group" containing "Cluster IP Address" and "Cluster Name" resources to a different node in our cluster it changes the certificate that is used by WinRM to that of the new node rather than having one dedicated to the cluster and that causes Veeam to no longer trust the cluster. I think this needs to be fixed on the cluster side but I can't find any documentation about it.

[cubicle9726]

Could someone verify that if they go to veeam backup and replication menu > options > security and export an xml file of their trusted hosts that their cluster has a different certificate fingerprint than any of the hosts in the cluster? Then I at least know that this is possible to setup.

[jbarrow]

It looks like the "Certificate" of the cluster name is the same as the cert for ONE of the members of that cluster.
I took before/after snapshots of the trusted certificate list and verified that the new cert it saw for the cluster was the existing cert for the other node (and this is just a 2 node cluster).

I'm thinking that the only way around this will be to set up a certificate authority in the hyper-v AD network, and set up each machine to automatically generate certs from that, and have the Veeam server trust the new CA. Will that work?