Security concern Internal CA signed Certificates with Veeam Agent for Microsoft Windows.

tbksoco2020 · Post by **tbksoco2020** » Jun 17, 2025 9:56 pm this post

We opened Veeam Support - Case # 07725251 for unsupported certificate error when trying to backup Windows Agent. Working through Veeam's Managing TLS Certificates documentation we were able to finally get CA certificate modified where it allowed the Agent to communicate with VBR server. However, the changes we had to make for the certificate that the VBR server uses to push client certificate has built-in Subordinate Certification Authority. Which allows too much privileges to create certificates. We already have internal CA Certificates that have built-in Subordinate Certification Authority for Veeam that we would want our CA server creating the client certificates. We would think that other dark site companies like us would not want to allow other applications to control creating certificates. Has anyone else experienced this situation? Was anyone else able to find another workaround? Can there be a feature that Veeam allows customers to use their own CA Certificates and CA Server to control creation of client certs?

Post by **Mildur** » Jun 23, 2025 1:10 pm this post

Hi Brandon

It's currently not possible to allow external Certificate Authorities to create certificates for our Veeam Agents.
We know about the request, but there is no ETA.
I'll add your voice to the feature request.

Best,
Fabian

R&D Forums

Security concern Internal CA signed Certificates with Veeam Agent for Microsoft Windows.

Re: Security concern Internal CA signed Certificates with Veeam Agent for Microsoft Windows.

Who is online