- Posts: 331
- Liked: 59 times
- Joined: Jul 19, 2016 8:39 am
- Full Name: Michael
AFAIK, there is no option to provide a e.g. self-signed certificate or a certificate from a offical CA before the vm gets deployed. I mean in the current configuration your data will still be encrypted but you are not safe from MITM-attacks. Since I've got no control of what's going on between azure and our infrastructure (=internet) I can not be sure that nobody is manipulating or sniffing on the stream. I know it sounds a little bit paranoid but I always do care about security.
How can I compare the thumbprint of the provided and "real" certificate to make sure that the connection is compliant?
- Veeam Software
- Posts: 65
- Liked: 14 times
- Joined: Jan 01, 2006 1:01 am
Thank you for your suggestion! You are correct - VeeamPN is generating the self-signed certificate during the installation, that's why you see that awful notification in your browser.
We will consider adding an option to specify a user-provided certificate.
For now I would suggest you to follow this very simple and effective procedure to automatically obtain and install free SSL certificate from LetsEncrypt organization: https://certbot.eff.org/lets-encrypt/ub ... ial-apache. I just tested it on my VeeamPN hub in Azure - it worked like a charm!
One hint to the procedure - I would recommend to skip one of the last step in the interactive procedure - please don't add "forwarding of all traffic to https" since it is already implemented in our installation.
Users browsing this forum: No registered users and 1 guest