59166: Acronis Backup Advanced 11.7: using own SSL certificate

Translate to:

Applies to:

SSL certificate is used to secure communication between Acronis Management Server and agents. This article describes how to replace the default Acronis certificate with your own one. You need Openssl to perform these steps.

Signed certificate

Do the following, if you are going to use a certificate signed by a Certificate Authority:

  1. Close Acronis Management Console.
  2. Download openssl_mms, unpack it, and copy it to the openssl\bin folder.
  3. Create the private key by issuing:
    openssl genrsa -out rsa.key 4096
  4. Create a certificate signing request by issuing:
    openssl req -new -key rsa.key -out rsa_mms.csr -config openssl_mms.cfg

    To check the CSR, use this command:
    openssl req -in rsa_mms.csr -text -config openssl_mms.cfg | more
    Pay attention to the Netscape Comment value. For rsa_mms.csr it should be 35:

  5. Provide the resulting rsa_mms.csr to the certificate authority.
  6. Check whether the received certificate is in PEM or in DER format. If you open a PEM certificate in an editor, you will see a base64-encoded block of data between the BEGIN CERTIFICATE and END CERTIFICATE lines. In this case, rename the certificate to MMS.pem and proceed to the next step.
    Otherwise, you have a DER certificate which needs to be converted to PEM. Convert the signed certificate to a .pem-file:
    openssl x509 -inform der -in certificate.crt -out MMS.pem
  7. Make sure that the certificate contains the private key, you can check it by opening the certificate in an editor.
  8. Replace the certificate (MMS.pem) on the machine where Acronis Management Server is installed. Certificate is located in:
    • 32bit Windows: C:\Program Files\Common Files\Acronis\Certificates\ClientCertificates\AMS\
    • 64bit Windows: C:\Program Files (x86)\Common Files\Acronis\Certificates\ClientCertificates\AMS\
  9. Restart Acronis Management Server.
  10. Open Acronis Management Console.
  11. Re-add machines.

Self-signed certificate

Do the following, if you are going to use a self-signed certificate:

  1. Close Acronis Management Console.
  2. Download openssl_mms_self-signed, unpack it, and copy it to the openssl\bin folder.
  3. Create the certificate by issuing:
    openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout privateKey.key -out MMS.pem -config openssl_mms.cfg
  4. Open the privatekey.key and MMS.pem in an editor and copy the contents of the private key to the certificate.
  5. Replace the certificate (MMS.pem) on the machine where Acronis Management Server is installed. Certificate is located in:
    • 32bit Windows: C:\Program Files\Common Files\Acronis\Certificates\ClientCertificates\AMS\
    • 64bit Windows: C:\Program Files (x86)\Common Files\Acronis\Certificates\ClientCertificates\AMS\
  6. Restart Acronis Management Server.
  7. Open Acronis Management Console.
  8. Re-add machines.

More information

To create a CSR for Acronis Storage Node certificate, download openssl_asn, unpack it, and issue this command in step 3:
openssl req -new -key rsa.key -out rsa_asn.csr -config openssl_asn.cfg

To create a self-signed certificate for Acronis Storage Node, download openssl_asn_self-signed, unpack it and issue this command in step 2:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out ASN.crt -config openssl_asn.cfg

You are reporting a typo in the following text:
Simply click the "Send typo report" button to complete the report. You can also include a comment.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
4 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.