cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Renewing backup exec self-signed certificate

CCWW
Level 4

‎05-15-2020 05:29 AM

A recent security scan showed a self-signed certificate generated by backup exec. This certficate is signed using SHA-1 which is considered weak.

Is there a way to get Backup Exec to create a new certificate using SHA256?

This is the certificte in question, port 60030

|-Subject : CN=SSL_Self_Signed_Fallback
|-Signature Algorithm : SHA-1 With RSA Encryption

 

0 Kudos
3 REPLIES 3

kf2013
Moderator
Moderator
   VIP   

‎05-16-2020 06:07 PM

Which process? dont think BE will use such high port or u changed?

0 Kudos

CCWW
Level 4
In response to kf2013

‎05-19-2020 12:26 PM

Yep, it's not backup exec it's the SQL server backup exec uses.

I'm assuming when backup exec is installed the certificate for SQL is created. Not sure how to update it so it uses stronger encryption/cipher. Right now it's using SHA-1 but needs to use SHA-256.

0 Kudos

kf2013
Moderator
Moderator
   VIP   
In response to CCWW

‎05-20-2020 08:39 PM

Backup Exec installation will install SQL server a database.

During the SQL Server installation, it will generate a self-signed certificate.

You can use SQL Configuration Manager to replace a new SSL Certificate.

0 Kudos