This certificate functions as the client certificate used to authenticate and securely connect to the ESKM system. It is essential for establishing mutual TLS communication, where both the client and server verify each other’s identities. The client certificate must be uploaded and registered in Veeam Backup & Replication to enable secure access and enforce identity-based access control.
The following steps outline the process for generating client certificate:
-
Go to the Security tab.
-
Go to the Security tab and in the Certificates & CA, click Certificates.
-
Scroll down to the Create Certificate section.
-
Enter a Certificate Name and Common Name (for example KMIPClient2).
-
Enter your Organizational information.
-
Enter or Type the Subject Alternative Name, Algorithm.
-
Choose the Creation Type as Certificate Signed by Local CA (Select the CA name you created in Setting up local CA, for example, ESKMCAVBR).
-
Select the Certificate Purpose as Client.
-
Click Create.
Client Certificate Creation
-
Open the created client certificate and export it by providing a password.
Exporting Client Certificate
-
The certificate will be downloaded in p12 format.
-
Click the Download button to save the certificate content for local user creation.