Purpose
This article documents how to configure the following components to handle certificates signed by an Internal CA properly:
Nutanix AHV Backup Appliance
RHV Backup Proxy
Cause
By default, these components are only aware of publicly available Certification Authorities.
If an Internal CA is used to sign the Cluster or Veeam Backup & Replication certificate, these components cannot verify the certificate, and communication will fail.
Solution
Export all certificates in the chain as Base64-encoded ASCII.Make sure that exported certificates have a .crt extension. If they were exported as .cer - rename them to .crt
Enable SSH on the Appliance/Proxy:
Enabling SSH on Nutanix AHV Backup Appliance (Veeam Backup for Nutanix AHV 4.x+)
Enabling SSH on RHV Backup Proxy (Veeam Backup for Red Hat Virtualization 3.x+)
Upload all exported certificates to a folder on the Proxy/Appliance using WinSCP or another SCP/SFTP client, and then copy them to:Only the root user has write access to this folder. You must first upload the certificates to your user's home directly, then use 'sudo cp' to copy them to the folder.
