[v13] import Certificate Signed by Internal CA

[pirx]

I've created and imported certificates before, but doing this for v13 appliance is giving me a hard time.

I found this https://helpcenter.veeam.com/docs/vbr/u ... +ca&ver=13

I first tried "Importing Certificate from Certificate Store" but it does not even show the certificate that I imported on the Windows system where I started console.

Next I tried "Using Certificate Signed by Internal CA" but there is not much reference to the appliance. So I transferred my cert files to the appliance, put them in /var/lib/veeam/... and tried to import from there with the enc password. But then get error "error:0308010C:digital envelope routines::unsupported." It's probably in wrong format... but I do not have much options as the cert get centrally created.

Any ideas what I have to do different?

[Mildur]

Hi Pirx,

In v13.0.1, we’ll introduce a wizard to simplify certificate import. But the process in v13.0 is a bit more complex.
I recommend waiting for v13.0.1; but if you need it sooner, please let me know and I’ll share the manual process with you in a private message.

Best,
Fabian

[pirx]

Hi Fabian, any ETA for 13.0.1? If it is not too much work I'd appreciate getting the manual steps in a PM

[Mildur]

Hi Pirx,

I’ll need to double-check the manual procedure to confirm whether it resolves your request. I’ll share it with you once I have the answer.
We’re not far from the release day — you can register for the global launch event on November 19th.

Best,
Fabian

[Mildur]

Hi Pirx,

I tested it in my lab by importing a PFX:
- I’ll share the procedure to "import/trust the root CA certificate" via private message.
- For the backup server certificate, please try to export it using AES256-SHA256 encryption.

It seems that the current build of the appliance doesn’t work with TripleDES-SHA1 encryption. I got the same error as you.
But import with a PFX and AES256-SHA256 encryption worked for me in my lab.



Best,
Fabian

[Gostev]

The error is because TripleDES and SHA1 are not FIPS complaint (deprecated in 2019 and disallowed use after 2023 by NIST). Veeam Software Appliance is strict about that.