This article documents how to configure the following components to handle certificates signed by an Internal CA properly:
By default, these components are only aware of publicly available Certification Authorities.
If an Internal CA is used to sign the Cluster or Veeam Backup & Replication certificate, these components cannot verify the certificate, and communication will fail.
admin@proxy:/usr/local/share/ca-certificates$ sudo update-ca-certificates [sudo] password for admin: Updating certificates in /etc/ssl/certs... 2 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.
The configuration of custom Certificate Authorities (CA) is an OS-level change and is not captured by the Configuration Backup function of Veeam Backup for Nutanix AHV nor Veeam Backup for Red Hat Virtualization.
If the proxy/appliance is redeployed, whether manually or after upgrading to a new version, the procedure documented in this KB must be performed again.
Restoring the configuration to an existing proxy/appliance that has custom Internal CAs configured will not require reinitialization of the custom Internal CAs. However, if configuration restore is performed to a new proxy/appliance, the custom Internal CA installation procedure documented in this article must be completed.
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case