cancel
Showing results for 
Search instead for 
Did you mean: 

Renewing backup exec self-signed certificate

CCWW
Level 4

A recent security scan showed a self-signed certificate generated by backup exec. This certficate is signed using SHA-1 which is considered weak.

Is there a way to get Backup Exec to create a new certificate using SHA256?

This is the certificte in question, port 60030

|-Subject : CN=SSL_Self_Signed_Fallback
|-Signature Algorithm : SHA-1 With RSA Encryption

 

3 REPLIES 3

kf2013
Level 6
   VIP   

Which process? dont think BE will use such high port or u changed?

Yep, it's not backup exec it's the SQL server backup exec uses.

I'm assuming when backup exec is installed the certificate for SQL is created. Not sure how to update it so it uses stronger encryption/cipher. Right now it's using SHA-1 but needs to use SHA-256.

kf2013
Level 6
   VIP   

Backup Exec installation will install SQL server a database.

During the SQL Server installation, it will generate a self-signed certificate.

You can use SQL Configuration Manager to replace a new SSL Certificate.