5 ssl certificates – Acronis Backup for Windows Server Essentials - User Guide User Manual
Page 348
348
Copyright © Acronis International GmbH, 2002-2014
Linux
Specify the port in the /etc/Acronis/Policies/Agent.config file. Restart the acronis_agent daemon.
Configuring the port in a bootable environment
While creating Acronis bootable media, you have the option to pre-configure the network port that
will be used by the Acronis Backup Bootable Agent. The choice is available between:
The default port (9876)
The currently used port
New port (enter the port number)
If a port has not been pre-configured, the agent uses the default port number.
15.1.3.5 SSL certificates
Acronis Backup components use Secure Sockets Layer (SSL) certificates for secure authentication.
SSL certificates for the components can be one of the two types:
Self-signed certificates, such as certificates automatically generated during the installation of an
Acronis component.
Non-self-signed certificates, such as certificates issued by a third-party Certificate Authority
(CA)—for example, by a public CA such as VeriSign
®
or Thawte™—or by your organization's CA.
Certificate path
All Acronis components installed on a machine, when acting as a server application, use an SSL
certificate called the server certificate.
In Windows, the certificate path and the server certificate's file name are specified in the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Acronis\Encryption\Server. The default path is:
For 32-bit versions of Windows: %CommonProgramFiles%\Acronis\Agent
For 64-bit versions of Windows: %CommonProgramFiles(x86)%\AcronisAgent
For self-signed certificates, the certificate thumbprint (also known as fingerprint or hash) is used for
future host identification: if a client has previously connected to a server by using a self-signed
certificate and tries to establish connection again, the server checks whether the certificate's
thumbprint is the same as the one used before.
Self-signed certificates
On machines running Windows, if the certificate location contains no server certificate, a self-signed
server certificate is automatically generated and installed during the installation of any Acronis
component except Acronis Backup Management Console.
If the machine is renamed after its self-signed certificate was generated, the certificate cannot be
used and you will need to generate a new one.
To generate a new self-signed certificate
1. Log on as a member of the Administrators group.
2. In the Start menu, click Run, and then type: cmd
3. Run the following command (note quotation marks):
When using a 32-bit version of Windows: