Related Links

    Add Root & Intermediate Certificates to Backup Exec

    1. In your browser (Chrome/Edge/Firefox), go to https://<endpoint_url>
    2. View the certificate chain:
      • Click the padlock icon in the address bar.
      • Select Connection is secure → Certificate (Valid).
      • A window will open showing the certificate path (Server Cert → Root → Intermedidate).
      • Export the root certificate in Base-64 encoded X.509 (.CER) format.
      • Export the intermediate certificate in Base-64 encoded X.509 (.CER) format.
    3. Open the exported file in Notepad or any text editor.
      • Copy the certificate text (everything from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----).
    4. Locate cacert.pem.
      • This is usually found in the BackupExec installation path.
        Example: C:\Program Files\Veritas\Backup Exec\vxmon\cacert.pem
    5. Append the Certificate
      Open cacert.pem in Notepad (run as Administrator if needed). Scroll to the very end of the file. Paste both copied certificate blocks.
    6. Save the file
      Save and close the file. Restart any BackupExec services if necessary.

      7. Note: BackupExec should now trust the full certificate chain and connect to the secure bucket without SSL/TLS validation errors.