Veeam Backup and Replication v9.5 Installation on Windows Server 2022 – Error occurred during certificate processing
In case you will also run into the following error about the Veeam Backup Server Certificate when installing Veeam Backup and Replication, you can use the following workaround to finally complete the installation successfully.
So far I encountered this issue just when using the old version 9.5 on Windows Server 2022.
When you configure the Veeam Backup & Replication infrastructure, you can specify what TLS certificate must be used to establish a secure connection from backup infrastructure components to the backup server.
Source: https://helpcenter.veeam.com/docs/backup/vsphere/backup_server_certificate.html?ver=120
Issue
To come right to the point, finally something went wrong when the installer process wanted to create the Veeam Backup Server Certificate (client.pfx) by using OpenSSL.
***Veeam*** ========= VmCertManage: Executing
***Veeam*** Generating certificate…
***Veeam*** An error occurred while trying to run command:
openssl.exe req -new -x509 -newkey rsa:2048 -days 3650 -sha256 -out ……..
***Veeam*** Error open file …… client.pfx’
***Veeam*** VmWinError has been occurred. Error: 110
Error occurred during certificate processing
You can open the BackupSrLog.log file to investigate the error above.
Here you can see the part where the installation process runs into this error.
***Veeam*** Execute commands (CertControl1): ***Veeam*** Command 'GENERATE'... ***Veeam*** Enumerating certificates... ***Veeam*** Certificate 'Certificate1'. ***Veeam*** Generating certificate... ***Veeam*** Command line: '"C:\Users\SUPERU~1\AppData\Local\Temp\openssl\openssl.exe" req -new -x509 -newkey rsa:2048 -days 3650 -sha256 -out "C:\Users\SUPERU~1\AppData\Local\Temp\openssl\ca.crt" -keyout "C:\Users\SUPERU~1\AppData\Local\Temp\openssl\ca.key" -config "C:\Users\SUPERU~1\AppData\Local\Temp\openssl\opensslcfg.cnf" -subj "/CN=Matrix-Veeam.matrixpost-lab.net" -extensions v3_req'. ***Veeam*** An error occurred while trying to run command: "C:\Users\SUPERU~1\AppData\Local\Temp\openssl\openssl.exe" req -new -x509 -newkey rsa:2048 -days 3650 -sha256 -out "C:\Users\SUPERU~1\AppData\Local\Temp\openssl\ca.crt" -keyout "C:\Users\SUPERU~1\AppData\Local\Temp\openssl\ca.key" -config "C:\Users\SUPERU~1\AppData\Local\Temp\openssl\opensslcfg.cnf" -subj "/CN=Matrix-Veeam.matrixpost-lab.net" -extensions v3_req Reason:Unknown error has been returned. ***Veeam*** Command line: '"C:\Users\SUPERU~1\AppData\Local\Temp\openssl\openssl.exe" pkcs12 -export -inkey "C:\Users\SUPERU~1\AppData\Local\Temp\openssl\ca.key" -in "C:\Users\SUPERU~1\AppData\Local\Temp\openssl\ca.crt" -out "C:\Users\SUPERU~1\AppData\Local\Temp\openssl\client.pfx" -name "Veeam Backup Server Certificate" -password pass:*****'. ***Veeam*** An error occurred while trying to run command: "C:\Users\SUPERU~1\AppData\Local\Temp\openssl\openssl.exe" pkcs12 -export -inkey "C:\Users\SUPERU~1\AppData\Local\Temp\openssl\ca.key" -in "C:\Users\SUPERU~1\AppData\Local\Temp\openssl\ca.crt" -out "C:\Users\SUPERU~1\AppData\Local\Temp\openssl\client.pfx" -name "Veeam Backup Server Certificate" -password pass:e222dab7-d552-478b-8e41-e41d0fea525a Reason:Unknown error has been returned. ***Veeam*** Importing certificate... ***Veeam*** Reading pfx-file... ***Veeam*** Error open file 'C:\Users\SUPERU~1\AppData\Local\Temp\openssl\client.pfx'. ***Veeam*** VmWinError has been occurred. Error: 110. Error occurred during certificate processing.
So as already mentioned finally something went wrong when the installer process wanted to create the Veeam Backup Server Certificate (client.pfx).
Below you can see that none of the above openssl commands was executed successfully and neither the key file nor the crt file was created in the %USERPROFILE%\AppData\Local\Temp\openssl\ folder.
Solution (Workaround)
The workaround is pretty simple and in this case we just need to install OpenSSL for Windows on the server where we want to install Veeam Backup and Replication and then creating the certificate by hand.
Download OpenSSL for Windows
https://slproweb.com/products/Win32OpenSSL.html
After installing OpenSSL for Windows on the server we just need to execute the commands we found in the log file. Adjust the path to the output folder openssl.
So in my case the first command is : (Include the OpenSSL installation path in your environment variables or navigate to the \bin folder of your OpenSSL installation to execute the openssl.exe tool.
The following command will create the certificate.
openssl.exe req -new -x509 -newkey rsa:2048 -days 3650 -sha256 -out "C:\Users\Administrator\AppData\Local\Temp\openssl\ca.crt" -keyout "C:\Users\Administrator\AppData\Local\Temp\openssl\ca.key" -config "C:\Users\Administrator\AppData\Local\Temp\openssl\opensslcfg.cnf" -subj "/CN=WIN-18N01STBASM" -extensions v3_req
The next command we need to execute is to export the certificate in PFX format to include the public and private key in one file plus the password for the private key file. This file will allow finally to import the certificate including the private key into the certificate store of Windows.
openssl.exe pkcs12 -export -inkey "C:\Users\Administrator\AppData\Local\Temp\openssl\ca.key" -in "C:\Users\Administrator\AppData\Local\Temp\openssl\ca.crt" -out "C:\Users\Administrator\AppData\Local\Temp\openssl\client.pfx" -name "Veeam Backup Server Certificate" -password pass:1f73004c-a29b-4ac7-b0a2-b6df11614149
The last step of our workaround is to import this certificate into the certificate store of Windows and here into the computer account’s personal certificate store as shown below. So first open the MMC console.
Add the certificates snap-in.
Navigate to the personal folder and import the previously created pfx certificate file.
Browse to the client.pfx file an open it.
Enter the password for the private key we used during the creation of this *.pfx file.
Import the certificate. Afterwards the installation runs smoothly.
Links
Backup Server Certificate
https://helpcenter.veeam.com/docs/backup/vsphere/backup_server_certificate.html?ver=120