Last month, one major Veeam Backup & Replication bug was discovered about self-signed certificate. The following error message appears when starting Veeam Backup and Replication (Veeam B&R) console: “Failed to check certification expiration date“. This bug is very annoying because it will impact everyone who’s using the default self-signed certificates, which is, unfortunately, the majority. As a reminder, Veeam uses those certificates to implement secure communication between backup infrastructure components, as well as with managed backup agents. And while the editor provides the ability to select or import your own certificate, most don’t worry about this and just keep the default certificate that is automatically generated when you install Veeam Backup & Replication. This certificate is set to expire in 1 year from its creation date, and due to some bugs, you will see artifacts of its expiration one year after your Update 3 installation date. Which means this will hit many of you in the next few weeks…
Veeam Backup and Replication self-signed certificate gets expired in 11 months after installation. The certificate is renewed, but Veeam Backup Service still has information about the old one in cache, thus shows the error message.
Assuming you have Update 3a installed, the first thing you will see at 11 months after Update 3 installation time will be the “Failed to check certificate expiration date” error message upon opening the backup console. The UI is trying to tell you that the certificate is about to expire, but the logic of this falls through to the universal message for all unhandled exceptions. If you ignore this message, everything will continue to work fine for another month, after which the agent management functionality, as well as all granular restores, will start failing. Luckily, the issue is super easy to fix by simply generating a new certificate, which takes just a few clicks. So don’t wait, and do it at your earliest convenience.
Important! Please note that this process will automatically restart the Veeam Backup Service.
Ensure no Backup/Replication Jobs or Restores are running before applying these steps.
The current workaround is the manual generation of a new certificate (if a self-signed certificate is used) as described here.
If you use your own certificates, perform an import of renewed certificate: The issue is also going to be fixed in future releases.
Needless to say, Veeam has fixed the related bugs in the Veeam B&R 9.5 Update 4 (and also bumped the self-signed certificate expiration date to 10 years). Here’s the official Veeam support KB article for this issue: KB2806.
Step by Step Guide Veeam B&R 9.5 U3a Upgrade!
You can learn more about Veeam Backup & Replication 9.5 here.
VeeamON Chicago – Vision & Strategy 2018 – Recap!
VeeamON Forum France Recap!
VeeamON Forum France – Interviewed by LeMagIT: LeMagIT